| 2017-06-22 01:59:47 |
Daniel Axtens |
description |
SRU Justification
[Impact]
Some XDP examples such as https://github.com/netoptimizer/prototype-kernel fail on ppc64el at the eBPF verification stage.
[Fix]
This is because CONFIG_HAS_EFFICIENT_UNALIGNED_ACCESS is not set on ppc64el. It is not set because the kernel is being compiled for CPU_POWER7 instead of CPU_POWER8, and we don't have efficient unaligned access on POWER7.
Swap to building for POWER8.
As a bonus, this should make everything a little bit faster.
[Regression Potential]
- IBM never released any officially supported Power7 LE systems - LE was only ever supported on Power8. Therefore this should not break any systems.
- Regression potential is also limited to one arch.
- Artful-next already has this fix and nothing bad has happened there.
[Test]
On a P8 VM with a virtio network card and 2 vcpus:
- get the prototype-kernel repo
- go to the kernel/samples/bpf directory-
- make
- sudo mount -t bpf bpf /sys/fs/bpf/
- sudo ./xdp_ddos01_blacklist --dev enp0s1
Observe that without this patch, we get a long debug splat ending with:
32: (61) r1 = *(u32 *)(r8 +12)
misaligned packet access off 0+18+12 size 4
load_bpf_file: Permission denied
With this patch we don't get that error and the program is successfully verifies and loads. (It still doesn't run - there is other breakage I'm chasing down - but it definitely gets further.) |
SRU Justification
[Impact]
Some XDP examples such as https://github.com/netoptimizer/prototype-kernel fail on ppc64el at the eBPF verification stage.
[Fix]
This is because CONFIG_HAS_EFFICIENT_UNALIGNED_ACCESS is not set on ppc64el. It is not set because the kernel is being compiled for CPU_POWER7 instead of CPU_POWER8, and we don't have efficient unaligned access on POWER7.
Swap to building for POWER8.
As a bonus, this should make everything a little bit faster.
[Regression Potential]
- IBM never released any officially supported Power7 LE systems - LE was only ever supported on Power8. Therefore this should not break any systems.
- Regression potential is also limited to one arch.
- Artful-next already has this fix and nothing bad has happened there.
[Test]
Create a P8 VM with a virtio network card and 2 vcpus.
The VM needs to have some network features turned off, and enough queues. The following virsh snippet in the <interface> section should suffice:
<driver name='vhost' queues='4'>
<host tso4='off' tso6='off' ecn='off' ufo='off'/>
<guest tso4='off' tso6='off' ecn='off' ufo='off'/>
</driver>
Then:
- apt install clang llvm
- get the prototype-kernel repo
- go to the kernel/samples/bpf directory
- make
- sudo mount -t bpf bpf /sys/fs/bpf/
- sudo ./xdp_ddos01_blacklist --dev enp0s1
Observe that without this patch, we get a long debug splat ending with:
32: (61) r1 = *(u32 *)(r8 +12)
misaligned packet access off 0+18+12 size 4
load_bpf_file: Permission denied
With this patch we don't get that error and the program is successfully verifies and loads. (It still doesn't run - there is other breakage I'm chasing down - but it definitely gets further.) |
|
