Commit "net/mlx5e: Don't offload internal port if filter device is out device" breaks OpenStack/OVN distributed gateway use case

Bug #2085018 reported by Frode Nordahl
32
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Noble
In Progress
Medium
Jacob Martin
Oracular
In Progress
Medium
Jacob Martin
linux-hwe-6.11 (Ubuntu)
Invalid
Undecided
Unassigned
Noble
Fix Committed
Medium
Unassigned
linux-hwe-6.8 (Ubuntu)
Invalid
Undecided
Unassigned
Jammy
Fix Committed
High
Jacob Martin
Noble
Invalid
Undecided
Unassigned

Bug Description

Consider a topology with two chassis, A and B:
* A acts as a distributed gateway connected to provider network on tagged VLAN and has GENEVE tunnel configured towards chassis B.
* B hosts the target instance.
* From a third machine connected to the provider network we can observe:
  * Only first ICMP ECHO reply from target instance is forwarded.
  * Attempt to establish TCP connection fails.

If we revert commit [0] the symptoms disappear.

The issue is also present in the most recent mainline version available, so there does not appear to exist a fix for the issue.

0: 06b4eac9c4be ("net/mlx5e: Don't offload internal port if filter device is out device")

Revision history for this message
Frode Nordahl (fnordahl) wrote :
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Frode Nordahl (fnordahl)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

I reached out on Linux netdev as well: https://lore.kernel<email address hidden>/T/#u

no longer affects: linux (Ubuntu Jammy)
no longer affects: linux-hwe-6.8 (Ubuntu Noble)
Changed in linux (Ubuntu Noble):
status: New → Confirmed
Changed in linux-hwe-6.8 (Ubuntu Jammy):
status: New → Confirmed
Changed in linux-hwe-6.8 (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Noble):
status: Confirmed → In Progress
Changed in linux-hwe-6.8 (Ubuntu Jammy):
status: Confirmed → In Progress
Changed in linux (Ubuntu Noble):
assignee: nobody → Jacob Martin (jacobmartin)
Changed in linux-hwe-6.8 (Ubuntu Jammy):
assignee: nobody → Jacob Martin (jacobmartin)
no longer affects: linux-hwe-6.8 (Ubuntu Oracular)
Changed in linux (Ubuntu Oracular):
status: New → In Progress
assignee: nobody → Jacob Martin (jacobmartin)
Revision history for this message
Jacob Martin (jacobmartin) wrote (last edit ):

I submitted the fix patch to the kernel-team mailing list: https://lists.ubuntu.com/archives/kernel-team/2024-December/155739.html.

Stefan Bader (smb)
no longer affects: linux (Ubuntu Noble)
Changed in linux (Ubuntu Noble):
assignee: nobody → Jacob Martin (jacobmartin)
status: New → In Progress
importance: Undecided → Medium
Changed in linux (Ubuntu Oracular):
importance: Undecided → Medium
Changed in linux-hwe-6.11 (Ubuntu):
status: New → Invalid
Changed in linux-hwe-6.11 (Ubuntu Noble):
importance: Undecided → Medium
status: New → Triaged
Changed in linux-hwe-6.8 (Ubuntu Jammy):
importance: Undecided → High
Changed in linux-hwe-6.8 (Ubuntu Noble):
status: New → Invalid
Revision history for this message
Stefan Bader (smb) wrote :

I modified the tasks to reflect how we decided to approach this. Since the change right now is not upstream we take it as SAUCE into hwe-6.11 and hwe-6.8 (the latter being the primary target) for the security cycle which currently is being prepared. The hope is that by the time we start the next SRU cycle this has landed upstream and we can pick directly from that into the oracular and noble targets. And the hwe kernels then replace their individual changes by the upstream one on rebase.

Stefan Bader (smb)
Changed in linux-hwe-6.11 (Ubuntu Noble):
status: Triaged → Fix Committed
Changed in linux-hwe-6.8 (Ubuntu Jammy):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-hwe-6.8/6.8.0-51.52~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-done-jammy-linux-hwe-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-failed-jammy-linux-hwe-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-hwe-6.8-v2 verification-needed-jammy-linux-hwe-6.8
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-hwe-6.11/6.11.0-13.14~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-hwe-6.11' to 'verification-done-noble-linux-hwe-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-hwe-6.11' to 'verification-failed-noble-linux-hwe-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-noble-linux-hwe-6.11-v2 verification-needed-noble-linux-hwe-6.11
Revision history for this message
gerald.yang (gerald-yang-tw) wrote :

It looks the above mentioned kernels linux-hwe-6.8/6.8.0-51.52~22.04.1 and linux-hwe-6.11/6.11.0-13.14~24.04.1 are still not in -proposed yet

Jammy:

ubuntu@jammy-c:~$ sudo apt update
Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:5 http://archive.ubuntu.com/ubuntu jammy-proposed InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
44 packages can be upgraded. Run 'apt list --upgradable' to see them.
ubuntu@jammy-c:~$ apt policy linux-image-6.8.0-50-generic
linux-image-6.8.0-50-generic:
  Installed: (none)
  Candidate: 6.8.0-50.51~22.04.1
  Version table:
     6.8.0-50.51~22.04.1 500
        500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
ubuntu@jammy-c:~$ apt policy linux-image-6.8.0-51-generic
N: Unable to locate package linux-image-6.8.0-51-generic
N: Couldn't find any package by glob 'linux-image-6.8.0-51-generic'

Noble:
ubuntu@noble-c:~$ sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu noble-proposed InRelease
Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease
Hit:3 http://archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:5 http://archive.ubuntu.com/ubuntu noble-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
20 packages can be upgraded. Run 'apt list --upgradable' to see them.
ubuntu@noble-c:~$ apt policy linux-image-6.11.0-12-generic
linux-image-6.11.0-12-generic:
  Installed: (none)
  Candidate: 6.11.0-12.13~24.04.1
  Version table:
     6.11.0-12.13~24.04.1 100
        100 http://archive.ubuntu.com/ubuntu noble-proposed/main amd64 Packages
ubuntu@noble-c:~$ apt policy linux-image-6.11.0-13-generic
N: Unable to locate package linux-image-6.11.0-13-generic
N: Couldn't find any package by glob 'linux-image-6.11.0-13-generic'

Revision history for this message
Juerg Haefliger (juergh) wrote :

They're part of a security cycle so they landed in the proposed#2 PPA:
https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/proposed2

Revision history for this message
Nishant Dash (dash3) wrote :

I tested kernel linux-hwe-6.8/6.8.0-51.52~22.04.1 and it does indeed work

Nishant Dash (dash3)
tags: added: verification-done-jammy-linux-hwe-6.8
removed: verification-needed-jammy-linux-hwe-6.8
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.