diff mbox series

[net] Bonding: update bond device XFRM features based on current active slave

Message ID 20240918083533.21093-1-liuhangbin@gmail.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series [net] Bonding: update bond device XFRM features based on current active slave | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 21 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 13 this patch: 13
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-09-19--09-00 (tests: 764)

Commit Message

Hangbin Liu Sept. 18, 2024, 8:35 a.m. UTC
XFRM offload is supported in active-backup mode. However, if the current
active slave does not support it, we should disable it on bond device.
Otherwise, ESP traffic may fail due to the downlink not supporting the
feature.

Reproducer:
  # ip link add bond0 type bond
  # ip link add type veth
  # ip link set bond0 type bond mode 1 miimon 100
  # ip link set veth0 master bond0
  # ethtool -k veth0 | grep esp
  tx-esp-segmentation: off [fixed]
  esp-hw-offload: off [fixed]
  esp-tx-csum-hw-offload: off [fixed]
  # ethtool -k bond0 | grep esp
  tx-esp-segmentation: on
  esp-hw-offload: on
  esp-tx-csum-hw-offload: on

After fix:
  # ethtool -k bond0 | grep esp
  tx-esp-segmentation: off [requested on]
  esp-hw-offload: off [requested on]
  esp-tx-csum-hw-offload: off [requested on]

Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
 drivers/net/bonding/bond_main.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Nikolay Aleksandrov Sept. 18, 2024, 9:40 a.m. UTC | #1
On 18/09/2024 11:35, Hangbin Liu wrote:
> XFRM offload is supported in active-backup mode. However, if the current
> active slave does not support it, we should disable it on bond device.
> Otherwise, ESP traffic may fail due to the downlink not supporting the
> feature.
> 
> Reproducer:
>   # ip link add bond0 type bond
>   # ip link add type veth
>   # ip link set bond0 type bond mode 1 miimon 100
>   # ip link set veth0 master bond0
>   # ethtool -k veth0 | grep esp
>   tx-esp-segmentation: off [fixed]
>   esp-hw-offload: off [fixed]
>   esp-tx-csum-hw-offload: off [fixed]
>   # ethtool -k bond0 | grep esp
>   tx-esp-segmentation: on
>   esp-hw-offload: on
>   esp-tx-csum-hw-offload: on
> 
> After fix:
>   # ethtool -k bond0 | grep esp
>   tx-esp-segmentation: off [requested on]
>   esp-hw-offload: off [requested on]
>   esp-tx-csum-hw-offload: off [requested on]
> 
> Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> ---
>  drivers/net/bonding/bond_main.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index b560644ee1b1..33f7fde15c65 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
>  				call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
>  							 bond->dev);
>  			}
> +
> +#ifdef CONFIG_XFRM_OFFLOAD
> +			netdev_update_features(bond->dev);
> +#endif /* CONFIG_XFRM_OFFLOAD */
>  		}
>  	}
>  
> @@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
>  		features = netdev_increment_features(features,
>  						     slave->dev->features,
>  						     mask);
> +#ifdef CONFIG_XFRM_OFFLOAD
> +		if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
> +		    slave == rtnl_dereference(bond->curr_active_slave))
> +			features &= slave->dev->features & BOND_XFRM_FEATURES;
> +#endif /* CONFIG_XFRM_OFFLOAD */
>  	}
>  	features = netdev_add_tso_features(features, mask);
>  

Nice catch,
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Paolo Abeni Sept. 24, 2024, 1:17 p.m. UTC | #2
On 9/18/24 10:35, Hangbin Liu wrote:
> XFRM offload is supported in active-backup mode. However, if the current
> active slave does not support it, we should disable it on bond device.
> Otherwise, ESP traffic may fail due to the downlink not supporting the
> feature.

Why would the excessive features exposed by the bond device will be a 
problem? later dev_queue_xmit() on the lower device should take care of 
needed xfrm offload in validate_xmit_xfrm(), no?

Let segmentation happening as late as possible is usually a win.

Cheers,

Paolo
Hangbin Liu Sept. 25, 2024, 6:47 a.m. UTC | #3
On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote:
> 
> 
> On 9/18/24 10:35, Hangbin Liu wrote:
> > XFRM offload is supported in active-backup mode. However, if the current
> > active slave does not support it, we should disable it on bond device.
> > Otherwise, ESP traffic may fail due to the downlink not supporting the
> > feature.
> 
> Why would the excessive features exposed by the bond device will be a
> problem? later dev_queue_xmit() on the lower device should take care of
> needed xfrm offload in validate_xmit_xfrm(), no?

I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't
check again if the upper dev has validated.

        /* This skb was already validated on the upper/virtual dev */
        if ((x->xso.dev != dev) && (x->xso.real_dev == dev))
                return skb;

Hi Sabrina, Steffen, if the upper dev validate failed, what would happen?
Just drop the skb or go via software path?

> 
> Let segmentation happening as late as possible is usually a win.

Yes, indeed.

Thanks
Hangbin
Hangbin Liu Sept. 25, 2024, 1:21 p.m. UTC | #4
On Wed, Sep 25, 2024 at 06:47:27AM +0000, Hangbin Liu wrote:
> On Tue, Sep 24, 2024 at 03:17:25PM +0200, Paolo Abeni wrote:
> > 
> > 
> > On 9/18/24 10:35, Hangbin Liu wrote:
> > > XFRM offload is supported in active-backup mode. However, if the current
> > > active slave does not support it, we should disable it on bond device.
> > > Otherwise, ESP traffic may fail due to the downlink not supporting the
> > > feature.
> > 
> > Why would the excessive features exposed by the bond device will be a
> > problem? later dev_queue_xmit() on the lower device should take care of
> > needed xfrm offload in validate_xmit_xfrm(), no?
> 
> I'm not very sure. In validate_xmit_xfrm() it looks the lower dev won't
> check again if the upper dev has validated.
> 
>         /* This skb was already validated on the upper/virtual dev */
>         if ((x->xso.dev != dev) && (x->xso.real_dev == dev))
>                 return skb;
> 
> Hi Sabrina, Steffen, if the upper dev validate failed, what would happen?
> Just drop the skb or go via software path?

Hmm, I saw a similar commit 28581b9c2c94 ("bond: Disable TLS features
indication"). I will check the history and see if we can do like this.

Thanks
Hangbin
diff mbox series

Patch

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index b560644ee1b1..33f7fde15c65 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1353,6 +1353,10 @@  void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
 				call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
 							 bond->dev);
 			}
+
+#ifdef CONFIG_XFRM_OFFLOAD
+			netdev_update_features(bond->dev);
+#endif /* CONFIG_XFRM_OFFLOAD */
 		}
 	}
 
@@ -1524,6 +1528,11 @@  static netdev_features_t bond_fix_features(struct net_device *dev,
 		features = netdev_increment_features(features,
 						     slave->dev->features,
 						     mask);
+#ifdef CONFIG_XFRM_OFFLOAD
+		if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
+		    slave == rtnl_dereference(bond->curr_active_slave))
+			features &= slave->dev->features & BOND_XFRM_FEATURES;
+#endif /* CONFIG_XFRM_OFFLOAD */
 	}
 	features = netdev_add_tso_features(features, mask);