From patchwork Thu Feb 27 08:37:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hangbin Liu X-Patchwork-Id: 13993921 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F6F213A3F2; Thu, 27 Feb 2025 08:37:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645471; cv=none; b=B2TrwuN8FAmob4lEW2f96kffI4GuHVKDu72TZkhqYCrS3h4aD74PaDpW3BpqYjAlHg5VOJ7K2HnDoE6G8nNfgE1/id9foGz8unqpBEJS0/6GJp/34l0mCLQS9imVvCVYTkqEN5epvZyq8U6onVQqZS6q8/E1tSu+DuU3iIi144A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645471; c=relaxed/simple; bh=FUCN4zwqzwUHXMTsfI6Umx43gU4SrLSJl5E8NH+7Ryc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oJZPreaI68PmGX2tlDp7pKii+Aj4w/NiaO38b9wTMbnht017mLbng1YNI1LSmB6DOlyliQSQyoV9Hh5++3VCoexEY+avLSpCAQRQNvumM6gmWltngefl/LPFV4b3MroYj4rVJB0mnfWlrlM7nJLTsUbCU+bgA+jroQoAwV3Cbis= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=D5Lzl7aa; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="D5Lzl7aa" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-22355618fd9so4906375ad.3; Thu, 27 Feb 2025 00:37:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740645469; x=1741250269; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=POO98shsHT218eCsS+l46Fq7lGdF3geGqLU2HfqrWas=; b=D5Lzl7aa/N60H7wixIyqM+amSoI1yrv4S18qe8zzzLH7lZrN4C5XQa2CNg8b2be2No 6oTmUQQq2trb23H1uyjdXqBL4MY4DAvqe8fkNfMUBuA2JMSaJbtGGFwVcSOyq5wbhFJ6 bQcqbAO1ikyTnIwkE4BO70os2CwqEtUnP9zDjlzzocaQTMDUJZ4cC0P1yVvyLLHapTIO 0vrJc44GW7Di18Esuom4rzG/fIG2mRz1HXk8x6u1k09QsNqR5P2MC3Y9bpptKdJ+REJZ 9MkXjyoqKfODZ3Yhj2EWKVG/t2VYXOP2zGl9MFJBMNa86vvQD6alfJDCPuJcSebw8ogS RhKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740645469; x=1741250269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=POO98shsHT218eCsS+l46Fq7lGdF3geGqLU2HfqrWas=; b=l4uT3QAYqh5tvdTXc40hz/nMPQwQCdZFeSQ1IJqi0QBQ6Ke3rRX0vBlPMmbiwMFzqY o0v8ip904QnfEK+dyZQeG0tXwvCAhF3Rq81ljeh4Xfkj1ajFixvnufGjryNVI78Ls03n 3Z+qUZ5izWx0oHZ8G8+WZ0RUiWiMZTY3qWVtdWn7eOhx5dYejMI7L0K8UfLtlxDDTGoE 7HO2SDXnp4ZAb+qlBeyKAMFQ0S2jykWBNUC/9yLYXoDW8qWosWtRJ8cXpPr7OBesfump jvJEpywEI22TubtITcEaJwcaid4z/XZABDcEyxCFZWnIXT9HSEUZKSf7VU4Jo1nNyH/N VPTQ== X-Forwarded-Encrypted: i=1; AJvYcCVUnzn23Jk8D4bMWeFIqhwCvpbCJ3NjhfAAMSm5ceKEARBNa8hiUO1H3E8HftmlYR7JbulVDmzqMvD22hgTGlep@vger.kernel.org, AJvYcCXD/oxZmXZ6aTz3hTB4Dgyke8LQTvnQEfFN93kn3iYPIn2yvs2r/J6n8edVkkjxeUlUw2Omhtn38WLPinQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yyu7BhD91aw5CUR1Wdhi5ZZhpWj6vm/7kphClbvpXJ2iSdTFfqz d9BRGD7fJ3TVA3rJx01valPZCy7sAHBSgVmWHdpJFmtmIhsfhqKtr4RFbYbZG4pqgA== X-Gm-Gg: ASbGnct5YTr0BBFSEL1WOVYcwOs9WamYYqHJOOMSuCymr4fl70nuCvhR50xsn2QpE8u Zn02zSFcnM47AI96AyxVh/O91AGYrJ/bPtp/FXXAvmvVkxiVwPEmVySrZErXyfRhbC9IGrLac7w GPrk0fD4A1AU1OXc7dOvB9HuqIT/eQ185AiZwiPRzi6YxE5h1IezkY33QZOESOOaei8wHkzcxjn z4fb/niZCwTnLJ3ghhjMm+h9ovZZOwYW42np2X6Tb457q1B8HwIWbN4eseQybm/Bh4T1cBbYBh/ XcEgH093QnVvHQyv/g2ZgoThKJxJyD1lAHEXwZl7wgEcxw== X-Google-Smtp-Source: AGHT+IH15zUOpSP8FoKXQI43JIbwCv3lersqJIZqvYpNy9A/WdQwA3PB84QIYu1E5PJAnycHX1KUww== X-Received: by 2002:a05:6a00:84a:b0:725:e4b9:a600 with SMTP id d2e1a72fcca58-73426d78ecemr39393097b3a.16.1740645468967; Thu, 27 Feb 2025 00:37:48 -0800 (PST) Received: from fedora.dns.podman ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-734a003ec7esm966796b3a.153.2025.02.27.00.37.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2025 00:37:48 -0800 (PST) From: Hangbin Liu To: netdev@vger.kernel.org Cc: Jay Vosburgh , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Nikolay Aleksandrov , Simon Horman , Shuah Khan , Tariq Toukan , Jianbo Liu , Jarod Wilson , Steffen Klassert , Cosmin Ratiu , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Hangbin Liu Subject: [PATCHv3 net 1/3] bonding: move IPsec deletion to bond_ipsec_free_sa Date: Thu, 27 Feb 2025 08:37:15 +0000 Message-ID: <20250227083717.4307-2-liuhangbin@gmail.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20250227083717.4307-1-liuhangbin@gmail.com> References: <20250227083717.4307-1-liuhangbin@gmail.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The fixed commit placed mutex_lock() inside spin_lock_bh(), which triggers a warning: BUG: sleeping function called from invalid context at... Fix this by moving the IPsec deletion operation to bond_ipsec_free_sa, which is not held by spin_lock_bh(). Additionally, delete the IPsec list in bond_ipsec_del_sa_all() when the XFRM state is DEAD to prevent xdo_dev_state_free() from being triggered again in bond_ipsec_free_sa(). For bond_ipsec_free_sa(), there are now three conditions: 1. if (!slave): When no active device exists. 2. if (!xs->xso.real_dev): When xdo_dev_state_add() fails. 3. if (xs->xso.real_dev != real_dev): When an xs has already been freed by bond_ipsec_del_sa_all() due to migration, and the active slave has changed to a new device. At the same time, the xs is marked as DEAD due to the XFRM entry is removed, triggering xfrm_state_gc_task() and bond_ipsec_free_sa(). In all three cases, xdo_dev_state_free() should not be called, only xs should be removed from bond->ipsec list. Fixes: 2aeeef906d5a ("bonding: change ipsec_lock from spin lock to mutex") Reported-by: Jakub Kicinski Closes: https://lore.kernel.org/netdev/20241212062734.182a0164@kernel.org Suggested-by: Cosmin Ratiu Signed-off-by: Hangbin Liu --- drivers/net/bonding/bond_main.c | 34 ++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index e45bba240cbc..683bf1221caf 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -537,6 +537,10 @@ static void bond_ipsec_add_sa_all(struct bonding *bond) } list_for_each_entry(ipsec, &bond->ipsec_list, list) { + /* Skip dead xfrm states, they'll be freed later. */ + if (ipsec->xs->km.state == XFRM_STATE_DEAD) + continue; + /* If new state is added before ipsec_lock acquired */ if (ipsec->xs->xso.real_dev == real_dev) continue; @@ -560,7 +564,6 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) struct net_device *bond_dev = xs->xso.dev; struct net_device *real_dev; netdevice_tracker tracker; - struct bond_ipsec *ipsec; struct bonding *bond; struct slave *slave; @@ -592,15 +595,6 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) real_dev->xfrmdev_ops->xdo_dev_state_delete(xs); out: netdev_put(real_dev, &tracker); - mutex_lock(&bond->ipsec_lock); - list_for_each_entry(ipsec, &bond->ipsec_list, list) { - if (ipsec->xs == xs) { - list_del(&ipsec->list); - kfree(ipsec); - break; - } - } - mutex_unlock(&bond->ipsec_lock); } static void bond_ipsec_del_sa_all(struct bonding *bond) @@ -617,6 +611,12 @@ static void bond_ipsec_del_sa_all(struct bonding *bond) mutex_lock(&bond->ipsec_lock); list_for_each_entry(ipsec, &bond->ipsec_list, list) { + if (ipsec->xs->km.state == XFRM_STATE_DEAD) { + list_del(&ipsec->list); + kfree(ipsec); + continue; + } + if (!ipsec->xs->xso.real_dev) continue; @@ -640,6 +640,7 @@ static void bond_ipsec_free_sa(struct xfrm_state *xs) struct net_device *bond_dev = xs->xso.dev; struct net_device *real_dev; netdevice_tracker tracker; + struct bond_ipsec *ipsec; struct bonding *bond; struct slave *slave; @@ -659,13 +660,24 @@ static void bond_ipsec_free_sa(struct xfrm_state *xs) if (!xs->xso.real_dev) goto out; - WARN_ON(xs->xso.real_dev != real_dev); + if (xs->xso.real_dev != real_dev) + goto out; if (real_dev && real_dev->xfrmdev_ops && real_dev->xfrmdev_ops->xdo_dev_state_free) real_dev->xfrmdev_ops->xdo_dev_state_free(xs); out: netdev_put(real_dev, &tracker); + + mutex_lock(&bond->ipsec_lock); + list_for_each_entry(ipsec, &bond->ipsec_list, list) { + if (ipsec->xs == xs) { + list_del(&ipsec->list); + kfree(ipsec); + break; + } + } + mutex_unlock(&bond->ipsec_lock); } /** From patchwork Thu Feb 27 08:37:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hangbin Liu X-Patchwork-Id: 13993922 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4B90227E93; Thu, 27 Feb 2025 08:37:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645478; cv=none; b=Q/q4HeQif9VIop6TVIy8pn1ms5/AbpeAzNVyUbLihXv7hAnszdsaru1wZ+z7wRc63iQitL4nengW+fr6tH71vPbGe9IuDwdXrOTEaCyxmqxseojxZ2+RahrL0jplbF3rn2Hz4+KEDkoaRF/hD//cYenLjD0ZWfsfKlaQfbEPHpg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645478; c=relaxed/simple; bh=T8X6+cqBtkuVAKk3pMtV/Lw9jdJyonPED+PmS4Rf4Uk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LouqayzwwGVZIXnLuu+LOb65mp9afLf69oakLM4NLXywCYs5+UVnmfsghY2qPlhwHnpQgkqHNOQwfM/RsvrDGH0t84zJBQ+YGPkeCXdrp+9/cgXk/E31M0AJ4WODMtd7vnBYuP9+fgWn0GHxTc3Qso8sIWI0ZXPc1gapk51WsAA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j6vCLNf8; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j6vCLNf8" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-22128b7d587so11540815ad.3; Thu, 27 Feb 2025 00:37:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740645476; x=1741250276; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GXNNlRe00B5Yrlgkz+ksjLu5J1m0nU9Z2RqZlLitG9s=; b=j6vCLNf8RAI14rMBhSmfZOdwTYA0Yi4TuYc1hNSGIilmkK7bXHmqaJ6riIELBlP2c0 DBC/NBaiZ8jOssW2b0l91NombdgASMjm0sKZJyWu4uUrSnBXfmVSoo126Pm9bF/B+WRz DOE6cvDOsWOG8t3CptO4+WSTDjKid4T8BIaeriZk5G9ElXn/kyFwP0z50RzRczcJ0aNb 5Rt0Xo6k53mvPYgwWLQUwU2IUrIzIWatcMrLy8bxrGQmZqrzPU1EqaasGWK8loF8JUxC 5BPZuEaabXuNSNK0xHHYyVdKviTi/GhEHfzpJe/mV0nz+ljg85WXTxzBFpMrybQJc6wV upmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740645476; x=1741250276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GXNNlRe00B5Yrlgkz+ksjLu5J1m0nU9Z2RqZlLitG9s=; b=Ox2RE15RK94HikDOK1/Wrn8vIXrB3/R4ymCey59AA8KHQ/yClfgD8o9YJz6SUrVLvk cjLJO+9MOuNbvXV1y+i8mqmeEySd/C3JKu1wb7B5/KuU69HIp2OyWbvYYUO485PZYDaI 29hgxaox8Nh08yrP4XrDZKepHfAR5iw/Vye4fBG7hxUCYDqd4KLi4oE5TzmLniKwFDye TCxgIK51u5JlYu1zlLY3aBnsPRRw/EHweaxImsbVsXUvbfJYybdxvsCExHSOg+gYv8ef jDJc5NIOvMA/qNwk+6K784dXb11MEQ/sJkiXCiSTKws7x0xFXfraaIGzraNDBwJ8f9bl 7dmg== X-Forwarded-Encrypted: i=1; AJvYcCUAkaj58DIMvYPRd4z9kD+TIbrufCuVC/nByB4UlSijR7jY5rc9W6aYdgz6t3Ea18aUo4T0EdKWOuYk7wk=@vger.kernel.org, AJvYcCV61pGbjsF2zePAsgRUfnU7avER0OmNkIy/0406Z8Arnl2DoXJbcTrmcZ7JwGae4n+OjHlyESKWTdnPuTCQUqHZ@vger.kernel.org X-Gm-Message-State: AOJu0YwUCyWxARgEmDIxP2D8jpC4l4BSV2wcy//mSOg3uxQvL5LUx+Y2 ll9DvV8RMZOx2G5xIHvP8p9erDdd4CFbGK3PS8mWdBsii6JDhp/EMpQ70I46EGfd9Q== X-Gm-Gg: ASbGncsNnvh/EuEp5itkak8Ahseh3sIaZjkNyGdM+fExrEs8nHePgEtiIpVTsukEfS9 W4bs+Pc0DS5lvJWhzKgh2Bl/b+E9Rv5BMkK6b5yTGM6w2EgV1gBYeLmZTpaPrqdDK7M51J7s+Al vo6P2NzonGAO1yAfEAKnNMGJy/VRHUtTZrozPV8eBgjrZeYbzthjwGS4ZkC5uWlFp+9FmcP5K1d Rro3Cxpni+mW7a8LOz8jd/3VahXMnNeoYKgXY08K6i+k+67rdIM6RIGluzkcilba4zWen2OZLox GfCoHJ55EYYwdl6Cw4rep5pnjDC06qsAqQYqIsTzP3jbFA== X-Google-Smtp-Source: AGHT+IE9g1k1J1aSFbOxI42GtcRei7NddL0y/dP1DxtBvyOZVI9s4rWOGpcf81eLLdEvF2Tj+SajEg== X-Received: by 2002:a17:903:41ca:b0:21f:988d:5758 with SMTP id d9443c01a7336-223200ed5a1mr108803755ad.35.1740645475776; Thu, 27 Feb 2025 00:37:55 -0800 (PST) Received: from fedora.dns.podman ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-734a003ec7esm966796b3a.153.2025.02.27.00.37.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2025 00:37:55 -0800 (PST) From: Hangbin Liu To: netdev@vger.kernel.org Cc: Jay Vosburgh , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Nikolay Aleksandrov , Simon Horman , Shuah Khan , Tariq Toukan , Jianbo Liu , Jarod Wilson , Steffen Klassert , Cosmin Ratiu , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Hangbin Liu Subject: [PATCHv3 net 2/3] bonding: fix xfrm offload feature setup on active-backup mode Date: Thu, 27 Feb 2025 08:37:16 +0000 Message-ID: <20250227083717.4307-3-liuhangbin@gmail.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20250227083717.4307-1-liuhangbin@gmail.com> References: <20250227083717.4307-1-liuhangbin@gmail.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The active-backup bonding mode supports XFRM ESP offload. However, when a bond is added using command like `ip link add bond0 type bond mode 1 miimon 100`, the `ethtool -k` command shows that the XFRM ESP offload is disabled. This occurs because, in bond_newlink(), we change bond link first and register bond device later. So the XFRM feature update in bond_option_mode_set() is not called as the bond device is not yet registered, leading to the offload feature not being set successfully. To resolve this issue, we can modify the code order in bond_newlink() to ensure that the bond device is registered first before changing the bond link parameters. This change will allow the XFRM ESP offload feature to be correctly enabled. Fixes: 007ab5345545 ("bonding: fix feature flag setting at init time") Signed-off-by: Hangbin Liu --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/bonding/bond_netlink.c | 16 +++++++++------- include/net/bonding.h | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 683bf1221caf..65e4b5d599e6 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -4401,7 +4401,7 @@ void bond_work_init_all(struct bonding *bond) INIT_DELAYED_WORK(&bond->slave_arr_work, bond_slave_arr_handler); } -static void bond_work_cancel_all(struct bonding *bond) +void bond_work_cancel_all(struct bonding *bond) { cancel_delayed_work_sync(&bond->mii_work); cancel_delayed_work_sync(&bond->arp_work); diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c index 2a6a424806aa..ed16af6db557 100644 --- a/drivers/net/bonding/bond_netlink.c +++ b/drivers/net/bonding/bond_netlink.c @@ -568,18 +568,20 @@ static int bond_newlink(struct net *src_net, struct net_device *bond_dev, struct nlattr *tb[], struct nlattr *data[], struct netlink_ext_ack *extack) { + struct bonding *bond = netdev_priv(bond_dev); int err; - err = bond_changelink(bond_dev, tb, data, extack); - if (err < 0) + err = register_netdevice(bond_dev); + if (err) return err; - err = register_netdevice(bond_dev); - if (!err) { - struct bonding *bond = netdev_priv(bond_dev); + netif_carrier_off(bond_dev); + bond_work_init_all(bond); - netif_carrier_off(bond_dev); - bond_work_init_all(bond); + err = bond_changelink(bond_dev, tb, data, extack); + if (err) { + bond_work_cancel_all(bond); + unregister_netdevice(bond_dev); } return err; diff --git a/include/net/bonding.h b/include/net/bonding.h index 8bb5f016969f..e5e005cd2e17 100644 --- a/include/net/bonding.h +++ b/include/net/bonding.h @@ -707,6 +707,7 @@ struct bond_vlan_tag *bond_verify_device_path(struct net_device *start_dev, int bond_update_slave_arr(struct bonding *bond, struct slave *skipslave); void bond_slave_arr_work_rearm(struct bonding *bond, unsigned long delay); void bond_work_init_all(struct bonding *bond); +void bond_work_cancel_all(struct bonding *bond); #ifdef CONFIG_PROC_FS void bond_create_proc_entry(struct bonding *bond); From patchwork Thu Feb 27 08:37:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hangbin Liu X-Patchwork-Id: 13993923 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91F4222686B; Thu, 27 Feb 2025 08:38:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645484; cv=none; b=obs+GUyc70Nc1NWEudVxyNbOTcI5rBqYaTCHS/R9Ub/KLLXTMQ6LCEWY8ywSalpUkkr/2tybw8Fe4Yv4bOrJv6hoVCLaw0oFy00nVBq4dR9Un/KGsg6QIXDWdjK3vKcIMyBdVtJiwZ/y5JO+Z21fdnmWlBpPkNCOcGzc6LYgrfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740645484; c=relaxed/simple; bh=FzT/ECMeABHeNeF84rIs6l8GIuZokm7ac23EJgGF+xs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KkHIxChBjikIzDY1s+yv66PwvYKaQ/WK7W6/85RdqmXgqIyYHcyJc9h+kBBQdWKQQAumfZrc3BeOvPWgesfSAzSB5vkC4dpCtWoECMrlbbyzMo/fM+VMyp5NHx1ADcPcEUnDwzMLDKn4SGRPn8sM2E7ZqmdUf/hwprZnH4Rv3vM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=G2M8TUyu; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="G2M8TUyu" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-221057b6ac4so9651465ad.2; Thu, 27 Feb 2025 00:38:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740645481; x=1741250281; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=afOILgA/zHRb8Nw9ui16zGP2yzgeLzRcNXnyvIsurfI=; b=G2M8TUyuNbk3PJqGjNqaykfnQByFwuT477qP/84jioILor9XCOA+6nDxyCqcBocYyr i8jsTf/KERui8GVgwaGg1xMOSaeQKgYY2AbGprTdc5KO3ExnLW2reLJS3X39etU8Zejz mN4JgsE2GbqZOQas3ym/Ep9ay4p0hKXEZh94vp2UVZ0bleEJ5eZJB8557SfMsvwAYFve 0Tn2RC3FFO/SO5f5Y5Bf2X1xZraYRpUfGW1IKf5ewIL5SV4louML7J2+zkr7dlJvN4q9 nH7jwPlIwy1cvXdN+euCxHCWuLqmiJZA/oyu4+k/KrWjMepV6AXlZHHDSAQZLnNvfirb 5owg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740645481; x=1741250281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=afOILgA/zHRb8Nw9ui16zGP2yzgeLzRcNXnyvIsurfI=; b=B9wj2C2i0/STpTKJvoMcCODtNODwiFA3pKy+fqBNqE5fBwRQE6cTuhIfK94Re07Jlp qm3kBi40903RD86x0/qYB9w1sreamaGJZLyAwlqf7Y6ZNzcgu68KMDptOW8MpuDDNq2g aJTMeISeaexamC1n9N4WAYTPKrthN6LwJTJVBt+S3DpK5DfPClJSvcAFJ3AkLv/Ub5we QRKkEGrLlgaV4i/biypwavFElOjJGFpKEt8N/wy+ArbTYY89+qgDd5lZsD+wty7Cw2fl Tn4WA0F2amMNjCvCtoe9NJvCIaVzFkxFrGDztEkaoeCEUPxmcdtx09t3RXTod9wSgQ3d SWuA== X-Forwarded-Encrypted: i=1; AJvYcCVzcSab93NBUaGHI+bMgmxrOOvsXCGrcPMhKMaQkApivKGXrx3VaYj59WOg/MAbJAVrqgnaEuR06yEcxbaZ0Jcy@vger.kernel.org, AJvYcCWkDF+1dyBtUEUfpBJRHw6sgIutWPHMkceaUrjWEVTIgnAJv5zTwyhWi6CPn91hPTkNWoi7Dou8HJj8I0c=@vger.kernel.org X-Gm-Message-State: AOJu0YyyPsjT3EZk1kXolbTWQl621ZITO25zlY0JiwINDngKGrKD2iOu XB3rf+Ol9WqUeNG3Yz1O6n/VqitQvmqnYrKNdlgga1vNqiunZvOeC4EK3O0wQLHJsg== X-Gm-Gg: ASbGncu3JtR/JtuYz1J4YarHsXjiTAipjTrS44uZix/qioL/19+hT6QRDS29+W72mmj ab4JQ7HKBir5enhCINSo1dLlnUDFfZoFE7S7c++XAwmbxYQaGHZZrGHL1A+vfyceOpFBlxndWMP snOdrDmAM5mDRMMWW4oDkG6FYYroagJ4EJ7BAdvkmhacf4xhkextf+iFy8HaZJt4phHqsOkRGRa BtQ/gAVuQN6aRQSQyoTES3jf0G9nryhPvBfwEGokgZFIks3s2LNNQKFb5LziHCe7KyFqQuQp5RE pkJVZr0patC08IaGspLHDt9HnuXIfEMGOZgfIk0OdpS8DA== X-Google-Smtp-Source: AGHT+IHiJQm5gAuu/tcXr9gjobQJUohYDDCYEQIOHXiFQx8G4kRB5uinLdfdfdRoaXUFc7YbuSpWGA== X-Received: by 2002:a05:6a00:4615:b0:732:5651:e892 with SMTP id d2e1a72fcca58-73426ce7667mr38760848b3a.14.1740645481450; Thu, 27 Feb 2025 00:38:01 -0800 (PST) Received: from fedora.dns.podman ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-734a003ec7esm966796b3a.153.2025.02.27.00.37.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2025 00:38:00 -0800 (PST) From: Hangbin Liu To: netdev@vger.kernel.org Cc: Jay Vosburgh , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Nikolay Aleksandrov , Simon Horman , Shuah Khan , Tariq Toukan , Jianbo Liu , Jarod Wilson , Steffen Klassert , Cosmin Ratiu , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Hangbin Liu Subject: [PATCHv3 net 3/3] selftests: bonding: add ipsec offload test Date: Thu, 27 Feb 2025 08:37:17 +0000 Message-ID: <20250227083717.4307-4-liuhangbin@gmail.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20250227083717.4307-1-liuhangbin@gmail.com> References: <20250227083717.4307-1-liuhangbin@gmail.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This introduces a test for IPSec offload over bonding, utilizing netdevsim for the testing process, as veth interfaces do not support IPSec offload. The test will ensure that the IPSec offload functionality remains operational even after a failover event occurs in the bonding configuration. Signed-off-by: Hangbin Liu --- .../selftests/drivers/net/bonding/Makefile | 3 +- .../drivers/net/bonding/bond_ipsec_offload.sh | 155 ++++++++++++++++++ .../selftests/drivers/net/bonding/config | 4 + 3 files changed, 161 insertions(+), 1 deletion(-) create mode 100755 tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh diff --git a/tools/testing/selftests/drivers/net/bonding/Makefile b/tools/testing/selftests/drivers/net/bonding/Makefile index 2b10854e4b1e..d5a7de16d33a 100644 --- a/tools/testing/selftests/drivers/net/bonding/Makefile +++ b/tools/testing/selftests/drivers/net/bonding/Makefile @@ -10,7 +10,8 @@ TEST_PROGS := \ mode-2-recovery-updelay.sh \ bond_options.sh \ bond-eth-type-change.sh \ - bond_macvlan_ipvlan.sh + bond_macvlan_ipvlan.sh \ + bond_ipsec_offload.sh TEST_FILES := \ lag_lib.sh \ diff --git a/tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh b/tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh new file mode 100755 index 000000000000..169866b47a67 --- /dev/null +++ b/tools/testing/selftests/drivers/net/bonding/bond_ipsec_offload.sh @@ -0,0 +1,155 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +# IPsec over bonding offload test: +# +# +----------------+ +# | bond0 | +# | | | +# | eth0 eth1 | +# +---+-------+----+ +# +# We use netdevsim instead of physical interfaces +#------------------------------------------------------------------- +# Example commands +# ip x s add proto esp src 192.0.2.1 dst 192.0.2.2 \ +# spi 0x07 mode transport reqid 0x07 replay-window 32 \ +# aead 'rfc4106(gcm(aes))' 1234567890123456dcba 128 \ +# sel src 192.0.2.1/24 dst 192.0.2.2/24 +# offload dev bond0 dir out +# ip x p add dir out src 192.0.2.1/24 dst 192.0.2.2/24 \ +# tmpl proto esp src 192.0.2.1 dst 192.0.2.2 \ +# spi 0x07 mode transport reqid 0x07 +# +#------------------------------------------------------------------- + +lib_dir=$(dirname "$0") +source "$lib_dir"/../../../net/lib.sh +algo="aead rfc4106(gcm(aes)) 0x3132333435363738393031323334353664636261 128" +srcip=192.0.2.1 +dstip=192.0.2.2 +ipsec0=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec +ipsec1=/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec +ret=0 + +cleanup() +{ + modprobe -r netdevsim + cleanup_ns $ns +} + +active_slave_changed() +{ + local old_active_slave=$1 + local new_active_slave=$(ip -n ${ns} -d -j link show bond0 | \ + jq -r ".[].linkinfo.info_data.active_slave") + [ "$new_active_slave" != "$old_active_slave" -a "$new_active_slave" != "null" ] +} + +test_offload() +{ + # use ping to exercise the Tx path + ip netns exec $ns ping -I bond0 -c 3 -W 1 -i 0 $dstip >/dev/null + + active_slave=$(ip -n ${ns} -d -j link show bond0 | \ + jq -r ".[].linkinfo.info_data.active_slave") + + if [ $active_slave = $nic0 ]; then + sysfs=$ipsec0 + elif [ $active_slave = $nic1 ]; then + sysfs=$ipsec1 + else + echo "FAIL: bond_ipsec_offload invalid active_slave $active_slave" + ret=1 + fi + + # The tx/rx order in sysfs may changed after failover + if grep -q "SA count=2 tx=3" $sysfs && grep -q "tx ipaddr=$dstip" $sysfs; then + echo "PASS: bond_ipsec_offload has correct tx count with link ${active_slave}" + else + echo "FAIL: bond_ipsec_offload incorrect tx count with link ${active_slave}" + ret=1 + fi +} + +if ! mount | grep -q debugfs; then + mount -t debugfs none /sys/kernel/debug/ &> /dev/null +fi + +# setup netdevsim since dummy/veth dev doesn't have offload support +if [ ! -w /sys/bus/netdevsim/new_device ] ; then + modprobe -q netdevsim + if [ $? -ne 0 ]; then + echo "SKIP: can't load netdevsim for ipsec offload" + exit $ksft_skip + fi +fi + +trap cleanup EXIT + +setup_ns ns +ip -n $ns link add bond0 type bond mode active-backup miimon 100 +ip -n $ns addr add $srcip/24 dev bond0 +ip -n $ns link set bond0 up + +ifaces=$(ip netns exec $ns bash -c ' + sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ + echo "0 2" > /sys/bus/netdevsim/new_device + while [ ! -d $sysfsnet ] ; do :; done + udevadm settle + ls $sysfsnet +') +nic0=$(echo $ifaces | cut -f1 -d ' ') +nic1=$(echo $ifaces | cut -f2 -d ' ') +ip -n $ns link set $nic0 master bond0 +ip -n $ns link set $nic1 master bond0 + +# create offloaded SAs, both in and out +ip -n $ns x p add dir out src $srcip/24 dst $dstip/24 \ + tmpl proto esp src $srcip dst $dstip spi 9 \ + mode transport reqid 42 + +ip -n $ns x p add dir in src $dstip/24 dst $srcip/24 \ + tmpl proto esp src $dstip dst $srcip spi 9 \ + mode transport reqid 42 + +ip -n $ns x s add proto esp src $srcip dst $dstip spi 9 \ + mode transport reqid 42 $algo sel src $srcip/24 dst $dstip/24 \ + offload dev bond0 dir out + +ip -n $ns x s add proto esp src $dstip dst $srcip spi 9 \ + mode transport reqid 42 $algo sel src $dstip/24 dst $srcip/24 \ + offload dev bond0 dir in + +# does offload show up in ip output +lines=`ip -n $ns x s list | grep -c "crypto offload parameters: dev bond0 dir"` +if [ $lines -ne 2 ] ; then + echo "FAIL: bond_ipsec_offload SA offload missing from list output" + ret=1 +fi + +# we didn't create a peer, make sure we can Tx by adding a permanent neighbour +# this need to be added after enslave +ip -n $ns neigh add $dstip dev bond0 lladdr 00:11:22:33:44:55 + +# start Offload testing +test_offload + +# do failover +ip -n $ns link set $active_slave down +slowwait 5 active_slave_changed $active_slave +test_offload + +# make sure offload get removed from driver +ip -n $ns x s flush +ip -n $ns x p flush +line0=$(grep -c "SA count=0" $ipsec0) +line1=$(grep -c "SA count=0" $ipsec1) +if [ $line0 -ne 1 -o $line1 -ne 1 ] ; then + echo "FAIL: bond_ipsec_offload SA not removed from driver" + ret=1 +else + echo "PASS: bond_ipsec_offload SA removed from driver" +fi + +exit $ret diff --git a/tools/testing/selftests/drivers/net/bonding/config b/tools/testing/selftests/drivers/net/bonding/config index dad4e5fda4db..054fb772846f 100644 --- a/tools/testing/selftests/drivers/net/bonding/config +++ b/tools/testing/selftests/drivers/net/bonding/config @@ -9,3 +9,7 @@ CONFIG_NET_CLS_FLOWER=y CONFIG_NET_SCH_INGRESS=y CONFIG_NLMON=y CONFIG_VETH=y +CONFIG_INET_ESP=y +CONFIG_INET_ESP_OFFLOAD=y +CONFIG_XFRM_USER=m +CONFIG_NETDEVSIM=m