| Message ID | 20221006085921.1323148-1-yanjun.zhu@linux.dev (mailing list archive) |
|---|---|
| Headers | show |
| Series | Fix the problem that rxe can not work in net | expand |
在 2022/10/6 16:59, yanjun.zhu@linux.dev 写道: > From: Zhu Yanjun <yanjun.zhu@intel.com> > > When run "ip link add" command to add a rxe rdma link in a net > namespace, normally this rxe rdma link can not work in a net > name space. > > The root cause is that a sock listening on udp port 4791 is created > in init_net when the rdma_rxe module is loaded into kernel. That is, > the sock listening on udp port 4791 is created in init_net. Other net > namespace is difficult to use this sock. > > The following commits will solve this problem. > > In the first commit, move the creating sock listening on udp port 4791 > from module_init function to rdma link creating functions. That is, > after the module rdma_rxe is loaded, the sock will not be created. > When run "rdma link add ..." command, the sock will be created. So > when creating a rdma link in the net namespace, the sock will be > created in this net namespace. > > In the second commit, the functions udp4_lib_lookup and udp6_lib_lookup > will check the sock exists in the net namespace or not. If yes, rdma > link will increase the reference count of this sock, then continue other > jobs instead of creating a new sock to listen on udp port 4791. Since the > network notifier is global, when the module rdma_rxe is loaded, this > notifier will be registered. > > After the rdma link is created, the command "rdma link del" is to > delete rdma link at the same time the sock is checked. If the reference > count of this sock is greater than the sock reference count needed by > udp tunnel, the sock reference count is decreased by one. If equal, it > indicates that this rdma link is the last one. As such, the udp tunnel > is shut down and the sock is closed. The above work should be > implemented in linkdel function. But currently no dellink function in > rxe. So the 3rd commit addes dellink function pointer. And the 4th > commit implements the dellink function in rxe. > > To now, it is not necessary to keep a global variable to store the sock > listening udp port 4791. This global variable can be replaced by the > functions udp4_lib_lookup and udp6_lib_lookup totally. Because the > function udp6_lib_lookup is in the fast path, a member variable l_sk6 > is added to store the sock. If l_sk6 is NULL, udp6_lib_lookup is called > to lookup the sock, then the sock is stored in l_sk6, in the future,it > can be used directly. > > All the above work has been done in init_net. And it can also work in > the net namespace. So the init_net is replaced by the individual net > namespace. This is what the 6th commit does. Because rxe device is > dependent on the net device and the sock listening on udp port 4791, > every rxe device is in exclusive mode in the individual net namespace. > Other rdma netns operations will be considerred in the future. > > Test steps: > 1) Suppose that 2 NICs are in 2 different net namespaces. > > # ip netns exec net0 ip link > 3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP > link/ether 00:1e:67:a0:22:3f brd ff:ff:ff:ff:ff:ff > altname enp5s0 > > # ip netns exec net1 ip link > 4: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel > link/ether f8:e4:3b:3b:e4:10 brd ff:ff:ff:ff:ff:ff > > 2) Add rdma link in the different net namespace > net0: > ip netns exec net0 rdma link add rxe0 type rxe netdev eno2 > > net1: > ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 > > 3) Run rping test. > net0 > # ip netns exec net0 rping -s -a 192.168.2.1 -C 1& > [1] 1737 > # ip netns exec net1 rping -c -a 192.168.2.1 -d -v -C 1 > verbose > count 1 > ... > ping data: rdma-ping-0: ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr > ... > > 4) Remove the rdma links from the net namespaces. > net0: > ip netns exec net0 rdma link del rxe0 > net1: > ip netns exec net1 rdma link del rxe1 > > --- > V1->V2: Add the explicit initialization of sk6. > --- > Zhu Yanjun (6): > RDMA/rxe: Creating listening sock in newlink function > RDMA/rxe: Support more rdma links in init_net > RDMA/nldev: Add dellink function pointer > RDMA/rxe: Implement dellink in rxe > RDMA/rxe: Replace global variable with sock lookup functions > RDMA/rxe: add the support of net namespace Gently ping Zhu Yanjun > > drivers/infiniband/core/nldev.c | 6 ++ > drivers/infiniband/sw/rxe/rxe.c | 26 +++++- > drivers/infiniband/sw/rxe/rxe_net.c | 129 ++++++++++++++++++++------ > drivers/infiniband/sw/rxe/rxe_net.h | 9 +- > drivers/infiniband/sw/rxe/rxe_verbs.h | 1 + > include/rdma/rdma_netlink.h | 2 + > 6 files changed, 134 insertions(+), 39 deletions(-) >
在 2022/10/19 22:56, Yanjun Zhu 写道: > 在 2022/10/6 16:59, yanjun.zhu@linux.dev 写道: >> From: Zhu Yanjun <yanjun.zhu@intel.com> >> >> When run "ip link add" command to add a rxe rdma link in a net >> namespace, normally this rxe rdma link can not work in a net >> name space. >> >> The root cause is that a sock listening on udp port 4791 is created >> in init_net when the rdma_rxe module is loaded into kernel. That is, >> the sock listening on udp port 4791 is created in init_net. Other net >> namespace is difficult to use this sock. >> >> The following commits will solve this problem. >> >> In the first commit, move the creating sock listening on udp port 4791 >> from module_init function to rdma link creating functions. That is, >> after the module rdma_rxe is loaded, the sock will not be created. >> When run "rdma link add ..." command, the sock will be created. So >> when creating a rdma link in the net namespace, the sock will be >> created in this net namespace. >> >> In the second commit, the functions udp4_lib_lookup and udp6_lib_lookup >> will check the sock exists in the net namespace or not. If yes, rdma >> link will increase the reference count of this sock, then continue other >> jobs instead of creating a new sock to listen on udp port 4791. Since the >> network notifier is global, when the module rdma_rxe is loaded, this >> notifier will be registered. >> >> After the rdma link is created, the command "rdma link del" is to >> delete rdma link at the same time the sock is checked. If the reference >> count of this sock is greater than the sock reference count needed by >> udp tunnel, the sock reference count is decreased by one. If equal, it >> indicates that this rdma link is the last one. As such, the udp tunnel >> is shut down and the sock is closed. The above work should be >> implemented in linkdel function. But currently no dellink function in >> rxe. So the 3rd commit addes dellink function pointer. And the 4th >> commit implements the dellink function in rxe. >> >> To now, it is not necessary to keep a global variable to store the sock >> listening udp port 4791. This global variable can be replaced by the >> functions udp4_lib_lookup and udp6_lib_lookup totally. Because the >> function udp6_lib_lookup is in the fast path, a member variable l_sk6 >> is added to store the sock. If l_sk6 is NULL, udp6_lib_lookup is called >> to lookup the sock, then the sock is stored in l_sk6, in the future,it >> can be used directly. >> >> All the above work has been done in init_net. And it can also work in >> the net namespace. So the init_net is replaced by the individual net >> namespace. This is what the 6th commit does. Because rxe device is >> dependent on the net device and the sock listening on udp port 4791, >> every rxe device is in exclusive mode in the individual net namespace. >> Other rdma netns operations will be considerred in the future. >> >> Test steps: >> 1) Suppose that 2 NICs are in 2 different net namespaces. >> >> # ip netns exec net0 ip link >> 3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP >> link/ether 00:1e:67:a0:22:3f brd ff:ff:ff:ff:ff:ff >> altname enp5s0 >> >> # ip netns exec net1 ip link >> 4: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel >> link/ether f8:e4:3b:3b:e4:10 brd ff:ff:ff:ff:ff:ff >> >> 2) Add rdma link in the different net namespace >> net0: >> ip netns exec net0 rdma link add rxe0 type rxe netdev eno2 >> >> net1: >> ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 >> >> 3) Run rping test. >> net0 >> # ip netns exec net0 rping -s -a 192.168.2.1 -C 1& >> [1] 1737 >> # ip netns exec net1 rping -c -a 192.168.2.1 -d -v -C 1 >> verbose >> count 1 >> ... >> ping data: rdma-ping-0: >> ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr >> ... >> >> 4) Remove the rdma links from the net namespaces. >> net0: >> ip netns exec net0 rdma link del rxe0 >> net1: >> ip netns exec net1 rdma link del rxe1 >> >> --- >> V1->V2: Add the explicit initialization of sk6. >> --- >> Zhu Yanjun (6): >> RDMA/rxe: Creating listening sock in newlink function >> RDMA/rxe: Support more rdma links in init_net >> RDMA/nldev: Add dellink function pointer >> RDMA/rxe: Implement dellink in rxe >> RDMA/rxe: Replace global variable with sock lookup functions >> RDMA/rxe: add the support of net namespace Hi, Parav Pandit I think you are the expert of netns. Can you help to review these patches? Thanks and Regards, Zhu Yanjun > > Gently ping > > Zhu Yanjun > >> >> drivers/infiniband/core/nldev.c | 6 ++ >> drivers/infiniband/sw/rxe/rxe.c | 26 +++++- >> drivers/infiniband/sw/rxe/rxe_net.c | 129 ++++++++++++++++++++------ >> drivers/infiniband/sw/rxe/rxe_net.h | 9 +- >> drivers/infiniband/sw/rxe/rxe_verbs.h | 1 + >> include/rdma/rdma_netlink.h | 2 + >> 6 files changed, 134 insertions(+), 39 deletions(-) >> >
> From: Yanjun Zhu <yanjun.zhu@linux.dev> > Sent: Thursday, November 10, 2022 9:37 PM > Can you help to review these patches? I will try to review it before 13th.
在 2022/11/11 11:35, Parav Pandit 写道: >> From: Yanjun Zhu <yanjun.zhu@linux.dev> >> Sent: Thursday, November 10, 2022 9:37 PM > >> Can you help to review these patches? > I will try to review it before 13th. Thank you very much. Zhu Yanjun
Hi Yanjun, > From: Yanjun Zhu <yanjun.zhu@linux.dev> > Sent: Thursday, November 10, 2022 10:38 PM > > > 在 2022/11/11 11:35, Parav Pandit 写道: > >> From: Yanjun Zhu <yanjun.zhu@linux.dev> > >> Sent: Thursday, November 10, 2022 9:37 PM > > > >> Can you help to review these patches? > > I will try to review it before 13th. I did a brief review of patch set. I didn’t go line by line for each patch; hence I give lumped comments here for overall series. 1. Add example and test results in below test flow in exclusive mode in cover letter. # ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 # ip netns del net0 Verify that rdma device rxe1 is deleted. 2. Usage of dev_net() in rxe_setup_udp_tunnel() is unsafe. This is because when rxe_setup_udp_tunnel() is executed, net ns of netdev can change. This needs to be synchronized with per net notifier register_pernet_subsys() of exit or exit_batch. This notifiers callback should be added to rxe module. 3. You need to set bind_ifindex of udp config to the netdev given in newlink in rxe_setup_udp_tunnel. Should be a separate pre-patch to ensure that close and right relation to udp socket with netdev in a given netns. 4. Rearrange series to implement delete link as separate series from net ns securing series. They are unrelated. Current delink series may have use after free accesses. Those needs to be guarded in likely larger series. 5. udp tunnel must shutdown synchronously when rdma link del is done. This means any new packet arriving after this point, will be dropped. Any existing packet handling present is flushed. From your cover letter description, it appears that sock deletion is refcount based and above semantics is not ensured. 6. In patch 5, rxe_get_dev_from_net() can return NULL, hence l_sk6 check can be unsafe. Please add check for rdev null before rdev->l_sk6 check. 7. In patch 5, I didn't fully inspect, but seems like call to rxe_find_route4() is not rcu safe. Hence, extension of dev_net() in rxe_find_route4() doesn't look secure. Accessing sock_net() is more accurate, because at this layer, it is processing packets at socket layer.
在 2022/11/13 12:58, Parav Pandit 写道: > Hi Yanjun, > >> From: Yanjun Zhu <yanjun.zhu@linux.dev> >> Sent: Thursday, November 10, 2022 10:38 PM >> >> >> 在 2022/11/11 11:35, Parav Pandit 写道: >>>> From: Yanjun Zhu <yanjun.zhu@linux.dev> >>>> Sent: Thursday, November 10, 2022 9:37 PM >>> >>>> Can you help to review these patches? >>> I will try to review it before 13th. > > I did a brief review of patch set. > I didn’t go line by line for each patch; hence I give lumped comments here for overall series. > > 1. Add example and test results in below test flow in exclusive mode in cover letter. > # ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 > # ip netns del net0 > Verify that rdma device rxe1 is deleted. Hi, Parav Thanks a lot. I will add this example to the cover letter. And I confirm that rdma device rxe1 is deleted after the command "ip netns del net0". I will delve into the following comments. Thanks and Regards, Zhu Yanjun > > 2. Usage of dev_net() in rxe_setup_udp_tunnel() is unsafe. > This is because when rxe_setup_udp_tunnel() is executed, net ns of netdev can change. > This needs to be synchronized with per net notifier register_pernet_subsys() of exit or exit_batch. > This notifiers callback should be added to rxe module. > > 3. You need to set bind_ifindex of udp config to the netdev given in newlink in rxe_setup_udp_tunnel. > Should be a separate pre-patch to ensure that close and right relation to udp socket with netdev in a given netns. > > 4. Rearrange series to implement delete link as separate series from net ns securing series. > They are unrelated. Current delink series may have use after free accesses. Those needs to be guarded in likely larger series. > > 5. udp tunnel must shutdown synchronously when rdma link del is done. > This means any new packet arriving after this point, will be dropped. > Any existing packet handling present is flushed. > From your cover letter description, it appears that sock deletion is refcount based and above semantics is not ensured. > > 6. In patch 5, rxe_get_dev_from_net() can return NULL, hence l_sk6 check can be unsafe. Please add check for rdev null before rdev->l_sk6 check. > > 7. In patch 5, I didn't fully inspect, but seems like call to rxe_find_route4() is not rcu safe. > Hence, extension of dev_net() in rxe_find_route4() doesn't look secure. > Accessing sock_net() is more accurate, because at this layer, it is processing packets at socket layer.
在 2022/11/13 12:58, Parav Pandit 写道: > Hi Yanjun, > >> From: Yanjun Zhu <yanjun.zhu@linux.dev> >> Sent: Thursday, November 10, 2022 10:38 PM >> >> >> 在 2022/11/11 11:35, Parav Pandit 写道: >>>> From: Yanjun Zhu <yanjun.zhu@linux.dev> >>>> Sent: Thursday, November 10, 2022 9:37 PM >>> >>>> Can you help to review these patches? >>> I will try to review it before 13th. > > I did a brief review of patch set. > I didn’t go line by line for each patch; hence I give lumped comments here for overall series. > > 1. Add example and test results in below test flow in exclusive mode in cover letter. > # ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 > # ip netns del net0 > Verify that rdma device rxe1 is deleted. Sorry. It is late to reply. Got it. I will add the above example in the cover letter. > > 2. Usage of dev_net() in rxe_setup_udp_tunnel() is unsafe. > This is because when rxe_setup_udp_tunnel() is executed, net ns of netdev can change. > This needs to be synchronized with per net notifier register_pernet_subsys() of exit or exit_batch. > This notifiers callback should be added to rxe module. No. The netdev device and rxe device are one-to-one correspondence. When the netdev device is removed from the net namespace, the rxe device will be removed. So this will not happen that rxe_setup_udp_tunnel is executed while net namespace of the netdev can change. In the latest commits, I will add register_pernet_subsys() because the init and exit functions can help initialization and cleanup. > > 3. You need to set bind_ifindex of udp config to the netdev given in newlink in rxe_setup_udp_tunnel. > Should be a separate pre-patch to ensure that close and right relation to udp socket with netdev in a given netns. > No. In the rxe, the sock listeing to the udp port 4791 does not bind with the netdev device. A sock can listen to the packets from several netdev devices. That is, this port 4791 sock is shared by many rxe rdma links. > 4. Rearrange series to implement delete link as separate series from net ns securing series. > They are unrelated. Current delink series may have use after free accesses. Those needs to be guarded in likely larger series. > Got it. I found the use-after-free problem with the sock. And now it is fixed in the latest commits. I will send it out very soon. > 5. udp tunnel must shutdown synchronously when rdma link del is done. > This means any new packet arriving after this point, will be dropped. > Any existing packet handling present is flushed. > From your cover letter description, it appears that sock deletion is refcount based and above semantics is not ensured. > The port 4791 udp tunnel is shared by many rxe rdma links. If one rdma link exists in net namespace, this udp tunnel should not be shutdown. Only if no rxe rdma link exist, this udp tunnel will be destroyed. > 6. In patch 5, rxe_get_dev_from_net() can return NULL, hence l_sk6 check can be unsafe. Please add check for rdev null before rdev->l_sk6 check. > Got it. the l_sk6 is replaced with the sk6 in net namespace notifier. > 7. In patch 5, I didn't fully inspect, but seems like call to rxe_find_route4() is not rcu safe. > Hence, extension of dev_net() in rxe_find_route4() doesn't look secure. > Accessing sock_net() is more accurate, because at this layer, it is processing packets at socket layer. No. As I mentioned in the above, because the netdev device and rxe device are one-to-one correspondence, if one net device is moved out of the net namespace, the related rxe device is also removed. So dev_net seems safe. I will send out the latest commits very soon. Zhu Yanjun
From: Zhu Yanjun <yanjun.zhu@intel.com> When run "ip link add" command to add a rxe rdma link in a net namespace, normally this rxe rdma link can not work in a net name space. The root cause is that a sock listening on udp port 4791 is created in init_net when the rdma_rxe module is loaded into kernel. That is, the sock listening on udp port 4791 is created in init_net. Other net namespace is difficult to use this sock. The following commits will solve this problem. In the first commit, move the creating sock listening on udp port 4791 from module_init function to rdma link creating functions. That is, after the module rdma_rxe is loaded, the sock will not be created. When run "rdma link add ..." command, the sock will be created. So when creating a rdma link in the net namespace, the sock will be created in this net namespace. In the second commit, the functions udp4_lib_lookup and udp6_lib_lookup will check the sock exists in the net namespace or not. If yes, rdma link will increase the reference count of this sock, then continue other jobs instead of creating a new sock to listen on udp port 4791. Since the network notifier is global, when the module rdma_rxe is loaded, this notifier will be registered. After the rdma link is created, the command "rdma link del" is to delete rdma link at the same time the sock is checked. If the reference count of this sock is greater than the sock reference count needed by udp tunnel, the sock reference count is decreased by one. If equal, it indicates that this rdma link is the last one. As such, the udp tunnel is shut down and the sock is closed. The above work should be implemented in linkdel function. But currently no dellink function in rxe. So the 3rd commit addes dellink function pointer. And the 4th commit implements the dellink function in rxe. To now, it is not necessary to keep a global variable to store the sock listening udp port 4791. This global variable can be replaced by the functions udp4_lib_lookup and udp6_lib_lookup totally. Because the function udp6_lib_lookup is in the fast path, a member variable l_sk6 is added to store the sock. If l_sk6 is NULL, udp6_lib_lookup is called to lookup the sock, then the sock is stored in l_sk6, in the future,it can be used directly. All the above work has been done in init_net. And it can also work in the net namespace. So the init_net is replaced by the individual net namespace. This is what the 6th commit does. Because rxe device is dependent on the net device and the sock listening on udp port 4791, every rxe device is in exclusive mode in the individual net namespace. Other rdma netns operations will be considerred in the future. Test steps: 1) Suppose that 2 NICs are in 2 different net namespaces. # ip netns exec net0 ip link 3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP link/ether 00:1e:67:a0:22:3f brd ff:ff:ff:ff:ff:ff altname enp5s0 # ip netns exec net1 ip link 4: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel link/ether f8:e4:3b:3b:e4:10 brd ff:ff:ff:ff:ff:ff 2) Add rdma link in the different net namespace net0: ip netns exec net0 rdma link add rxe0 type rxe netdev eno2 net1: ip netns exec net1 rdma link add rxe1 type rxe netdev eno3 3) Run rping test. net0 # ip netns exec net0 rping -s -a 192.168.2.1 -C 1& [1] 1737 # ip netns exec net1 rping -c -a 192.168.2.1 -d -v -C 1 verbose count 1 ... ping data: rdma-ping-0: ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr ... 4) Remove the rdma links from the net namespaces. net0: ip netns exec net0 rdma link del rxe0 net1: ip netns exec net1 rdma link del rxe1 --- V1->V2: Add the explicit initialization of sk6. --- Zhu Yanjun (6): RDMA/rxe: Creating listening sock in newlink function RDMA/rxe: Support more rdma links in init_net RDMA/nldev: Add dellink function pointer RDMA/rxe: Implement dellink in rxe RDMA/rxe: Replace global variable with sock lookup functions RDMA/rxe: add the support of net namespace drivers/infiniband/core/nldev.c | 6 ++ drivers/infiniband/sw/rxe/rxe.c | 26 +++++- drivers/infiniband/sw/rxe/rxe_net.c | 129 ++++++++++++++++++++------ drivers/infiniband/sw/rxe/rxe_net.h | 9 +- drivers/infiniband/sw/rxe/rxe_verbs.h | 1 + include/rdma/rdma_netlink.h | 2 + 6 files changed, 134 insertions(+), 39 deletions(-)