diff mbox series

[bpf,3/5] netkit: Fix syncing peer device mtu with primary

Message ID 20240524130115.9854-3-daniel@iogearbox.net (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series [bpf,1/5] netkit: Fix setting mac address in l2 mode | expand

Checks

Context Check Description
bpf/vmtest-bpf-PR success PR summary
bpf/vmtest-bpf-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-VM_Test-4 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-VM_Test-2 success Logs for Unittests
bpf/vmtest-bpf-VM_Test-3 success Logs for Validate matrix.py
bpf/vmtest-bpf-VM_Test-5 success Logs for aarch64-gcc / build-release
bpf/vmtest-bpf-VM_Test-6 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-7 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-8 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-9 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-10 success Logs for aarch64-gcc / veristat
bpf/vmtest-bpf-VM_Test-11 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-VM_Test-12 success Logs for s390x-gcc / build-release
bpf/vmtest-bpf-VM_Test-13 pending Logs for s390x-gcc / test (test_maps, false, 360) / test_maps on s390x with gcc
bpf/vmtest-bpf-VM_Test-14 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
bpf/vmtest-bpf-VM_Test-16 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-VM_Test-15 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-VM_Test-17 success Logs for s390x-gcc / veristat
bpf/vmtest-bpf-VM_Test-18 success Logs for set-matrix
bpf/vmtest-bpf-VM_Test-20 success Logs for x86_64-gcc / build-release
bpf/vmtest-bpf-VM_Test-19 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-VM_Test-21 success Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-24 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-28 success Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
bpf/vmtest-bpf-VM_Test-22 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-23 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-25 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-26 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-27 success Logs for x86_64-gcc / veristat / veristat on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-29 success Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17 and -O2 optimization
bpf/vmtest-bpf-VM_Test-31 success Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
bpf/vmtest-bpf-VM_Test-30 success Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
bpf/vmtest-bpf-VM_Test-33 success Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
bpf/vmtest-bpf-VM_Test-32 success Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
bpf/vmtest-bpf-VM_Test-35 success Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-34 success Logs for x86_64-llvm-17 / veristat
bpf/vmtest-bpf-VM_Test-37 success Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-36 success Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18 and -O2 optimization
bpf/vmtest-bpf-VM_Test-38 success Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-39 success Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-40 success Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-41 success Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
bpf/vmtest-bpf-VM_Test-42 success Logs for x86_64-llvm-18 / veristat
netdev/series_format warning Series does not have a cover letter
netdev/tree_selection success Clearly marked for bpf, async
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 907 this patch: 907
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers fail 2 blamed authors not CCed: toke@redhat.com sdf@google.com; 5 maintainers not CCed: pabeni@redhat.com kuba@kernel.org edumazet@google.com toke@redhat.com sdf@google.com
netdev/build_clang success Errors and warnings before: 909 this patch: 909
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 911 this patch: 911
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 32 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Daniel Borkmann May 24, 2024, 1:01 p.m. UTC 
Implement the ndo_change_mtu callback in netkit in order to align the MTU
to the primary device. This is needed in order to sync MTUs to the latter
from the control plane (e.g. Cilium) which does not have access into the
Pod's netns.

Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Joe Stringer <joe@cilium.io>
---
 drivers/net/netkit.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

Comments

Nikolay Aleksandrov May 24, 2024, 2:15 p.m. UTC | #1 
On 5/24/24 16:01, Daniel Borkmann wrote:
> Implement the ndo_change_mtu callback in netkit in order to align the MTU
> to the primary device. This is needed in order to sync MTUs to the latter
> from the control plane (e.g. Cilium) which does not have access into the
> Pod's netns.
> 
> Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Joe Stringer <joe@cilium.io>
> ---
>  drivers/net/netkit.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 

This one has unexpected behaviour IMO. If the app sets the MTU and we
silently overwrite, then it may continue working and thinking the MTU
was changed leading to unexpected problems. I think it'd be better to
keep the MTU synced explicitly (e.g. when set on main device, then
set it on peer as well) and error out when trying to set it without
the proper capabilities.
Daniel Borkmann May 24, 2024, 2:20 p.m. UTC | #2 
On 5/24/24 4:15 PM, Nikolay Aleksandrov wrote:
> On 5/24/24 16:01, Daniel Borkmann wrote:
>> Implement the ndo_change_mtu callback in netkit in order to align the MTU
>> to the primary device. This is needed in order to sync MTUs to the latter
>> from the control plane (e.g. Cilium) which does not have access into the
>> Pod's netns.
>>
>> Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
>> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>> Cc: Joe Stringer <joe@cilium.io>
>> ---
>>   drivers/net/netkit.c | 20 ++++++++++++++++++++
>>   1 file changed, 20 insertions(+)
>>
> 
> This one has unexpected behaviour IMO. If the app sets the MTU and we
> silently overwrite, then it may continue working and thinking the MTU
> was changed leading to unexpected problems. I think it'd be better to
> keep the MTU synced explicitly (e.g. when set on main device, then
> set it on peer as well) and error out when trying to set it without
> the proper capabilities.

Makes sense, I'll look into this, thanks Nik!
Daniel Borkmann May 24, 2024, 2:30 p.m. UTC | #3 
On 5/24/24 4:20 PM, Daniel Borkmann wrote:
> On 5/24/24 4:15 PM, Nikolay Aleksandrov wrote:
>> On 5/24/24 16:01, Daniel Borkmann wrote:
>>> Implement the ndo_change_mtu callback in netkit in order to align the MTU
>>> to the primary device. This is needed in order to sync MTUs to the latter
>>> from the control plane (e.g. Cilium) which does not have access into the
>>> Pod's netns.
>>>
>>> Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
>>> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>>> Cc: Joe Stringer <joe@cilium.io>
>>> ---
>>>   drivers/net/netkit.c | 20 ++++++++++++++++++++
>>>   1 file changed, 20 insertions(+)
>>>
>>
>> This one has unexpected behaviour IMO. If the app sets the MTU and we
>> silently overwrite, then it may continue working and thinking the MTU
>> was changed leading to unexpected problems. I think it'd be better to
>> keep the MTU synced explicitly (e.g. when set on main device, then
>> set it on peer as well) and error out when trying to set it without
>> the proper capabilities.
> 
> Makes sense, I'll look into this, thanks Nik!

I'll drop this one for now, and have a future extension on nk device
creation to lock such attributes or not so its flexible.

Thanks,
Daniel
diff mbox series

Patch

diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c
index 16789cd446e9..ead7097c224b 100644
--- a/drivers/net/netkit.c
+++ b/drivers/net/netkit.c
@@ -167,6 +167,25 @@  static int netkit_set_macaddr(struct net_device *dev, void *sa)
 	return eth_mac_addr(dev, sa);
 }
 
+static int netkit_set_mtu(struct net_device *dev, int new_mtu)
+{
+	struct netkit *nk = netkit_priv(dev);
+	struct net_device *peer;
+
+	rcu_read_lock();
+	peer = rcu_dereference(nk->peer);
+	if (unlikely(!peer))
+		goto out;
+	if (!nk->primary)
+		new_mtu = READ_ONCE(peer->mtu);
+	else
+		WRITE_ONCE(peer->mtu, new_mtu);
+out:
+	WRITE_ONCE(dev->mtu, new_mtu);
+	rcu_read_unlock();
+	return 0;
+}
+
 static void netkit_set_headroom(struct net_device *dev, int headroom)
 {
 	struct netkit *nk = netkit_priv(dev), *nk2;
@@ -211,6 +230,7 @@  static const struct net_device_ops netkit_netdev_ops = {
 	.ndo_set_rx_mode	= netkit_set_multicast,
 	.ndo_set_rx_headroom	= netkit_set_headroom,
 	.ndo_set_mac_address	= netkit_set_macaddr,
+	.ndo_change_mtu		= netkit_set_mtu,
 	.ndo_get_iflink		= netkit_get_iflink,
 	.ndo_get_peer_dev	= netkit_peer_dev,
 	.ndo_get_stats64	= netkit_get_stats,