Add support for packet-per-second policing

Bug #1938818 reported by Bodong Wang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-bluefield (Ubuntu)
Invalid
Undecided
Bodong Wang
Focal
Fix Released
Medium
Bodong Wang

Bug Description

* Explain the bug(s)

It’s a missing feature in current kernel.

* brief explanation of fixes

Cherry-pick and backport the related patches from upstream kernel.

* How to test

Add tc filter rule with police action, and check it is offloaded.
For example:
    tc filter add dev enp8s0f0_0 ingress protocol ip flower \
        dst_mac b8:ce:f6:7b:d9:24 \
        action police pkts_rate 1000 pkts_burst 100 conform-exceed drop/pipe \
        action mirred egress redirect dev enp8s0f0

* What it could break.

New feature, doesn't break existing features.

CVE References

Changed in linux-bluefield (Ubuntu):
assignee: nobody → Bodong Wang (bodong-wang)
Stefan Bader (smb)
Changed in linux-bluefield (Ubuntu Focal):
assignee: nobody → Bodong Wang (bodong-wang)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-bluefield (Ubuntu):
status: New → Invalid
Changed in linux-bluefield (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Kelsey Steele (kelsey-steele) wrote :

Hi Bodong. May you please verify the kernel in -proposed for Focal-bluefield resolves this bug? Thank you!

Revision history for this message
Bodong Wang (bodong-wang) wrote : Re: [Bug 1938818] Re: Add support for packet-per-second policing

Hi Kelsey, it was fixed. Thanks!
________________________________
From: <email address hidden> <email address hidden> on behalf of Kelsey Skunberg <email address hidden>
Sent: Tuesday, September 21, 2021 5:43:53 PM
To: Bodong Wang <email address hidden>
Subject: [Bug 1938818] Re: Add support for packet-per-second policing

Hi Bodong. May you please verify the kernel in -proposed for Focal-
bluefield resolves this bug? Thank you!

--
You received this bug notification because you are subscribed to the bug
report.
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.launchpad.net%2Fbugs%2F1938818&amp;data=04%7C01%7Cbodong%40nvidia.com%7Cefc748aabf074af46bb908d97d523b14%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637678614399499685%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=KGxUMaNWAmHhXWRVX7BPW0F8D1fROE%2FhfRyUde8GWho%3D&amp;reserved=0

Title:
  Add support for packet-per-second policing

Status in linux-bluefield package in Ubuntu:
  Invalid
Status in linux-bluefield source package in Focal:
  Fix Committed

Bug description:

  * Explain the bug(s)

  It’s a missing feature in current kernel.

  * brief explanation of fixes

  Cherry-pick and backport the related patches from upstream kernel.

  * How to test

  Add tc filter rule with police action, and check it is offloaded.
  For example:
      tc filter add dev enp8s0f0_0 ingress protocol ip flower \
          dst_mac b8:ce:f6:7b:d9:24 \
          action police pkts_rate 1000 pkts_burst 100 conform-exceed drop/pipe \
          action mirred egress redirect dev enp8s0f0

  * What it could break.

  New feature, doesn't break existing features.

To manage notifications about this bug go to:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.launchpad.net%2Fubuntu%2F%2Bsource%2Flinux-bluefield%2F%2Bbug%2F1938818%2F%2Bsubscriptions&amp;data=04%7C01%7Cbodong%40nvidia.com%7Cefc748aabf074af46bb908d97d523b14%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637678614399499685%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dZxZJM%2BEID5cInvvt5kl6ol1fiYRlgx9k3ib0Pmm%2FAc%3D&amp;reserved=0

Revision history for this message
Kelsey Steele (kelsey-steele) wrote :

Marking verification completed. Thank you, Bodong!

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (95.1 KiB)

This bug was fixed in the package linux-bluefield - 5.4.0-1019.22

---------------
linux-bluefield (5.4.0-1019.22) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1019.22 -proposed tracker (LP: #1942533)

  * Focal update: v5.4.134 upstream stable release (LP: #1939440)
    - [Config] bluefield: CONFIG_BATTERY_RT5033=m

  * Fix fragmentation support for TC connection tracking (LP: #1940872)
    - net/sched: act_ct: fix restore the qdisc_skb_cb after defrag
    - net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct
    - net/sched: fix miss init the mru in qdisc_skb_cb
    - net/sched: act_ct: fix wild memory access when clearing fragments
    - Revert "net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments()
      error flow"
    - net/sched: act_mirred: refactor the handle of xmit
    - net/sched: The error lable position is corrected in ct_init_module
    - net/sched: sch_frag: add generic packet fragment support.
    - ipv6: add ipv6_fragment hook in ipv6_stub

  * Add the upcoming BlueField-3 device ID (LP: #1941803)
    - net/mlx5: Update the list of the PCI supported devices

  * CT state not reset when packet redirected to different port (LP: #1940448)
    - Revert "UBUNTU: SAUCE: net/sched: act_mirred: Reset ct when reinserting skb
      back into queue"
    - net: sched: act_mirred: Reset ct info when mirror/redirect skb

  * Export xfrm_policy_lookup_bytype function (LP: #1934313)
    - SAUCE: xfrm: IPsec Export xfrm_policy_lookup_bytype function

  [ Ubuntu: 5.4.0-85.95 ]

  * focal/linux: 5.4.0-85.95 -proposed tracker (LP: #1942557)
  * please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
    - [Config] Disable virtualbox dkms build
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)
  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions
  * disable “CONFIG_HISI_DMA” config for ubuntu version (LP: #1936771)
    - Disable CONFIG_HISI_DMA
    - [Config] Record hisi_dma no longer built for arm64
  * memory leaking when removing a profile (LP: #1939915)
    - apparmor: Fix memory leak of profile proxy
  * CryptoExpress EP11 cards are going offline (LP: #1939618)
    - s390/zcrypt: Support for CCA protected key block version 2
    - s390: Replace zero-length array with flexible-array member
    - s390/zcrypt: Use scnprintf() for avoiding potential buffer overflow
    - s390/zcrypt: replace snprintf/sprintf with scnprintf
    - s390/ap: Remove ap device suspend and resume callbacks
    - s390/zcrypt: use fallthrough;
    - s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc
    - s390/ap: remove power management code from ap bus and drivers
    - s390/ap: introduce new ap function ap_get_qdev()
    - s390/zcrypt: use kzalloc
    - s390/zcrypt: fix smatch warnings
    - s390/zcrypt: code beautification and struct field renames
    - s390/zcrypt: split ioctl function into smaller code units
    - s390/ap: rename and clarify ap state machine related stuff
    - s390/zcrypt: provide cex4 cca sysfs attributes for cex3
    - s390/ap: rework cry...

Changed in linux-bluefield (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.