fragment handling broken #3

cron2 · 2025-05-05T08:22:29Z

20250505 tarball, 5.4.0-214-generic kernel

Some of the t_client tests fail

Test sets succeeded: 1 1a 1b 1c 1d 1e 1z 2 2a 2d 2e 2y 2z 3 3a 3z 4 4a 4b 5 6 8 9 23 23a 23s 24 24a.
Test sets skipped: none.
Test sets failed: 2b 2c 2f 11.

and looking more closely this is all "over UDP/IPvX, pinging with big packets breaks"

### test run 2b: 'udp *6* / p2pm / top net30' ###

save pre-openvpn ifconfig + route

run pre-openvpn ping tests - targets must not be reachable...
run IPv4 ping tests (want_fail), 64 byte packets...
run IPv6 ping tests (want_fail), 64 byte packets...
OK.

 run openvpn --client --ca /home/gert/t_client_keys/ca.crt 	--cert /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.crt --key /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.key 	--remote-cert-tls server --nobind --verb 3         --tls-cert-profile insecure --providers legacy default --setenv UV_NOCOMP 1 --push-peer-info --dev tun --proto udp6 --remote conn-test-server.openvpn.org --port 51194 --writepid ../tests/t_client-ubuntu2004-20250505-095615/openvpn-2b.pid 
  OpenVPN running with PID 58069
save ifconfig+route
compare pre-openvpn ifconfig+route with current values... OK!

run IPv4 ping tests (want_ok), 64 byte packets...
run IPv4 ping tests (want_ok), 1440 byte packets...
run IPv4 ping tests (want_ok), 3000 byte packets...
FAIL: IPv4 ping test (3000 bytes) failed, but should succeed.

run IPv6 ping tests (want_ok), 64 byte packets...
run IPv6 ping tests (want_ok), 1440 byte packets...
run IPv6 ping tests (want_ok), 3000 byte packets...
FAIL: IPv6 ping test (3000 bytes) failed, but should succeed.

ping tests done.

stopping OpenVPN

save post-openvpn ifconfig + route...
compare pre- and post-openvpn ifconfig + route... OK.

test run 2b: 2 test failures. FAIL.

### test run 2c: 'udp *6* / p2pm / top net30' ###

save pre-openvpn ifconfig + route

run pre-openvpn ping tests - targets must not be reachable...
run IPv4 ping tests (want_fail), 64 byte packets...
run IPv6 ping tests (want_fail), 64 byte packets...
OK.

 run openvpn --client --ca /home/gert/t_client_keys/ca.crt 	--cert /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.crt --key /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.key 	--remote-cert-tls server --nobind --verb 3         --tls-cert-profile insecure --providers legacy default --setenv UV_NOCOMP 1 --push-peer-info --dev tun --proto udp6 --remote conn-test-server.openvpn.org --port 51194 --multihome --writepid ../tests/t_client-ubuntu2004-20250505-095615/openvpn-2c.pid 
  OpenVPN running with PID 58128
save ifconfig+route
compare pre-openvpn ifconfig+route with current values... OK!

run IPv4 ping tests (want_ok), 64 byte packets...
run IPv4 ping tests (want_ok), 1440 byte packets...
run IPv4 ping tests (want_ok), 3000 byte packets...
FAIL: IPv4 ping test (3000 bytes) failed, but should succeed.

run IPv6 ping tests (want_ok), 64 byte packets...
run IPv6 ping tests (want_ok), 1440 byte packets...
run IPv6 ping tests (want_ok), 3000 byte packets...
FAIL: IPv6 ping test (3000 bytes) failed, but should succeed.

ping tests done.

stopping OpenVPN

save post-openvpn ifconfig + route...
compare pre- and post-openvpn ifconfig + route... OK.

test run 2c: 2 test failures. FAIL.

### test run 2f: 'UDP / p2pm / top net30 / pull-filter -> ipv6-only' ###

save pre-openvpn ifconfig + route

run pre-openvpn ping tests - targets must not be reachable...
run IPv6 ping tests (want_fail), 64 byte packets...
OK.

 run openvpn --client --ca /home/gert/t_client_keys/ca.crt 	--cert /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.crt --key /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.key 	--remote-cert-tls server --nobind --verb 3         --tls-cert-profile insecure --providers legacy default --setenv UV_NOCOMP 1 --push-peer-info --dev tun --proto udp --remote conn-test-server.openvpn.org --port 51194 --pull-filter accept ifconfig- --pull-filter ignore ifconfig --writepid ../tests/t_client-ubuntu2004-20250505-095615/openvpn-2f.pid 
  OpenVPN running with PID 58304
save ifconfig+route
skip ifconfig+route check
run IPv6 ping tests (want_ok), 64 byte packets...
run IPv6 ping tests (want_ok), 1440 byte packets...
run IPv6 ping tests (want_ok), 3000 byte packets...
FAIL: IPv6 ping test (3000 bytes) failed, but should succeed.

### test run 11: 'udp / p2p / TLS / SHA1-SHA256 (NCP)' ###

save pre-openvpn ifconfig + route

run pre-openvpn ping tests - targets must not be reachable...
run IPv4 ping tests (want_fail), 64 byte packets...
run IPv6 ping tests (want_fail), 64 byte packets...
OK.

 run openvpn --tls-client --cert /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.crt --key /home/gert/t_client_keys/cron2-ubuntu-2004-amd64.key               --ca /home/gert/t_client_keys/ca.crt --remote-cert-tls server --nobind --verb 3               --dev tun --proto udp --remote gentoo.ov.greenie.net --port 51201
              --topology subnet --ifconfig 10.204.11.4 255.255.255.0               --ifconfig-ipv6 fd00:abcd:204:11::1004/64 fd00:abcd:204:11::1               --route 10.204.0.0 255.255.0.0 10.204.11.1               --route-ipv6 fd00:abcd:204::/48 --writepid ../tests/t_client-ubuntu2004-20250505-095615/openvpn-11.pid 
  OpenVPN running with PID 59049
save ifconfig+route
compare pre-openvpn ifconfig+route with current values... OK!

run IPv4 ping tests (want_ok), 64 byte packets...
run IPv4 ping tests (want_ok), 1440 byte packets...
run IPv4 ping tests (want_ok), 3000 byte packets...
FAIL: IPv4 ping test (3000 bytes) failed, but should succeed.

run IPv6 ping tests (want_ok), 64 byte packets...
run IPv6 ping tests (want_ok), 1440 byte packets...
run IPv6 ping tests (want_ok), 3000 byte packets...
FAIL: IPv6 ping test (3000 bytes) failed, but should succeed.

ping tests done.

stopping OpenVPN

so 2b+2c are explicit --proto udp6, while 2f and 11 are --proto udp to a dual-stacked hosts - I assume that it connected over v6 (but that should be easy to see in the logs).

The succeeding UDP tests are either "force udp4" or "test something that is incompatible with DCO" (2a has --data-ciphers BF-CBC, for example).

Note that all tests succeed if building with ./configure --disable-dco or adding an explicit --disable-dco to the test stanza in t_client.rc

The text was updated successfully, but these errors were encountered:

cron2 · 2025-05-05T08:31:55Z

maybe I should be a bit more verbose here, and not assume so much :-)

The expected behaviour is that userland generates one or more full 1500 byte packes sent into the "tun" interface. After openvpn encapsulation, these are too big to be sent over the "outside" 1500 byte LAN interfaces, so the "UDP 1194" packet (or 51194 here) needs to be fragmented.

IPv6 packets are not permitted to be fragmented by a router, but even if the linux system overall behaves like a router, the encapsulated packets are "locally generated", and the "no fragments" only applies to "IPv6 packets generated by other people".

The interesting bit here is that 1400 byte works - these are also too big to send unfragmented, but the inside packet is not fragmented. So we have 3 cases here

64 byte -> 1 inside packet, 1 outside packet
1400 byte -> 1 inside packet, no fragments on the tun0 interface, 2 outside packets
3000 byte -> 2 inside packets (or 3?), fragment bits set on the tun0 packets, multiple outside packets

ovpn-dco-v2 handles this just fine, but it took us a bit to get it right for UDPv4 and UDPv6 - some flags need to be passed correctly onwards for the next layer to understand "this packet is allowed to be fragmented". If I remember correctly, the problem we had was "if an already-fragmented packet comes in, some flag is copied over that instructed the next layer to not fragment again" - breaking 3000 byte, while 1400 works.

Userland also handles this fine - OpenVPN stuffs an (oversized) UDP payload into the UDP socket, and the kernel will create the necessary number of outside fragments.

cron2 · 2025-05-05T08:46:09Z

Here's packet traces "inside" and "outside" - for easier mental mapping, only "IPv4 inside, IPv6 outside" are used :-)

64 byte

10:34:04.932907 IP 10.194.2.186 > 10.194.0.1: ICMP echo request, id 9, seq 1, length 72
10:34:05.058870 IP 10.194.0.1 > 10.194.2.186: ICMP echo reply, id 9, seq 1, length 72

10:34:04.932951 IP6 2001:608:1:995a:250:56ff:febb:2084.57689 > 2607:fc50:1001:5200::4.51194: UDP, length 116
10:34:05.058779 IP6 2607:fc50:1001:5200::4.51194 > 2001:608:1:995a:250:56ff:febb:2084.57689: UDP, length 116

1400 byte ("ping -s 1420" actually, as I think fping and ping calculate differently, but however - the "inside no fragments, outside fragments, ping works" part is clear)

10:36:07.609090 IP 10.194.2.186 > 10.194.0.1: ICMP echo request, id 12, seq 1, length 1428
10:36:07.733780 IP 10.194.0.1 > 10.194.2.186: ICMP echo reply, id 12, seq 1, length 1428

10:36:07.609154 IP6 2001:608:1:995a:250:56ff:febb:2084 > 2607:fc50:1001:5200::4: frag (0|1448) 57689 > 51194: UDP, bad length 1472 > 1440
10:36:07.609220 IP6 2001:608:1:995a:250:56ff:febb:2084 > 2607:fc50:1001:5200::4: frag (1448|32)
10:36:07.733638 IP6 2607:fc50:1001:5200::4 > 2001:608:1:995a:250:56ff:febb:2084: frag (0|1448) 51194 > 57689: UDP, bad length 1472 > 1440
10:36:07.733639 IP6 2607:fc50:1001:5200::4 > 2001:608:1:995a:250:56ff:febb:2084: frag (1448|32)

somewhat surprising "ping -s 2000" also still works, with 2 fragments sent inside, and some packets outside. But "-s 3000" then fails

10:39:20.134862 IP 10.194.2.186 > 10.194.0.1: ICMP echo request, id 15, seq 1, length 1480
10:39:20.135012 IP 10.194.2.186 > 10.194.0.1: ip-proto-1
10:39:20.135142 IP 10.194.2.186 > 10.194.0.1: ip-proto-1

10:39:20.134940 IP6 2001:608:1:995a:250:56ff:febb:2084 > 2607:fc50:1001:5200::4: frag (0|1448) 57689 > 51194: UDP, bad length 1524 > 1440
10:39:20.134983 IP6 2001:608:1:995a:250:56ff:febb:2084 > 2607:fc50:1001:5200::4: frag (1448|84)
10:39:20.135157 IP6 2001:608:1:995a:250:56ff:febb:2084.57689 > 2607:fc50:1001:5200::4.51194: UDP, length 92

so 1 "ping" packets translates into 3 "inside" fragments. Then something happens which is not totally clear to me from the timestamps - it seems to be sending the first fat fragment (timestamp 20.134862 -> 20.134940) as 2 outside fragment, and the 3rd inside fragment (timestamp 20.135142 -> 20.135157) as a single packet. The 3rd fragment is small, the 2nd is likely mtu-sized, so fragment-needs-fragment -> drop or something.

Re-running the inside tcpdump with "-v" (so timestamps are off, but packet sizes should be better visible)

tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
10:44:11.220583 IP (tos 0x0, ttl 64, id 25111, offset 0, flags [+], proto ICMP (1), length 1500)
    10.194.2.186 > 10.194.0.1: ICMP echo request, id 16, seq 1, length 1480
10:44:11.220756 IP (tos 0x0, ttl 64, id 25111, offset 1480, flags [+], proto ICMP (1), length 1500)
    10.194.2.186 > 10.194.0.1: ip-proto-1
10:44:11.220876 IP (tos 0x0, ttl 64, id 25111, offset 2960, flags [none], proto ICMP (1), length 68)
    10.194.2.186 > 10.194.0.1: ip-proto-1

so indeed, the 2nd packet, 1500 IPv4 fragment, is lost in encapsulation.

ordex · 2025-05-06T11:44:50Z

we have a commit in the development branch fixing this df98380

There is a potential deadlock if we do report zones in an IO context, detailed in below lockdep report. When one process do a report zones and another process freezes the block device, the report zones side cannot allocate a tag because the freeze is already started. This can thus result in new block group creation to hang forever, blocking the write path. Thankfully, a new block group should be created on empty zones. So, reporting the zones is not necessary and we can set the write pointer = 0 and load the zone capacity from the block layer using bdev_zone_capacity() helper. ====================================================== WARNING: possible circular locking dependency detected 6.14.0-rc1 torvalds#252 Not tainted ------------------------------------------------------ modprobe/1110 is trying to acquire lock: ffff888100ac83e0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: __flush_work+0x38f/0xb60 but task is already holding lock: ffff8881205b6f20 (&q->q_usage_counter(queue)#16){++++}-{0:0}, at: sd_remove+0x85/0x130 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&q->q_usage_counter(queue)#16){++++}-{0:0}: blk_queue_enter+0x3d9/0x500 blk_mq_alloc_request+0x47d/0x8e0 scsi_execute_cmd+0x14f/0xb80 sd_zbc_do_report_zones+0x1c1/0x470 sd_zbc_report_zones+0x362/0xd60 blkdev_report_zones+0x1b1/0x2e0 btrfs_get_dev_zones+0x215/0x7e0 [btrfs] btrfs_load_block_group_zone_info+0x6d2/0x2c10 [btrfs] btrfs_make_block_group+0x36b/0x870 [btrfs] btrfs_create_chunk+0x147d/0x2320 [btrfs] btrfs_chunk_alloc+0x2ce/0xcf0 [btrfs] start_transaction+0xce6/0x1620 [btrfs] btrfs_uuid_scan_kthread+0x4ee/0x5b0 [btrfs] kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #2 (&fs_info->dev_replace.rwsem){++++}-{4:4}: down_read+0x9b/0x470 btrfs_map_block+0x2ce/0x2ce0 [btrfs] btrfs_submit_chunk+0x2d4/0x16c0 [btrfs] btrfs_submit_bbio+0x16/0x30 [btrfs] btree_write_cache_pages+0xb5a/0xf90 [btrfs] do_writepages+0x17f/0x7b0 __writeback_single_inode+0x114/0xb00 writeback_sb_inodes+0x52b/0xe00 wb_writeback+0x1a7/0x800 wb_workfn+0x12a/0xbd0 process_one_work+0x85a/0x1460 worker_thread+0x5e2/0xfc0 kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #1 (&fs_info->zoned_meta_io_lock){+.+.}-{4:4}: __mutex_lock+0x1aa/0x1360 btree_write_cache_pages+0x252/0xf90 [btrfs] do_writepages+0x17f/0x7b0 __writeback_single_inode+0x114/0xb00 writeback_sb_inodes+0x52b/0xe00 wb_writeback+0x1a7/0x800 wb_workfn+0x12a/0xbd0 process_one_work+0x85a/0x1460 worker_thread+0x5e2/0xfc0 kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}: __lock_acquire+0x2f52/0x5ea0 lock_acquire+0x1b1/0x540 __flush_work+0x3ac/0xb60 wb_shutdown+0x15b/0x1f0 bdi_unregister+0x172/0x5b0 del_gendisk+0x841/0xa20 sd_remove+0x85/0x130 device_release_driver_internal+0x368/0x520 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 __scsi_remove_device+0x272/0x340 scsi_forget_host+0xf7/0x170 scsi_remove_host+0xd2/0x2a0 sdebug_driver_remove+0x52/0x2f0 [scsi_debug] device_release_driver_internal+0x368/0x520 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 device_unregister+0x13/0xa0 sdebug_do_remove_host+0x1fb/0x290 [scsi_debug] scsi_debug_exit+0x17/0x70 [scsi_debug] __do_sys_delete_module.isra.0+0x321/0x520 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e other info that might help us debug this: Chain exists of: (work_completion)(&(&wb->dwork)->work) --> &fs_info->dev_replace.rwsem --> &q->q_usage_counter(queue)#16 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->q_usage_counter(queue)#16); lock(&fs_info->dev_replace.rwsem); lock(&q->q_usage_counter(queue)#16); lock((work_completion)(&(&wb->dwork)->work)); *** DEADLOCK *** 5 locks held by modprobe/1110: #0: ffff88811f7bc108 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0x8f/0x520 #1: ffff8881022ee0e0 (&shost->scan_mutex){+.+.}-{4:4}, at: scsi_remove_host+0x20/0x2a0 #2: ffff88811b4c4378 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0x8f/0x520 #3: ffff8881205b6f20 (&q->q_usage_counter(queue)#16){++++}-{0:0}, at: sd_remove+0x85/0x130 #4: ffffffffa3284360 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xda/0xb60 stack backtrace: CPU: 0 UID: 0 PID: 1110 Comm: modprobe Not tainted 6.14.0-rc1 torvalds#252 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x6a/0x90 print_circular_bug.cold+0x1e0/0x274 check_noncircular+0x306/0x3f0 ? __pfx_check_noncircular+0x10/0x10 ? mark_lock+0xf5/0x1650 ? __pfx_check_irq_usage+0x10/0x10 ? lockdep_lock+0xca/0x1c0 ? __pfx_lockdep_lock+0x10/0x10 __lock_acquire+0x2f52/0x5ea0 ? __pfx___lock_acquire+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 lock_acquire+0x1b1/0x540 ? __flush_work+0x38f/0xb60 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? __flush_work+0x38f/0xb60 __flush_work+0x3ac/0xb60 ? __flush_work+0x38f/0xb60 ? __pfx_mark_lock+0x10/0x10 ? __pfx___flush_work+0x10/0x10 ? __pfx_wq_barrier_func+0x10/0x10 ? __pfx___might_resched+0x10/0x10 ? mark_held_locks+0x94/0xe0 wb_shutdown+0x15b/0x1f0 bdi_unregister+0x172/0x5b0 ? __pfx_bdi_unregister+0x10/0x10 ? up_write+0x1ba/0x510 del_gendisk+0x841/0xa20 ? __pfx_del_gendisk+0x10/0x10 ? _raw_spin_unlock_irqrestore+0x35/0x60 ? __pm_runtime_resume+0x79/0x110 sd_remove+0x85/0x130 device_release_driver_internal+0x368/0x520 ? kobject_put+0x5d/0x4a0 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 ? __pfx_device_del+0x10/0x10 __scsi_remove_device+0x272/0x340 scsi_forget_host+0xf7/0x170 scsi_remove_host+0xd2/0x2a0 sdebug_driver_remove+0x52/0x2f0 [scsi_debug] ? kernfs_remove_by_name_ns+0xc0/0xf0 device_release_driver_internal+0x368/0x520 ? kobject_put+0x5d/0x4a0 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 ? __pfx_device_del+0x10/0x10 ? __pfx___mutex_unlock_slowpath+0x10/0x10 device_unregister+0x13/0xa0 sdebug_do_remove_host+0x1fb/0x290 [scsi_debug] scsi_debug_exit+0x17/0x70 [scsi_debug] __do_sys_delete_module.isra.0+0x321/0x520 ? __pfx___do_sys_delete_module.isra.0+0x10/0x10 ? __pfx_slab_free_after_rcu_debug+0x10/0x10 ? kasan_save_stack+0x2c/0x50 ? kasan_record_aux_stack+0xa3/0xb0 ? __call_rcu_common.constprop.0+0xc4/0xfb0 ? kmem_cache_free+0x3a0/0x590 ? __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x180 ? lock_is_held_type+0xd5/0x130 ? __call_rcu_common.constprop.0+0x3c0/0xfb0 ? lockdep_hardirqs_on+0x78/0x100 ? __call_rcu_common.constprop.0+0x3c0/0xfb0 ? __pfx___call_rcu_common.constprop.0+0x10/0x10 ? kmem_cache_free+0x3a0/0x590 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? __pfx___x64_sys_openat+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f436712b68b RSP: 002b:00007ffe9f1a8658 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 RAX: ffffffffffffffda RBX: 00005559b367fd80 RCX: 00007f436712b68b RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005559b367fde8 RBP: 00007ffe9f1a8680 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f43671a5fe0 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ffe9f1a86b0 R14: 0000000000000000 R15: 0000000000000000 </TASK> Reported-by: Shin'ichiro Kawasaki <[email protected]> CC: <[email protected]> # 6.13+ Tested-by: Shin'ichiro Kawasaki <[email protected]> Reviewed-by: Damien Le Moal <[email protected]> Reviewed-by: Johannes Thumshirn <[email protected]> Signed-off-by: Naohiro Aota <[email protected]> Signed-off-by: David Sterba <[email protected]>

Commit 03df156 ("xdp: double protect netdev->xdp_flags with netdev->lock") introduces the netdev lock to xdp_set_features_flag(). The change includes a _locked version of the method, as it is possible for a driver to have already acquired the netdev lock before calling this helper. However, the same applies to xdp_features_(set|clear)_redirect_flags(), which ends up calling the unlocked version of xdp_set_features_flags() leading to deadlocks in GVE, which grabs the netdev lock as part of its suspend, reset, and shutdown processes: [ 833.265543] WARNING: possible recursive locking detected [ 833.270949] 6.15.0-rc1 #6 Tainted: G E [ 833.276271] -------------------------------------------- [ 833.281681] systemd-shutdow/1 is trying to acquire lock: [ 833.287090] ffff949d2b148c68 (&dev->lock){+.+.}-{4:4}, at: xdp_set_features_flag+0x29/0x90 [ 833.295470] [ 833.295470] but task is already holding lock: [ 833.301400] ffff949d2b148c68 (&dev->lock){+.+.}-{4:4}, at: gve_shutdown+0x44/0x90 [gve] [ 833.309508] [ 833.309508] other info that might help us debug this: [ 833.316130] Possible unsafe locking scenario: [ 833.316130] [ 833.322142] CPU0 [ 833.324681] ---- [ 833.327220] lock(&dev->lock); [ 833.330455] lock(&dev->lock); [ 833.333689] [ 833.333689] *** DEADLOCK *** [ 833.333689] [ 833.339701] May be due to missing lock nesting notation [ 833.339701] [ 833.346582] 5 locks held by systemd-shutdow/1: [ 833.351205] #0: ffffffffa9c89130 (system_transition_mutex){+.+.}-{4:4}, at: __se_sys_reboot+0xe6/0x210 [ 833.360695] #1: ffff93b399e5c1b8 (&dev->mutex){....}-{4:4}, at: device_shutdown+0xb4/0x1f0 [ 833.369144] #2: ffff949d19a471b8 (&dev->mutex){....}-{4:4}, at: device_shutdown+0xc2/0x1f0 [ 833.377603] #3: ffffffffa9eca050 (rtnl_mutex){+.+.}-{4:4}, at: gve_shutdown+0x33/0x90 [gve] [ 833.386138] #4: ffff949d2b148c68 (&dev->lock){+.+.}-{4:4}, at: gve_shutdown+0x44/0x90 [gve] Introduce xdp_features_(set|clear)_redirect_target_locked() versions which assume that the netdev lock has already been acquired before setting the XDP feature flag and update GVE to use the locked version. Fixes: 03df156 ("xdp: double protect netdev->xdp_flags with netdev->lock") Tested-by: Mina Almasry <[email protected]> Reviewed-by: Willem de Bruijn <[email protected]> Reviewed-by: Harshitha Ramamurthy <[email protected]> Signed-off-by: Joshua Washington <[email protected]> Acked-by: Stanislav Fomichev <[email protected]> Acked-by: Martin KaFai Lau <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>

cron2 · 2025-05-06T17:00:54Z

I have tested the change from this commit can can confirm that it makes my "ping -s 3000 over udp/ipv6 with dco" test cases work.

Test sets succeeded: 1 1a 1b 1c 1d 1e 1z 2 2a 2b 2b2 2c 2d 2e 2f 2l 2y 2z 3 3a 3z 4 4a 4b 5 6 8 9 11 23 23a 23s 24 24a.

(I do have questions on the patch itself, but have posted those as a comment to the commit)

ordex · 2025-05-06T20:54:04Z

new commit: df98380 (functionally the same)

ordex · 2025-05-06T20:58:43Z

I have also extended the kernel selftests in order to run with tun MTU == transport MTU.

IPv6 user packets (sent over the tunnel) may be larger than the outgoing interface MTU after encapsulation. When this happens ovpn should allow the kernel to fragment them because they are "locally generated". To achieve the above, we must set skb->ignore_df = 1 so that ip6_fragment() can be made aware of this decision. Failing to do so will result in ip6_fragment() dropping the packet thinking it was "routed". No change is required in the IPv4 path, because when calling udp_tunnel_xmit_skb() we already pass the 'df' argument set to 0, therefore the resulting datagram is allowed to be fragmented if need be. Fixes: 08857b5 ("ovpn: implement basic TX path (UDP)") Reported-by: Gert Doering <[email protected]> Closes: #3 Tested-by: Gert Doering <[email protected]> Acked-by: Gert Doering <[email protected]> # as primary user Link: https://mail-archive.com/[email protected]/msg31577.html Signed-off-by: Antonio Quartulli <[email protected]>

IPv6 user packets (sent over the tunnel) may be larger than the outgoing interface MTU after encapsulation. When this happens ovpn should allow the kernel to fragment them because they are "locally generated". To achieve the above, we must set skb->ignore_df = 1 so that ip6_fragment() can be made aware of this decision. Failing to do so will result in ip6_fragment() dropping the packet thinking it was "routed". No change is required in the IPv4 path, because when calling udp_tunnel_xmit_skb() we already pass the 'df' argument set to 0, therefore the resulting datagram is allowed to be fragmented if need be. Fixes: 08857b5 ("ovpn: implement basic TX path (UDP)") Reported-by: Gert Doering <[email protected]> Closes: OpenVPN#3 Tested-by: Gert Doering <[email protected]> Acked-by: Gert Doering <[email protected]> # as primary user Link: https://mail-archive.com/[email protected]/msg31577.html Signed-off-by: Antonio Quartulli <[email protected]>

IPv6 user packets (sent over the tunnel) may be larger than the outgoing interface MTU after encapsulation. When this happens ovpn should allow the kernel to fragment them because they are "locally generated". To achieve the above, we must set skb->ignore_df = 1 so that ip6_fragment() can be made aware of this decision. Failing to do so will result in ip6_fragment() dropping the packet thinking it was "routed". No change is required in the IPv4 path, because when calling udp_tunnel_xmit_skb() we already pass the 'df' argument set to 0, therefore the resulting datagram is allowed to be fragmented if need be. Fixes: 08857b5 ("ovpn: implement basic TX path (UDP)") Reported-by: Gert Doering <[email protected]> Closes: OpenVPN#3 Tested-by: Gert Doering <[email protected]> Acked-by: Gert Doering <[email protected]> # as primary user Link: https://mail-archive.com/[email protected]/msg31577.html Signed-off-by: Antonio Quartulli <[email protected]> Signed-off-by: NipaLocal <nipa@local>

…ux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for 6.15, round #3 - Avoid use of uninitialized memcache pointer in user_mem_abort() - Always set HCR_EL2.xMO bits when running in VHE, allowing interrupts to be taken while TGE=0 and fixing an ugly bug on AmpereOne that occurs when taking an interrupt while clearing the xMO bits (AC03_CPU_36) - Prevent VMMs from hiding support for AArch64 at any EL virtualized by KVM - Save/restore the host value for HCRX_EL2 instead of restoring an incorrect fixed value - Make host_stage2_set_owner_locked() check that the entire requested range is memory rather than just the first page

ordex transferred this issue from OpenVPN/ovpn-backports May 5, 2025

ordex changed the title ~~fragment handling broken on 20250505 + ubuntu 20.04~~ fragment handling broken May 5, 2025

ordex self-assigned this May 6, 2025

ordex closed this as completed in 4e51141 May 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fragment handling broken #3

fragment handling broken #3

cron2 commented May 5, 2025 •

edited by ordex

Loading

cron2 commented May 5, 2025

Uh oh!

cron2 commented May 5, 2025

Uh oh!

ordex commented May 6, 2025 •

edited

Loading

Uh oh!

cron2 commented May 6, 2025

Uh oh!

ordex commented May 6, 2025

Uh oh!

ordex commented May 6, 2025

Uh oh!

fragment handling broken #3

fragment handling broken #3

Comments

cron2 commented May 5, 2025 • edited by ordex Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

cron2 commented May 5, 2025

Uh oh!

cron2 commented May 5, 2025

Uh oh!

ordex commented May 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cron2 commented May 6, 2025

Uh oh!

ordex commented May 6, 2025

Uh oh!

ordex commented May 6, 2025

Uh oh!

cron2 commented May 5, 2025 •

edited by ordex

Loading

ordex commented May 6, 2025 •

edited

Loading