Ubuntu
linux-azure package

Enable eBPF JIT in the linux-azure kernels

Bug #1827916 reported by Joseph Salisbury
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Marcelo Cerri
Cosmic
Fix Released
Undecided
Marcelo Cerri
Disco
Fix Released
Undecided
Marcelo Cerri

Bug Description

eBPF is available as of kernel version 4.15, which is used on AKS nodes.
Enabling JIT eBPF (built-in kernel feature) will speed-up execution of eBPF aware tools.
eBPF JIT is controlled by the file /proc/sys/net/core/bpf_jit_enable.
More details for eBPF JIT - https://www.kernel.org/doc/Documentation/sysctl/net.txt

The file /proc/sys/net/core/bpf_jit_enable is not present on AKS nodes.

Also, to support eBPF in AKS, we are requesting to switch the mlx* and ib* drivers to loadable modules instead of static.

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

This request is for the 16.04 and 18.04 kernels.

Revision history for this message
Marcelo Cerri (mhcerri) wrote :

What version is being used on AKS nodes?

I checked both the 4.15 and 4.18 azure kernels and they have that sysfs file available:

user@x:~$ uname -r
4.15.0-1046-azure
user@x:~$ cat /proc/sys/net/core/bpf_jit_enable
1

user@b:~$ uname -r
4.18.0-1019-azure
user@b:~$ cat /proc/sys/net/core/bpf_jit_enable
1

Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Xenial):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Cosmic):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Disco):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Xenial):
status: New → In Progress
Changed in linux-azure (Ubuntu Cosmic):
status: New → In Progress
Changed in linux-azure (Ubuntu Disco):
status: New → In Progress
Revision history for this message
Marcelo Cerri (mhcerri) wrote :

Any updates on that?

Besides that eBPF is already enabled, most of the mlx and ib modules are already built as modules, the exceptions are the modules listed on bug #1785822, where it was explicitly requested to built them statically.

Is it possible to compile an exact list of the modules that should be changed? That way we can discuss if those changes conflicts or not with past requests.

Revision history for this message
Marcelo Cerri (mhcerri) wrote :

https://lists.ubuntu.com/archives/kernel-team/2019-June/101209.html
https://lists.ubuntu.com/archives/kernel-team/2019-June/101210.html
https://lists.ubuntu.com/archives/kernel-team/2019-June/101211.html
https://lists.ubuntu.com/archives/kernel-team/2019-June/101212.html

Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux-azure (Ubuntu Cosmic):
status: In Progress → Fix Committed
Revision history for this message
Marcelo Cerri (mhcerri) wrote :

@Josh, @Joseph,

I used this bug to apply the mlx* and ib* changes to the linux-azure kernels. If AKS really needs another config change for eBPF, please open a new bug.

Thank you.

Changed in linux-azure (Ubuntu Disco):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.15.0-1049.54

---------------
linux-azure (4.15.0-1049.54) xenial; urgency=medium

  * linux-azure: 4.15.0-1049.54 -proposed tracker (LP: #1834091)

  * Upstream Commits Needed for DPDK on Azure (LP: #1812123)
    - uio: document uio_hv_generic regions
    - uio_hv_generic: create send and receive buffers
    - uio_hv_generic: add rescind support
    - uio_hv_generic: support sub-channels
    - uio_hv_generic: fix subchannel ring mmap
    - uio_hv_generic: use standard mmap for resources
    - vmbus: keep pointer to ring buffer page
    - uio: introduce UIO_MEM_IOVA
    - hv_uio_generic: map ringbuffer phys addr
    - uio_hv_generic: use ISR callback method
    - uio_hv_generic: use correct channel in isr
    - uio_hv_generic: make ring buffer attribute for primary channel
    - uio_hv_generic: defer opening vmbus until first use
    - uio_hv_generic: set callbacks on open
    - vmbus: pass channel to hv_process_channel_removal
    - vmbus: split ring buffer allocation from open
    - vmbus: fix subchannel removal

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes

  * [linux-azure] Commits Requested in 16.04 for the Azure Kernel (LP: #1830242)
    - blk-mq: remove the request_list usage
    - nvme-pci: remove cq check after submission
    - nvme-pci: split the nvme queue lock into submission and completion locks

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 4.15.0-54.58 ]

  * linux: 4.15.0-54.58 -proposed tracker (LP: #1833987)
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Marcelo Henrique Cerri <email address hidden> Mon, 24 Jun 2019 17:44:20 -0300

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.0.0-1010.10

---------------
linux-azure (5.0.0-1010.10) disco; urgency=medium

  * linux-azure: 5.0.0-1010.10 -proposed tracker (LP: #1833924)

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * linux-azure: Add the Catapult FPGA Driver (LP: #1824879)
    - SAUCE: linux-azure: Include Catapult FPGA PCI driver
    - [Config] linux-azure: CONFIG_CATAPULT_PCI=m

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 5.0.0-20.21 ]

  * linux: 5.0.0-20.21 -proposed tracker (LP: #1833934)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  [ Ubuntu: 5.0.0-19.20 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Marcelo Henrique Cerri <email address hidden> Tue, 25 Jun 2019 10:36:47 -0300

Changed in linux-azure (Ubuntu Disco):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.18.0-1023.24

---------------
linux-azure (4.18.0-1023.24) cosmic; urgency=medium

  * linux-azure: 4.18.0-1023.24 -proposed tracker (LP: #1833946)

  * [linux-azure] XDP generic fixes (LP: #1831254)
    - netvsc: unshare skb in VF rx handler
    - net: convert rps_needed and rfs_needed to new static
    - net: core: support XDP generic on stacked devices.

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * Azure: Backport vIOMMU driver (increase vCPU limits) (LP: #1826447)
    - PCI: hv: Replace hv_vp_set with hv_vpset
    - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset()
    - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
      available
    - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    - [Config] linux-azure: CONFIG_HYPERV_IOMMU=y

  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 4.18.0-25.26 ]

  * linux: 4.18.0-25.26 -proposed tracker (LP: #1833952)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  [ Ubuntu: 4.18.0-24.25 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Stefan Bader <email address hidden> Tue, 25 Jun 2019 12:46:06 +0200

Changed in linux-azure (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.18.0-1023.24~18.04.1

---------------
linux-azure (4.18.0-1023.24~18.04.1) bionic; urgency=medium

  * linux-azure: 4.18.0-1023.24~18.04.1 -proposed tracker (LP: #1833945)

  [ Ubuntu: 4.18.0-1023.24 ]

  * linux-azure: 4.18.0-1023.24 -proposed tracker (LP: #1833946)
  * [linux-azure] XDP generic fixes (LP: #1831254)
    - netvsc: unshare skb in VF rx handler
    - net: convert rps_needed and rfs_needed to new static
    - net: core: support XDP generic on stacked devices.
  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m
  * Azure: Backport vIOMMU driver (increase vCPU limits) (LP: #1826447)
    - PCI: hv: Replace hv_vp_set with hv_vpset
    - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset()
    - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
      available
    - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    - [Config] linux-azure: CONFIG_HYPERV_IOMMU=y
  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes
  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files
  * linux: 4.18.0-25.26 -proposed tracker (LP: #1833952)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Marcelo Henrique Cerri <email address hidden> Tue, 25 Jun 2019 11:42:46 -0300

Changed in linux-azure (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.