[ovs-dev] [PATCH] datapath: compat: fix kernel module reference count.

Guru Shetty guru at ovn.org
Fri Nov 10 15:59:54 UTC 2017 

On 10 November 2017 at 07:54, Eric Garver <e at erig.me> wrote:

> On Fri, Nov 10, 2017 at 05:36:25AM -0800, William Tu wrote:
> > Before we introduce dpif-netlink-rtnl, creating a tunnel device
> > depends on openvswitch/vport kernel module calling kernel's tunnel API.
> > Example call sequence:
> >  1) ovs_vport_add (openvswitch.ko)
> >  2) geneve_create (vport_geneve.ko)
> >  3) geneve_tnl_create (vport_geneve.ko)
> >  4) geneve_dev_create_fb (geneve.ko)
> > As a result, module dependency/refcnt is created: module openvswitch.ko
> > references vport_geneve.ko and vport_geneve.ko depends on geneve.ko.
> >
> > After the dpif-netlink-rtnl, a tunnel device can be created by using
> > rtnetlink, so the creation of fb device comes from the ovs-vswitchd
> > instead of going through OVS kernel modules.  This breaks the module
> > dependency between 1) and 2).  As a result, when ovs-vswitchd is running,
> > the 'lsmod' shows:
> >   geneve                 27326  1 vport_geneve
> >   vport_geneve           12560  0
> >   openvswitch           172469  1 vport_geneve
>
> Which is correct. vport_geneve is not using geneve. If anything is using
> geneve, it's vport_netdev. But it already provides the proper linkage
> via netdev_master_upper_dev_link().
>
> > Problems can be cerated by doing  `rmmod vport_geneve` then
> > `rmmod geneve`, when ovs-vswitchd expects geneve module should already
> > be loaded.
>
> Seems like this is not something that can happen by accident, but
> requires the user to do something they shouldn't.
>

This was observed in a real world case.
1. Take a RHEL7.3 host
1. Upgrade OVS RHEL packages from 2.7 to 2.8 (including kernel module
package).
2. Upgrade RHEL7.3 to RHEL7.4

When iptables gets upgraded in step 3, it calls:
/usr/libexec/iptables/ip6tables.init stop

That script tries to remove all kernel modules that are dependent on
conntrack. So it tries to remove openvswitch and vport-geneve. openvswitch
does not get removed as it has a reference count. But a 'modprobe -r
vport-geneve' will remove "geneve", which in turn deletes the geneve device
leaving the tunnels down.



> >
> > The patch introduces 1) load the upstream geneve.ko at init time
> > from openvswitch.ko and 2) grap the reference count of geneve.
> > This adds the dependency: openvswitch.ko needs geneve.ko, so that
> > geneve won't be unloaded accidentally.  As a result, `lsmod` shows
> >   geneve                 20254  2 vport_geneve
> >   vport_geneve            1744  0
> >   openvswitch           159846  1 vport_geneve
> >
> > Note that when choosing to use upstream tunnel, we don't actually need
> > vport_geneve, so the patch increment refcnt of geneve instead of
> > vport_geneve.
>
> I don't think inserting an artificial dependency is the right answer.
> Although I'm not sure what problem you're trying to solve. Can you help
> me understand the issue here?
>
> This patch also only address GENEVE, what about VXLAN and GRE?
>
> >
> > Fixes: b6d6830d29e4 ("dpif-netlink-rtnl: Support GENEVE creation")
> > Signed-off-by: William Tu <u9012063 at gmail.com>
> > Cc: Eric Garver <e at erig.me>
> > ---
> [...]
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>

More information about the dev mailing list