Skip to content

v1.16 Backports 2024-10-30 #35654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Oct 31, 2024
Merged

v1.16 Backports 2024-10-30 #35654

merged 17 commits into from
Oct 31, 2024

Conversation

gandro
Copy link
Member

@gandro gandro commented Oct 30, 2024
edited
Loading

Once this PR is merged, a GitHub action will update the labels of these PRs:

 35614

gandro added 10 commits October 30, 2024 16:08
@gandro
netlink: Add wrapper for functions that fail with ErrDumpInterrupted
98f1d53 
[ upstream commit 5d1951b ]

According to the kernel docs[^1], the kernel can return incomplete
results for netlink state dumps if the state changes while we are
dumping it. The result is then marked by `NLM_F_DUMP_INTR`. The
`vishvananda/netlink` library returned `EINTR` since v1.2.1, but more
recent versions have changed it such that it returns
`netlink.ErrDumpInterrupted` instead[^2].

These interruptions seem common in high-churn environments. If the error
occurs, it is in most cases best to just try again.  Therefore, this
commit adds a wrapper for all `netlink` functions marked to return
`ErrDumpInterrupted` that retries the function up to 30 times until it
either succeeds or returns a different error.

While may call sites do have their own high-level retry mechanism (see
e.g. #32099), the logged error message can still cause CI
to fail (e.g. #35259). Long high-level retry intervals can
also become problematic: For example, if the routing setup fails due to
`NLM_F_DUMP_INTR` during an CNI ADD invocation, the retry adds add
several seconds of additional delay to an already overloaded system,
instead of resolving the issue quickly.

A subsequent commit will add an additional linter that nudges developers
to use this new `safenetlink` package for function calls that can be
interrupted. This ensures that we don't have to add retries in all
subsystems individually.

[^1]: https://docs.kernel.org/userspace-api/netlink/intro.html
[^2]: vishvananda/netlink#1018

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
bugtool: Use safenetlink package
ffab68d 
[ upstream commit abbe2b8 ]

See commit `netlink: Add wrapper for functions that fail with
`ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
cilium-dbg: Use safenetlink package
c077dca 
[ upstream commit 428d2c4 ]

See commit `netlink: Add wrapper for functions that fail with
`ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
daemon: Use safenetlink package
36ff4fa 
[ upstream commit 7facbaf ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
cilium-cni: Use safenetlink package
09f02ca 
[ upstream commit dec70b4 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
cilium-health: Use safenetlink package
05b61b9 
[ upstream commit c271659 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
wireguard: Use safenetlink package
be35162 
[ upstream commit 91659fd ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
pkg/node: Use safenetlink package
f08f5a1 
[ upstream commit acf9e04 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
proxy: Use safenetlink package
d49d844 
[ upstream commit e8c4d45 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
mac: Use safenetlink package
963ae3f 
[ upstream commit ef780e2 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro added kind/backports This PR provides functionality previously merged into master. backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. labels Oct 30, 2024
@gandro gandro marked this pull request as ready for review October 30, 2024 15:25
@gandro gandro requested a review from a team as a code owner October 30, 2024 15:25
michi-covalent
michi-covalent approved these changes Oct 30, 2024
View reviewed changes
Copy link
Contributor

@michi-covalent michi-covalent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🌯

gandro added 7 commits October 30, 2024 16:31
@gandro
mtu: Use safenetlink package
1962098 
[ upstream commit d7668b0 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
datapath: Use safenetlink package
e6f9603 
[ upstream commit 5d38674 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

In addition, this commit also removes some existing retry mechanisms with the
canoncial safenetlink version.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
endpoint: Use safenetlink package
9e6ef55 
[ upstream commit caf6088 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
ipam: Use safenetlink package
b775067 
[ upstream commit c0c3244 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
multicast: Use safenetlink package
93bcd76 
[ upstream commit 04b6de8 ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
l2responder: Use safenetlink package
2858820 
[ upstream commit f8cb55d ]

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

This commit is a bit different from the previous ones as it uses the
retry helper rather than a wrapper.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
contrib: Add linter to ensure usage of safenetlink
0037c95 
[ upstream commit 3824b6b ]

This adds a new check script to ensure any functions which has a safe
wrapper in the `safenetlink` package uses the safe variant.

See commit `netlink: Add wrapper for functions that fail with
ErrDumpInterrupted` for details.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro force-pushed the pr/v1.16-backport-2024-10-30-04-08 branch from 0fedbd7 to 0037c95 Compare October 30, 2024 15:32
@gandro
Copy link
Member Author

gandro commented Oct 30, 2024

/test-backport-1.16

@gandro gandro added this pull request to the merge queue Oct 31, 2024
Merged via the queue into v1.16 with commit 68a7b74 Oct 31, 2024
278 of 279 checks passed
@gandro gandro deleted the pr/v1.16-backport-2024-10-30-04-08 branch October 31, 2024 10:04
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Oct 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Oct 31, 2024
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michi-covalent michi-covalent michi-covalent approved these changes

Assignees
No one assigned
Labels
backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gandro @michi-covalent