openonload-201210

    43222e9396ac6002481b7a97aca46e6f  openonload-201210.tgz

ChangeLog

@@ -1,4 +1,71 @@
 
+openonload-201210
+-----------------
+
+- Updated sfc net driver to v3_3_0_6222B.
+- task26187: Firewall interface to limit traffic that can bypass kernel stack.
+- task26187: Iptables integration supports subset of iptables rules.
+- task28045: Default onload_stackdump output improved to identify process info.
+- task28045: New onload_stackdump commands: env, processes, affinities
+- task19306: Acceleration of pselect(), ppoll() and epoll_pwait().
+- task31567: Improve epoll_wait() and poll() performance when heavily loaded.
+- task30177: Add physical addressing mode EF_PACKET_BUFFER_MODE=2 or 3.
+- task30177: Add onload module option phys_mode_gid.
+- task8595:  Removed module option unsafe_sriov_without_iommu.
+- task26188: Support packet buffers in huge pages (EF_USE_HUGE_PAGES).
+- task31354: New mode EF_TCP_CLIENT_LOOPBACK=4 to put loopback in new stack
+- task29363: Keep non-blocking free pool replenished in loopback cases.
+- task8595:  Fix frequency with which we call schedule() with EF_UL_EPOLL=2.
+- task30187: Added support for sendmmsg() on accelerated UDP sockets.
+- task8595:  Set IRQ affinity hint for EF_IRQ_CORE with VFs.
+- task8595:  New stackdump stats relating to sock_wakes and unlock_slow.
+
+- bug30208: Return error if zero-copy buffers are used with wrong stack.
+- bug31176: drop lock if returning error from ci_udp_zc_recv_from_os
+- bug30890: Fix bug with EF_UL_EPOLL=2 when sockets are handed over to kernel.
+- bug22388, bug25644: Fix cleanup when fail to insert h/w filter for multicast.
+- bug24199: Fix bug relating to multicast joins on multiple vlan interfaces.
+- bug31262: Fix kernel buffer overrun provoked by "onload_stackdump filters"
+- bug31333: Fix acceleration with SOCK_NONBLOCK or SOCK_CLOEXEC.
+- bug31130: Fix bug on second call to connect() on TCP socket.
+- bug30731, bug31368: Prevent infinite loop due to post-poll-list corruption.
+- bug30731, bug31368: Prevent infinite loop due to loopback-list corruption.
+- bug31449: Fix timeout bug in accept() when spinning.
+- bug31464: Fix bug in onload_zc_recv() when multiple multicast recipients.
+- bug31494: Do not accept net packets for loopback sockets.
+- bug31494: Properly reorder loopback packets when sending.
+- bug31497: Increase default number of stacks EF_UL_EPOLL=2 can handle.
+- bug31497: Add module option epoll2_max_stacks.
+- bug31515: Fix kernel panic with EF_UL_EPOLL=2.
+- bug30825: Don't allow packets to be received from ports that are down.
+- bug31548: Fix case that could leave onload stack persisting after app exit.
+- bug31565: Fix bug in combination of EPOLLPRI and EPOLLET in userlevel epoll.
+- bug31573: Userlevel epoll ignored EPOLLWRNORM and EPOLLWRBAND.
+- bug31574: Determine kernel pkg name without being confused by other pkgs.
+- bug31565: Fix combination of EPOLLWRBAND and EPOLLET in userlevel epoll.
+- bug31600: Fix build for linux kernels >= 3.5.2
+- bug31619: Fix bug in accelerated pipe causing data corruption.
+- bug28514: Fix double-release of packet on out-of-order TCP receive.
+- bug31638: Fix TCP_DEFER_ACCEPT with TCP loopback acceleration.
+- bug29449: Fix bug relating to FIOASYNC signal handling.
+- bug31310: Fix EF_NAME with setuid applications.
+- bug31410: Fix route via a gateway that is a local IP on an accelerated intf.
+- bug30140: Fix blocking read of length zero from pipe: it should not block.
+- bug31785: Enforce EF_RXQ_MIN and EF_MIN_FREE_PACKETS.
+- bug31278: Fix incorrect ACK field in RST-ACK packet.
+- bug25680: Avoid thundering herd problem when apps start with same EF_NAME.
+- bug32011: Enable faststart after idle sender when no timestamp option.
+- bug32011: Reduce default dynamic ACK threshold to 16 by default.
+- bug32028: Fix EPOLLONESHOT bug that could cause epoll_wait to not unblock.
+- bug32166: Further workarounds for IOMMU foibles.
+- bug32168: Do not block in read() with count=0.
+- bug32234: Add diagnostic to warn user about old unsupported iommu.
+- bug32284: Intercept __recv_chk and __recvfrom_chk.
+- bug31889: Fix crash with TCP loopback accept() and out of endpoint buffers.
+- bug31669: Drop TCP loopback connection if the other end is destroyed.
+- bug31974: Fix accept() from kernel on 2.6.18-308.11.1.el5.
+
+
 openonload-201205-u1
 --------------------
 

README

@@ -108,6 +108,6 @@ Any questions?
 
 
 ==========
- version: openonload-201205-u1
-revision: 71cc77f8f44e (ool201205) oo_32031/openonload-201205-u1
-    date: Wed Jul 18 09:48:13 BST 2012
+ version: openonload-201210
+revision: d8bb683137ad (ool1210) openonload-201210
+    date: Tue Oct  9 21:59:20 BST 2012

ReleaseNotes

@@ -1,130 +1,132 @@
 
-OpenOnload 201205-u1 Release Notes
-==================================
+OpenOnload 201210 Release Notes
+===============================
 
- This is an update release of OpenOnload that includes fixes for a number
- of bugs found during testing.  Please see the ChangeLog for the full list
- of changes.
+ This is a beta release that adds new features to OpenOnload.  We would be
+ very grateful if you could test this release and report any issues you
+ find to support@solarflare.com.
 
- There are no major new features in this release, so the notes below detail
- features added in the openonload-201205 release.
+ Below is a brief summary of the major new features and limitations that we
+ are aware of.  See the ChangeLog for further details and bugs fixed.
 
 
 ----------------------------------------
-TCP loopback acceleration
--------------------------
+New features
+------------
+
+- Use huge pages for Onload packet buffers (EF_USE_HUGE_PAGES).
+
+- Improvements to onload_stackdump default output and new commands.
 
- This release adds acceleration of TCP loopback connections.  This feature
- is disabled by default; To enable loopback acceleration, set the following
- environment variables:
+- Performance improvements in epoll_wait() and poll().
 
-   export EF_TCP_SERVER_LOOPBACK=2
-   export EF_TCP_CLIENT_LOOPBACK=2
+- Physical addressing mode (EF_PACKET_BUFFER_MODE=2 or 3).
 
- The sockets at both ends of an accelerated TCP loopback connection have to
- reside in the same Onload stack.  In the configuration given above, they
- will both reside in the stack of the connecting socket.  It is also
- possible to have the connecting socket moved into the stack of the
- listening socket, by setting EF_TCP_CLIENT_LOOPBACK=3.
+- Option to put TCP loopback connections in a separate stack.
 
- See the documentation for details of other options.
+- sendmmsg() support for accelerated UDP sockets, whether or not GLIBC
+  and/or the kernel support this call.
 
- NOTE: If spinning is enabled, then loopback acceleration may cause threads
- to spin that didn't in previous releases.
+- Net driver: VLAN insertion and stripping support.
+
+- Firewalling including Iptables integration (BETA).
 
 
 ----------------------------------------
-New configuration options
--------------------------
+Configuration options
+---------------------
 
- In addition to those mentioned elsewhere, the following configuration
- options have been added.  See the manual for more details:
+ The following new configuration options have been added:
 
- EF_TCP_RST_DELAYED_CONN
- - Set this option to prevent data being delivered late by TCP due to
-   retransmits.  Useful for trading applications where delivering the data
-   late is worse than not delivering it at all.
+ EF_PACKET_BUFFER_MODE
+ - New options 2 and 3 enable physical addressing mode.  Physical
+   addressing mode is insecure in that the user-level application can
+   provoke the network adapter to read and write arbitrary addresses in
+   memory.  See also phys_mode_gid below.
 
- EF_DYNAMIC_ACK_THRESH
- - This option reduces the ACK rate when streaming TCP data, which
-   increases throughput and reduces CPU utilisation.  This option is
-   enabled by default; set to 0 to get the old behaviour.
+  EF_TCP_CLIENT_LOOPBACK=4
+  - New option 4 causes TCP loopback connections to be placed in a separate
+    Onload stack.  This can improve performance by reducing contention
+    between resources.
 
+  EF_USE_HUGE_PAGES
+  - Enable use of huge pages for packet buffers.
 
-----------------------------------------
-Control plane table sizes
--------------------------
+  EF_VALIDATE_ENV
+  - Warn about any obsolete or misspelled options in the environment.
 
- We've added the following new module parameters to the 'onload' kernel
- module.
 
-   max_layer2_interfaces
-   - Sets the maximum number of network interfaces (including physical
-     interfaces, vlan interfaces and bonds) supported in Onload's control
-     plane.  The default is 50.
+----------------------------------------
+Module options
+--------------
 
-   max_routes
-   - Sets the maximum number of entries in Onload's route table.  The
-     default is 256.
+ The following module options have been added:
 
-   max_neighs
-   - Sets the maximum number of entries in Onload's ARP/neighbour table.
-     This is rounded up internally to a power of two.  The default is 1024.
+ epoll2_max_stacks (onload module)
+ - Controls the maximum number of stacks that an epoll fd can handle when
+   EF_UL_EPOLL=2.
 
+ phys_mode_gid (onload module)
+ - Set this option to enable physical addressing mode and restrict which
+   users can use it.
 
-----------------------------------------
-ef_vi Improvements
-------------------
+ shared_buffer_table (sfc_resource module)
+ - This module option needs to be set to enable legacy ef_vi applications
+   that use the ef_iobufset API.  For example, setting
+   shared_buffer_table=10000 makes 10000 buffer table entries available for
+   use with ef_iobufset.
 
- ef_vi has been extended with two new types:
 
- - ef_pd: A protection domain essentially defines an address space.
+ The following module options have been removed:
 
- - ef_memreg: Allows you to register ordinary program memory for DMA.
+ unsafe_sriov_without_iommu (sfc_resource module)
+ - Obsoleted by the new physical addressing modes and phys_mode_gid.
 
- Together these increase flexibility significantly.  Multiple VIs can be
- allocated within a protection domain, and any VI in the domain can access
- any memory registered in the domain.
+ buffer_table_min (sfc_resource module)
+ buffer_table_max
+ - These options existed because previous versions of the sfc_resource
+   driver required uniform resources across all network adapters.  That
+   caused problems when different types of adapter were placed together in
+   one host.  That limitation is no longer present, so these module options
+   are not needed.
 
- We've also added an option (EF_PD_VF) to allocate VIs within SR-IOV VFs.
- The advantages of this are reduced latency and no limit on the amount of
- memory that can be registered.
 
- Another option (EF_PD_PHYS_MODE) allows a VI to use physical addresses
- rather than protected I/O addresses.  This option is only available to
- processes running as root, as it allows the application to cause the
- adapter to read and write arbitrary addresses in memory.
+----------------------------------------
+Iptables and firewalling
+------------------------
 
- The interface between the ef_vi user-space library and the driver is
- backwards compatible with the following earlier releases:
+ This release adds a BETA of support for iptables integration.  This
+ feature allows the administrator to place limits on which flows are
+ permitted to bypass the kernel stack.  Flows that are not permitted to
+ bypass the kernel stack are therefore subject to iptables rules (if
+ enabled) in the normal way.
 
-   openonload-201109-u2
-   enterpriseonload-2.0.0.x
+ This feature does not perform iptables rules checking on the adapter
+ itself.
 
- ef_vi applications built against those releases will continue to work with
- the drivers in this release.
+ The onload_iptables script provides a way to configure the Onload firewall
+ automatically so that a subset of iptables rules will be respected when
+ using Onload.  The script should tell you about any iptables rules that
+ are incompatible with Onload acceleration.
 
 
 ----------------------------------------
-Scalable packet buffer mode
----------------------------
+ef_iobufset is deprecated
+-------------------------
 
- Support for SR-IOV is disabled on 32-bit kernels.  This means the
- following features are not available on 32-bit kernels:
+ The ef_iobufset interface in ef_vi is deprecated and will be removed in a
+ future release.  We recommend you migrate ef_vi applications to the
+ ef_memreg interface instead.
 
- - Scalable packet buffer mode (EF_PACKET_BUFFER_MODE=1)
- - ef_vi with VFs
 
+----------------------------------------
+Known bugs
+----------
 
- On some recent kernel versions, configuring the adapter to have a large
- number of VFs (via sfboot) can cause kernel panics.  This problem affects
- kernel versions in the range 3.0 to 3.3 inclusive, and is due to netlink
- messages that include information about network interfaces growing too
- large.
+ - bug31498: sendmmsg() returns error code incorrectly.
 
- This problem can be avoided by ensuring that the total number of physical
- network interfaces, including VFs, is no more than 30.
+ - bug31280: Build failure with gcc 4.7.1 due to string concatenation.
 
 
 David Riddoch
-2012/07/05
+2012/10/09

mk/site/ciul.mk

@@ -16,8 +16,8 @@ LINK_CIUL_LIB		:= $(MMakeGenerateLibLink)
 # releases, because the internals of the data structures are exposed.  That
 # means that almost any non-trivial change to ef_vi should cause the MAJOR
 # version number to be incremented.
-lib_maj := 3
-lib_min := 0
+lib_maj := 1
+lib_min := 1
 lib_mic := 0
 CIUL_REALNAME		:= $(MMakeGenerateDllRealname)
 CIUL_SONAME		:= $(MMakeGenerateDllSoname)

scripts/libc_compat.sh

@@ -31,6 +31,19 @@ find_sym()
     fi
 }
 
+# Check if the socket.h header has the given symbol.
+find_sym_in_socket_h()
+{
+    local sym="$1"
+    local header="$2"
+
+    echo -n "#define CI_LIBC_HAS_$sym " >>$header
+    if grep -q "$sym" /usr/include/bits/socket.h; then
+        echo "1" >>$header
+    else
+        echo "0" >>$header
+    fi
+}
 
 libc_path=$(find_libc)
 header="$1"
@@ -39,10 +52,15 @@ cat >"$header" <<EOF
 /* This header is generated by scripts/libc_compat.sh */
 EOF
 
-for sym in epoll_pwait __read_chk accept4 pipe2; do
+for sym in __read_chk __recv_chk __recvfrom_chk \
+           accept4 pipe2 epoll_pwait ppoll; do
     find_sym "$libc_path" "$sym" "$header"
 done
 
+for sym in sendmmsg; do
+    find_sym_in_socket_h "$sym" "$header"
+done
+
 echo -n "#define CI_HAVE_PCAP " >>$header
 check_library_presence pcap.h pcap >>$header
 

scripts/onload

@@ -93,7 +93,7 @@ sfc_preload_linux() {
 
   if $verbose; then
     # Dump interesting bits of the environment.
-    env | egrep "^EF_|^LD_PRELOAD=|^LD_LIBRARY_PATH=" | sed "s/^/$me: env: /"
+    env | egrep "^EF_|^LD_PRELOAD=|^LD_LIBRARY_PATH=|^LD_PRELOAD_64=" | sed "s/^/$me: env: /"
   fi
 }
 

scripts/onload_build

@@ -52,8 +52,10 @@ NDEBUG=1; export NDEBUG
 
 while [ $# -gt 0 ]; do
   case "$1" in
-  --nictype)    nictype="$2"; shift;;
-  --kernelver)  KVER="$2"; export KVER; shift;;
+  --nictype)    [ $# -gt 1 ] || usage; nictype="$2"; shift;;
+  --nictype=*)  nictype=${1#--nictype=};;
+  --kernelver)  [ $# -gt 1 ] || usage; KVER="$2"; export KVER; shift;;
+  --kernelver=*)KVER=${1#--kernelver=};;
   --user)       all=false; user=true;;
   --user32)     all=false; user32=true;;
   --user64)     all=false; user64=true;;