All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cong Wang <xiyou.wangcong@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>,
	David Miller <davem@davemloft.net>,
	Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: [net-next PATCH 1/3] Revert "icmp: avoid allocating large struct on stack"
Date: Thu, 12 Jan 2017 14:21:20 -0800	[thread overview]
Message-ID: <CAM_iQpWdjo-3+vVQpay9FSEbc_R5Y2=iKA8PpC4f=USTDkL+ww@mail.gmail.com> (raw)
In-Reply-To: <1484084891.21472.44.camel@edumazet-glaptop3.roam.corp.google.com>

On Tue, Jan 10, 2017 at 1:48 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Tue, 2017-01-10 at 21:08 +0100, Jesper Dangaard Brouer wrote:
>> On Tue, 10 Jan 2017 10:44:59 -0800 Cong Wang <xiyou.wangcong@gmail.com> wrote:
>>
>> > On Tue, Jan 10, 2017 at 10:12 AM, David Miller <davem@davemloft.net> wrote:
>> [...]
>> > > You can keep showing us how expertly you can deflect the real
>> > > issue we are discussion here, but that won't improve the situation
>> > > at all I am afraid.
>> >
>> > Of course, there are just too many people too lazy to do a google search:
>> >
>> > https://lists.debian.org/debian-kernel/2013/05/msg00500.html
>>
>> My analysis of the problem shown in above link is not related to using
>> all the stack space, but instead that skb->cb was not cleared.  This
>> can cause the ip_options_echo() call in icmp_send() to access garbage
>> as this is: __ip_options_echo(dopt, skb, &IPCB(skb)->opt).
>>
>> Fixed by commit a622260254ee ("ip_tunnel: fix kernel panic with icmp_dest_unreach")
>>  https://git.kernel.org/torvalds/c/a622260254ee
>>
>> Thus, it is (likely) the __ip_options_echo() call that violates stack
>> access, as it is passed in a pointer to the stack, and advance this
>> based on garbage "optlen".
>>
>
> I totally agree.

I can't agree, iptunnel or ipgre symbols are not in the above stack trace
at all. Although I do agree that the above stack usage is not aggressive,
especially when compared with the other I sent.

My vague memory told me the original problem I fixed is related to vxlan
but after trying to search all netdev archives in 2013 May/Jun, I still can't
find it, perhaps it was reported to LKML or somewhere else rather than
netdev. It was certainly a real problem.

Even though the irq stack is 16K, but it is too easy to stack netdevices
and stack qdisc's too, so for TX path I am not surprised at all if 16K could
be exhausted eventually. Yeah, it is hard to blame one of them in the call
chain, but 112 bytes _alone_ are aggressive for such a function deeply
in the call stack. That's my whole point.

  reply	other threads:[~2017-01-12 22:21 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-09 15:03 [net-next PATCH 0/3] net: optimize ICMP-reply code path Jesper Dangaard Brouer
2017-01-09 15:04 ` [net-next PATCH 1/3] Revert "icmp: avoid allocating large struct on stack" Jesper Dangaard Brouer
2017-01-09 17:42   ` Cong Wang
2017-01-09 17:50     ` Eric Dumazet
2017-01-09 17:59       ` Cong Wang
2017-01-09 18:07         ` Eric Dumazet
2017-01-09 18:52           ` David Miller
2017-01-09 20:53             ` Jesper Dangaard Brouer
2017-01-10 18:06             ` Cong Wang
2017-01-10 18:12               ` David Miller
2017-01-10 18:44                 ` Cong Wang
2017-01-10 18:48                   ` Cong Wang
2017-01-10 18:54                   ` David Miller
2017-01-12 22:46                     ` Cong Wang
2017-01-10 20:08                   ` Jesper Dangaard Brouer
2017-01-10 21:48                     ` Eric Dumazet
2017-01-12 22:21                       ` Cong Wang [this message]
2017-01-10 21:41                 ` Joe Perches
2017-01-09 19:33           ` Joe Perches
2017-01-10 18:01           ` Cong Wang
2017-01-09 18:47         ` David Miller
2017-01-09 17:42   ` Eric Dumazet
2017-01-09 15:04 ` [net-next PATCH 2/3] net: reduce cycles spend on ICMP replies that gets rate limited Jesper Dangaard Brouer
2017-01-09 17:44   ` Eric Dumazet
2017-01-11 17:15     ` Eric Dumazet
2017-06-04  7:11   ` Florian Weimer
2017-06-04 14:38     ` Jesper Dangaard Brouer
2017-06-05 14:22       ` Florian Weimer
2017-01-09 15:04 ` [net-next PATCH 3/3] net: for rate-limited ICMP replies save one atomic operation Jesper Dangaard Brouer
2017-01-09 17:44   ` Eric Dumazet
2017-01-09 17:43 ` [net-next PATCH 0/3] net: optimize ICMP-reply code path Cong Wang
2017-01-09 17:56   ` Eric Dumazet
2017-01-09 20:49 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAM_iQpWdjo-3+vVQpay9FSEbc_R5Y2=iKA8PpC4f=USTDkL+ww@mail.gmail.com' \
    --to=xiyou.wangcong@gmail.com \
    --cc=brouer@redhat.com \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.