From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06592C282C4 for ; Tue, 22 Jan 2019 23:41:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BEE87217D6 for ; Tue, 22 Jan 2019 23:41:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=axtens.net header.i=@axtens.net header.b="pxdJmqsw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727396AbfAVXl3 (ORCPT ); Tue, 22 Jan 2019 18:41:29 -0500 Received: from mail-pl1-f171.google.com ([209.85.214.171]:33188 "EHLO mail-pl1-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727348AbfAVXlU (ORCPT ); Tue, 22 Jan 2019 18:41:20 -0500 Received: by mail-pl1-f171.google.com with SMTP id z23so166450plo.0 for ; Tue, 22 Jan 2019 15:41:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=DyaxmaPe1674e/xup0cJsQ1Dfbd4kYDhvUTqXasGrkk=; b=pxdJmqswG8vjfxTNGndN7vOe2qRI3SE6b33D+Y7EikhSzRYFAUo1RdwWZifw5tiJ8Z p1xiMYUDdHPU6REbVahk5yHuUv5LsGfukYvnwX4dQvBxDk5zKvFphp3q4XdlqQ0Hgu+x ikg9rTDo5bk8s43JzrTouQk40buLQPTH92xkk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=DyaxmaPe1674e/xup0cJsQ1Dfbd4kYDhvUTqXasGrkk=; b=nofujD8HCdfA5+1E167LvAy5CKKaF01QP+WKPk0p/jinctGVZiJFlTpnptfM8fBXg7 VKL331t+fBHJl+mSEwm5RUmishzbLExZ5Dvg3x3ib9MNYUwyDZxJDwDaS0nRudwknzx2 jSC05w15SWGrTZ1j+bqn97mF8Gk6PCkx6X3UXJlpxddxCgS5EwpcI92CG7R2Jskgllmm mzikplg+KmpPF1PtPNM4mCo0y5Wl6UdTEjsyBeTvpVqsleHwsDZHul9j1UZzek8AwM2x t5n7aitCnWIv/NdJOchAswkyBquKTuDob8TVPxePaskkQIaBkIcFzqSHVb1ROkXdKDvm z1xQ== X-Gm-Message-State: AJcUukeTN9SMhBPCX91Gy2PJgXlfqmDGcWh2XNbToVXjMWCnkRM1xzLr YnMs+dQPYQIeqs2/0GOWFCf4mg== X-Google-Smtp-Source: ALg8bN6+HZtPVHRRfKdNFQ/zstn0E9zBSqUvFcQSQ5SmEZFrnyDzmMhAsap6hMTC4ahrOF/A6g9u1g== X-Received: by 2002:a17:902:8346:: with SMTP id z6mr36297493pln.340.1548200480250; Tue, 22 Jan 2019 15:41:20 -0800 (PST) Received: from localhost (ppp121-45-192-126.bras1.cbr1.internode.on.net. [121.45.192.126]) by smtp.gmail.com with ESMTPSA id w5sm21086138pfn.89.2019.01.22.15.41.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 22 Jan 2019 15:41:19 -0800 (PST) From: Daniel Axtens To: Willem de Bruijn , Ben Hutchings Cc: "David S. Miller" , netdev , Eric Dumazet , Mahesh Bandewar , michael.chan@broadcom.com Subject: Re: GSO where gso_size is too big for hardware In-Reply-To: References: <1548174286.3229.299.camel@codethink.co.uk> Date: Wed, 23 Jan 2019 10:41:16 +1100 Message-ID: <87zhrsp8f7.fsf@linkitivity.dja.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Willem de Bruijn writes: > On Tue, Jan 22, 2019 at 11:24 AM Ben Hutchings > wrote: >> >> Last year you applied these fixes for a potential denial-of-service in >> the bnx2x driver: >> >> commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90 >> Author: Daniel Axtens >> Date: Wed Jan 31 14:15:33 2018 +1100 >> >> net: create skb_gso_validate_mac_len() >> >> commit 8914a595110a6eca69a5e275b323f5d09e18f4f9 >> Author: Daniel Axtens >> Date: Wed Jan 31 14:15:34 2018 +1100 >> >> bnx2x: disable GSO where gso_size is too big for hardware >> >> However I don't understand why the check is done only in the bnx2x >> driver. Shouldn't the networking core ensure that gso_size + L3/L4 >> headers is <= the device MTU? If not, is every driver that does TSO >> expected to check this? >> >> Also, should these fixes go to stable? I'm not sure whether you're >> still handling stable patches for any of the unfixed versions (< 4.16) >> now. >> >> Ben. > > Irrespective of the GSO issue, this sounds relevant to this other thread > > Stack sends oversize UDP packet to the driver > https://www.mail-archive.com/netdev@vger.kernel.org/msg279006.html > > which discusses a specific cause of larger than MTU packets and its > effect on the bnxt. > > Perhaps these patches were initially applied to the bnx2x driver only, > because at the time that was the only nic known to lock up on such > packets? Either way, a device independent validation is indeed > probably preferable (independent of fixing that lo flapping root > cause). I did try to propose a more generic approach: 1) "[PATCH 0/3] Check gso_size of packets when forwarding" (https://www.spinics.net/lists/netdev/msg478634.html) In this series I looked just at forwarding, where there is a check against regular MTU but not against GSO size. I added checks to is_skb_forwardable and the Open vSwitch forwarding path, but in feedback it was pointed out that I missed other ways a packet could be forwarded such as tc-mired and bpf. A more generic approach was desired, so I proposed: 2) "[PATCH v2 0/4] Check size of packets before sending" (https://www.spinics.net/lists/netdev/msg480847.html) This added a check to is_skb_forwardable and another check to validate_xmit_skb. It was not considered desirable to include this as a primary fix because it would be very hard to backport, so we included the fix for the bnx2x card specifically instead. I think the idea was to come back to this fix later. I do remember then spending quite a bit of time trying to get the generic fix sorted out after that. I remember working on the intricacies of verifing various GSO stuff - I sent some fixes to GSO_BY_FRAGS handling, and I know I got sidetracked by GSO_DODGY somehow as well. I think the problem was that without dealing with dodgy, you end up with edge cases where untrusted providers of dodgy packets can bypass a naive length check. Anyway, then I got busy - my job at that point was mostly support-driven and customers keep having new urgent issues! - so I didn't get to finish it. This was about a year ago, so my recollection may be wrong and I may have misunderstood things. Regards, Daniel