* GSO where gso_size is too big for hardware
@ 2019-01-22 16:24 Ben Hutchings
2019-01-22 17:02 ` Willem de Bruijn
0 siblings, 1 reply; 3+ messages in thread
From: Ben Hutchings @ 2019-01-22 16:24 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev, Daniel Axtens, Eric Dumazet
Last year you applied these fixes for a potential denial-of-service in
the bnx2x driver:
commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
Author: Daniel Axtens <dja@axtens.net>
Date: Wed Jan 31 14:15:33 2018 +1100
net: create skb_gso_validate_mac_len()
commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
Author: Daniel Axtens <dja@axtens.net>
Date: Wed Jan 31 14:15:34 2018 +1100
bnx2x: disable GSO where gso_size is too big for hardware
However I don't understand why the check is done only in the bnx2x
driver. Shouldn't the networking core ensure that gso_size + L3/L4
headers is <= the device MTU? If not, is every driver that does TSO
expected to check this?
Also, should these fixes go to stable? I'm not sure whether you're
still handling stable patches for any of the unfixed versions (< 4.16)
now.
Ben.
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: GSO where gso_size is too big for hardware
2019-01-22 16:24 GSO where gso_size is too big for hardware Ben Hutchings
@ 2019-01-22 17:02 ` Willem de Bruijn
2019-01-22 23:41 ` Daniel Axtens
0 siblings, 1 reply; 3+ messages in thread
From: Willem de Bruijn @ 2019-01-22 17:02 UTC (permalink / raw)
To: Ben Hutchings
Cc: David S. Miller, netdev, Daniel Axtens, Eric Dumazet,
Mahesh Bandewar, michael.chan
On Tue, Jan 22, 2019 at 11:24 AM Ben Hutchings
<ben.hutchings@codethink.co.uk> wrote:
>
> Last year you applied these fixes for a potential denial-of-service in
> the bnx2x driver:
>
> commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
> Author: Daniel Axtens <dja@axtens.net>
> Date: Wed Jan 31 14:15:33 2018 +1100
>
> net: create skb_gso_validate_mac_len()
>
> commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
> Author: Daniel Axtens <dja@axtens.net>
> Date: Wed Jan 31 14:15:34 2018 +1100
>
> bnx2x: disable GSO where gso_size is too big for hardware
>
> However I don't understand why the check is done only in the bnx2x
> driver. Shouldn't the networking core ensure that gso_size + L3/L4
> headers is <= the device MTU? If not, is every driver that does TSO
> expected to check this?
>
> Also, should these fixes go to stable? I'm not sure whether you're
> still handling stable patches for any of the unfixed versions (< 4.16)
> now.
>
> Ben.
Irrespective of the GSO issue, this sounds relevant to this other thread
Stack sends oversize UDP packet to the driver
https://www.mail-archive.com/netdev@vger.kernel.org/msg279006.html
which discusses a specific cause of larger than MTU packets and its
effect on the bnxt.
Perhaps these patches were initially applied to the bnx2x driver only,
because at the time that was the only nic known to lock up on such
packets? Either way, a device independent validation is indeed
probably preferable (independent of fixing that lo flapping root
cause).
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: GSO where gso_size is too big for hardware
2019-01-22 17:02 ` Willem de Bruijn
@ 2019-01-22 23:41 ` Daniel Axtens
0 siblings, 0 replies; 3+ messages in thread
From: Daniel Axtens @ 2019-01-22 23:41 UTC (permalink / raw)
To: Willem de Bruijn, Ben Hutchings
Cc: David S. Miller, netdev, Eric Dumazet, Mahesh Bandewar, michael.chan
Willem de Bruijn <willemdebruijn.kernel@gmail.com> writes:
> On Tue, Jan 22, 2019 at 11:24 AM Ben Hutchings
> <ben.hutchings@codethink.co.uk> wrote:
>>
>> Last year you applied these fixes for a potential denial-of-service in
>> the bnx2x driver:
>>
>> commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
>> Author: Daniel Axtens <dja@axtens.net>
>> Date: Wed Jan 31 14:15:33 2018 +1100
>>
>> net: create skb_gso_validate_mac_len()
>>
>> commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
>> Author: Daniel Axtens <dja@axtens.net>
>> Date: Wed Jan 31 14:15:34 2018 +1100
>>
>> bnx2x: disable GSO where gso_size is too big for hardware
>>
>> However I don't understand why the check is done only in the bnx2x
>> driver. Shouldn't the networking core ensure that gso_size + L3/L4
>> headers is <= the device MTU? If not, is every driver that does TSO
>> expected to check this?
>>
>> Also, should these fixes go to stable? I'm not sure whether you're
>> still handling stable patches for any of the unfixed versions (< 4.16)
>> now.
>>
>> Ben.
>
> Irrespective of the GSO issue, this sounds relevant to this other thread
>
> Stack sends oversize UDP packet to the driver
> https://www.mail-archive.com/netdev@vger.kernel.org/msg279006.html
>
> which discusses a specific cause of larger than MTU packets and its
> effect on the bnxt.
>
> Perhaps these patches were initially applied to the bnx2x driver only,
> because at the time that was the only nic known to lock up on such
> packets? Either way, a device independent validation is indeed
> probably preferable (independent of fixing that lo flapping root
> cause).
I did try to propose a more generic approach:
1) "[PATCH 0/3] Check gso_size of packets when forwarding"
(https://www.spinics.net/lists/netdev/msg478634.html)
In this series I looked just at forwarding, where there is a check
against regular MTU but not against GSO size. I added checks to
is_skb_forwardable and the Open vSwitch forwarding path, but in feedback
it was pointed out that I missed other ways a packet could be forwarded
such as tc-mired and bpf. A more generic approach was desired, so I
proposed:
2) "[PATCH v2 0/4] Check size of packets before sending"
(https://www.spinics.net/lists/netdev/msg480847.html)
This added a check to is_skb_forwardable and another check to
validate_xmit_skb. It was not considered desirable to include this as a
primary fix because it would be very hard to backport, so we included
the fix for the bnx2x card specifically instead. I think the idea was to
come back to this fix later.
I do remember then spending quite a bit of time trying to get the
generic fix sorted out after that. I remember working on the intricacies
of verifing various GSO stuff - I sent some fixes to GSO_BY_FRAGS
handling, and I know I got sidetracked by GSO_DODGY somehow as well. I
think the problem was that without dealing with dodgy, you end up with
edge cases where untrusted providers of dodgy packets can bypass a naive
length check. Anyway, then I got busy - my job at that point was mostly
support-driven and customers keep having new urgent issues! - so I
didn't get to finish it. This was about a year ago, so my recollection
may be wrong and I may have misunderstood things.
Regards,
Daniel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-22 23:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-22 16:24 GSO where gso_size is too big for hardware Ben Hutchings
2019-01-22 17:02 ` Willem de Bruijn
2019-01-22 23:41 ` Daniel Axtens
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.