* Code flow: tcp_input.c : tcp_prune_queue : Dropping frames
@ 2010-06-21 21:25 Mitchell Erblich
0 siblings, 0 replies; only message in thread
From: Mitchell Erblich @ 2010-06-21 21:25 UTC (permalink / raw)
To: netdev
group,
The tcp_prune_queue() calls tcp_collapse() is called to
prevent frames/pkts from being dropped due to buffer
?"ooo"? overcommit.
However, tcp_collapse() calls alloc_skb() with GFP_ATOMIC
which can grab the last of reserveable memory.
nskb = alloc_skb(copy + header, GFP_ATOMIC);
if (!nskb)
return;
It should be called with GFP_NOWAIT to keep the NON-SLEEP
aspect of the mem reservation, but not grap the last bits of mem.
Because, if the over-commit was that bad, all other allocations
have ALREADY STARTED TO FAIL. The system SHOULD be
dead.
Secondly, if the alloc failed, why try to do the reclaim?
Thus,
tcp_collapse() should return int instead of void and the
alloc return should return -1 upon failure.
tcp_prune_queue_should check for the return and skip
sk_mem_reclaim().
Why not some logging message?
Didn't see one.
Rename ofo to "ooo" as this is known as "out-of-order".
Lastly, follow-up should be done to identify the GFP_ mem
type and SHOULD not be alloc'ing mem with ATOMIC
for an "out-of-order" queue as this COULD be a form of
DENIAL of Service (DoS) attack.
Mitchell Erblich
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-06-21 21:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-06-21 21:25 Code flow: tcp_input.c : tcp_prune_queue : Dropping frames Mitchell Erblich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.