From: Wei Liu <wei.liu2@citrix.com>
To: David Miller <davem@davemloft.net>
Cc: <wei.liu2@citrix.com>, <zoltan.kiss@citrix.com>,
<konrad.wilk@oracle.com>, <boris.ostrovsky@oracle.com>,
<david.vrabel@citrix.com>, <Ian.Campbell@citrix.com>,
<paul.durrant@citrix.com>, <netdev@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH] xen-netfront: Fix handling packets on compound pages with skb_segment
Date: Tue, 5 Aug 2014 11:53:32 +0100 [thread overview]
Message-ID: <20140805105332.GC11230@zion.uk.xensource.com> (raw)
In-Reply-To: <20140804.152411.1486639478907964423.davem@davemloft.net>
On Mon, Aug 04, 2014 at 03:24:11PM -0700, David Miller wrote:
> From: Wei Liu <wei.liu2@citrix.com>
> Date: Sun, 3 Aug 2014 10:11:10 +0100
>
> > On Sat, Aug 02, 2014 at 03:33:37PM -0700, David Miller wrote:
> >> From: Wei Liu <wei.liu2@citrix.com>
> >> Date: Fri, 1 Aug 2014 12:02:46 +0100
> >>
> >> > On Thu, Jul 31, 2014 at 01:25:20PM -0700, David Miller wrote:
> >> >> If you were to have a 64-slot TX queue, you ought to be able to handle
> >> >> this theoretical 51 slot SKB.
> >> >
> >> > There's two problems:
> >> > 1. IIRC a single page ring has 256 slots, allowing 64 slots packet
> >> > yields 4 in-flight packets in worst case.
> >> > 2. Older netback could not handle this large number of slots and it's
> >> > likely to deem the frontend malicious.
> >> >
> >> > For #1, we don't actually care that much if guest screws itself by
> >> > generating 64 slot packets. #2 is more concerning.
> >>
> >> How many slots can the older netback handle?
> >
> > I listed those two problems in the context "if we were to lift this
> > limit in the latest net-next tree", so "older netback" actually refers
> > to netback from 3.10 to 3.16.
> >
> > The current implementation allows the number of slots X:
> > 1. X <= 18, valid packet
> > 2. 18 < X < fatal_slot_count, dropped
> > 3. X >= fatal_slot_count, malicious frontend
> >
> > fatal_slot_count has default value of 20.
>
> Given what I've seen so far, I think the only option is to linearize
> the packet.
>
> BTW, we do have a netdev->gso_max_segs tunable drivers can set, but
> it might not cover all of the cases you need to handle.
>
> Maybe we can create a similar tunable which triggers
> skb_needs_linearize() in the transmit path.
>
> The advantage of such a tunable is that this can be worked with
> inside of TCP to avoid creating such packets in the first place.
>
> For example, all of the MAX_SKB_FRAGS checks you see in net/ipv4/tcp.c
> could be replaced with tests against this new tunable in struct netdevice.
+1 for this.
Avoiding generating such packets in transmit path in the first place is
even better.
Wei.
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-08-05 10:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-30 13:25 [PATCH] xen-netfront: Fix handling packets on compound pages with skb_segment Zoltan Kiss
2014-07-31 20:25 ` David Miller
2014-08-01 11:02 ` Wei Liu
2014-08-02 22:33 ` David Miller
2014-08-03 9:11 ` Wei Liu
2014-08-03 9:11 ` Wei Liu
2014-08-04 22:24 ` David Miller
2014-08-04 22:24 ` David Miller
2014-08-05 10:53 ` Wei Liu [this message]
2014-08-05 10:53 ` Wei Liu
2014-08-05 13:00 ` Zoltan Kiss
2014-08-05 23:45 ` David Miller
2014-08-05 23:45 ` David Miller
2014-08-05 13:00 ` Zoltan Kiss
2014-08-02 22:33 ` David Miller
2014-08-01 11:02 ` Wei Liu
2014-08-04 17:29 ` Zoltan Kiss
2014-08-04 20:35 ` Wei Liu
2014-08-04 20:35 ` Wei Liu
2014-08-05 23:15 ` David Miller
2014-08-05 23:15 ` David Miller
2014-08-04 17:29 ` Zoltan Kiss
2014-07-31 20:25 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2014-07-30 13:25 Zoltan Kiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140805105332.GC11230@zion.uk.xensource.com \
--to=wei.liu2@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=davem@davemloft.net \
--cc=david.vrabel@citrix.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul.durrant@citrix.com \
--cc=xen-devel@lists.xenproject.org \
--cc=zoltan.kiss@citrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.