* Questions about XSA39
@ 2013-02-28 20:36 Nick Pegg
2013-03-01 11:52 ` Wei Liu
2013-03-01 12:23 ` Ian Jackson
0 siblings, 2 replies; 4+ messages in thread
From: Nick Pegg @ 2013-02-28 20:36 UTC (permalink / raw)
To: xen-devel
Hi Xen developers,
I had some questions regarding XSA39, and I hope you all can answer them.
We've been rolling out some hosts with the XSA39 patch applied and have
come across a problem where a few of our customer DomUs keep hitting the
conditions which call netbk_fatal_tx_err(), mostly "Frag is bigger than
frame." These specific DomUs hit it repeatedly, between once every few
hours to every few days, and the customers say that they're sending
legitimate traffic (which I'm inclined to believe is true).
If the XSA39 protection is this easy to hit under normal circumstances,
should the solution really be as harsh as disconnecting the vif? Would
it be possible to just drop the packet(s) without causing netback to
spin while processing them?
FWIW, I have gotten a pcap dump from one of the customers facing this
problem. Wireshark does complain about a UDP packet in the sample being
too large (65538 bytes, over the max of 65535). Could this packet
possibly be the culprit? Unfortunately Wireshark refuses to load in the
packet, so I have not yet been able to dissect it.
Thanks in advance,
-Nick
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Questions about XSA39
2013-02-28 20:36 Questions about XSA39 Nick Pegg
@ 2013-03-01 11:52 ` Wei Liu
2013-03-01 12:41 ` Nick Pegg
2013-03-01 12:23 ` Ian Jackson
1 sibling, 1 reply; 4+ messages in thread
From: Wei Liu @ 2013-03-01 11:52 UTC (permalink / raw)
To: Nick Pegg; +Cc: wei.liu2, xen-devel@lists.xen.org
On Thu, 2013-02-28 at 20:36 +0000, Nick Pegg wrote:
> Hi Xen developers,
>
> I had some questions regarding XSA39, and I hope you all can answer them.
>
> We've been rolling out some hosts with the XSA39 patch applied and have
> come across a problem where a few of our customer DomUs keep hitting the
> conditions which call netbk_fatal_tx_err(), mostly "Frag is bigger than
"mostly" or "all"? As all the reports I've seen so far are "Frag is
bigger than frame", so it would be interesting to know whether there's
any other error as well.
We're investigating whether this is a genuine bug in Xen netfront /
netback implementation, or it is something in kernel generating bogus
packet. The solution to this issue may different depending on various
factors.
Wei.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Questions about XSA39
2013-02-28 20:36 Questions about XSA39 Nick Pegg
2013-03-01 11:52 ` Wei Liu
@ 2013-03-01 12:23 ` Ian Jackson
1 sibling, 0 replies; 4+ messages in thread
From: Ian Jackson @ 2013-03-01 12:23 UTC (permalink / raw)
To: Nick Pegg; +Cc: Konrad Rzeszutek Wilk, Ian Campbell, Jan Beulich, xen-devel
Nick Pegg writes ("[Xen-devel] Questions about XSA39"):
> I had some questions regarding XSA39, and I hope you all can answer them.
>
> We've been rolling out some hosts with the XSA39 patch applied and have
> come across a problem where a few of our customer DomUs keep hitting the
> conditions which call netbk_fatal_tx_err(), mostly "Frag is bigger than
> frame." These specific DomUs hit it repeatedly, between once every few
> hours to every few days, and the customers say that they're sending
> legitimate traffic (which I'm inclined to believe is true).
>
> If the XSA39 protection is this easy to hit under normal circumstances,
> should the solution really be as harsh as disconnecting the vif? Would
> it be possible to just drop the packet(s) without causing netback to
> spin while processing them?
>
> FWIW, I have gotten a pcap dump from one of the customers facing this
> problem. Wireshark does complain about a UDP packet in the sample being
> too large (65538 bytes, over the max of 65535). Could this packet
> possibly be the culprit? Unfortunately Wireshark refuses to load in the
> packet, so I have not yet been able to dissect it.
CCing the authors/reviewers of the XSA-39 patch.
Ian.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Questions about XSA39
2013-03-01 11:52 ` Wei Liu
@ 2013-03-01 12:41 ` Nick Pegg
0 siblings, 0 replies; 4+ messages in thread
From: Nick Pegg @ 2013-03-01 12:41 UTC (permalink / raw)
To: Wei Liu
Cc: Konrad Rzeszutek Wilk, Ian Campbell, Jan Beulich,
xen-devel@lists.xen.org
On 3/1/13 6:52 AM, Wei Liu wrote:
> On Thu, 2013-02-28 at 20:36 +0000, Nick Pegg wrote:
>> Hi Xen developers,
>>
>> I had some questions regarding XSA39, and I hope you all can answer them.
>>
>> We've been rolling out some hosts with the XSA39 patch applied and have
>> come across a problem where a few of our customer DomUs keep hitting the
>> conditions which call netbk_fatal_tx_err(), mostly "Frag is bigger than
>
> "mostly" or "all"? As all the reports I've seen so far are "Frag is
> bigger than frame", so it would be interesting to know whether there's
> any other error as well.
>
> We're investigating whether this is a genuine bug in Xen netfront /
> netback implementation, or it is something in kernel generating bogus
> packet. The solution to this issue may different depending on various
> factors.
>
>
> Wei.
>
After digging through our recent logs, we had four occurrences of "Too
many frags." All others (>85%) were "Frag is bigger than frame."
-Nick
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-03-01 12:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-28 20:36 Questions about XSA39 Nick Pegg
2013-03-01 11:52 ` Wei Liu
2013-03-01 12:41 ` Nick Pegg
2013-03-01 12:23 ` Ian Jackson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.