Re: [PATCH] xen-netfront: drop skb when skb->len > 65535

All of lore.kernel.org
 help / color / mirror / Atom feed

From: annie li <annie.li@oracle.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: "ij@2013.bluespice.org" <ij@2013.bluespice.org>,
	Ian Campbell <ian.campbell@citrix.com>,
	konrad.wilk@oracle.com, "npegg@linode.com" <npegg@linode.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH] xen-netfront: drop skb when skb->len > 65535
Date: Sun, 03 Mar 2013 13:02:53 +0800	[thread overview]
Message-ID: <5132D97D.4000302@oracle.com> (raw)
In-Reply-To: <20130302133243.GA6846@zion.uk.xensource.com>


On 2013-3-2 21:32, Wei Liu wrote:
> On Sat, Mar 02, 2013 at 02:54:17AM +0000, Ian Campbell wrote:
>> On Fri, 2013-03-01 at 17:00 +0000, Wei Liu wrote:
>>> On Fri, 2013-03-01 at 16:48 +0000, Jan Beulich wrote:
>>>>>>> On 01.03.13 at 17:31, Wei Liu <wei.liu2@citrix.com> wrote:
>>>>> The `size' field of Xen network wired format is uint16_t, anything bigger
>>>>> than
>>>>> 65535 will cause overflow.
>>>>>
>>>>> The punishment introduced by XSA-39 is quite harsh - DomU is disconnected when
>>>>> it's discovered to be sending corrupted skbs. However, it looks like Linux
>>>>> kernel will generate some bad skbs sometimes, so drop those skbs before
>>>>> sending to over netback to avoid being disconnected.
>>>> While fixing the frontend is certainly desirable, we can't expect
>>>> everyone to deploy fixed netfronts in all their VMs - some OS
>>>> versions used in there may even be out of service. So we
>>>> ought to find a way to also more gracefully deal with the
>>>> situation in netback, without re-opening the security issue
>>>> that prompted those changes.
>>>>
>>> Regarding the punishment bit, I think its worth discussing it a bit.
>> Yes, the trick is figuring out what to do without reintroducing the
>> softlockup which XSA-39 fixed.
>>
>> Perhaps we should allow silently consume (and drop) oversize skbs and
>> only shutdown the rings if they also consume too many (FSVO too many)
>> slots?
>>
>>> But the bug is always there, it drew no attention until revealed by
>>> XSA-39. It ought to be fixed anyway. :-)
>> I would have sworn that skb->len was also limited to 64k, but looking at
>> the header I see it is actually an int and the only limit of that sort
>> is related to MAX_SKB_FRAGS (which doesn't actually limit the total
>> size).
> I had the impression that skb->len was limited to 64k, too. But it
> turned out I was wrong.
>
>> OOI how big were the skbs you were seeing?
> As Nick (npegg@linode.com) pointed out in his email, he saw size 65538.
> I can reproduce this as well by setting vif's mtu to 100 then run iperf.
> 100 was just a random number I came up with when I played with
> fragmentation.

Did you notice any GSO packets during your iperf test?

Thanks
Annie

next prev parent reply	other threads:[~2013-03-03  5:02 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-01 16:31 [PATCH] xen-netfront: drop skb when skb->len > 65535 Wei Liu
2013-03-01 16:34 ` Wei Liu
2013-03-01 16:48 ` Jan Beulich
2013-03-01 17:00   ` Wei Liu
2013-03-02  2:54     ` Ian Campbell
2013-03-02 13:32       ` Wei Liu
2013-03-03  5:02         ` annie li [this message]
2013-03-06 17:20         ` Nick Pegg
2013-03-06 17:31           ` Wei Liu
2013-03-06 17:57             ` Jacek Milewicz
2013-03-06 18:04               ` Wei Liu
2013-03-03  4:13       ` annie li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5132D97D.4000302@oracle.com \
    --to=annie.li@oracle.com \
    --cc=JBeulich@suse.com \
    --cc=ian.campbell@citrix.com \
    --cc=ij@2013.bluespice.org \
    --cc=konrad.wilk@oracle.com \
    --cc=npegg@linode.com \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.