From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Vrabel Subject: Re: [PATCH] xen-netfront: Fix handling packets on compound pages with skb_linearize Date: Mon, 8 Dec 2014 11:31:08 +0000 Message-ID: <54858BFC.2020906@citrix.com> References: <1407778343-13622-1-git-send-email-zoltan.kiss@citrix.com> <547C2CFC.7060908@canonical.com> <20141208101936.GA7491@hercules> <54858753.1070801@citrix.com> <548589B0.8050608@canonical.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <548589B0.8050608@canonical.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Stefan Bader , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 08/12/14 11:21, Stefan Bader wrote: > On 08.12.2014 12:11, David Vrabel wrote: >> On 08/12/14 10:19, Luis Henriques wrote: >>> On Mon, Dec 01, 2014 at 09:55:24AM +0100, Stefan Bader wrote: >>>> On 11.08.2014 19:32, Zoltan Kiss wrote: >>>>> There is a long known problem with the netfront/netback interface: if the guest >>>>> tries to send a packet which constitues more than MAX_SKB_FRAGS + 1 ring slots, >>>>> it gets dropped. The reason is that netback maps these slots to a frag in the >>>>> frags array, which is limited by size. Having so many slots can occur since >>>>> compound pages were introduced, as the ring protocol slice them up into >>>>> individual (non-compound) page aligned slots. The theoretical worst case >>>>> scenario looks like this (note, skbs are limited to 64 Kb here): >>>>> linear buffer: at most PAGE_SIZE - 17 * 2 bytes, overlapping page boundary, >>>>> using 2 slots >>>>> first 15 frags: 1 + PAGE_SIZE + 1 bytes long, first and last bytes are at the >>>>> end and the beginning of a page, therefore they use 3 * 15 = 45 slots >>>>> last 2 frags: 1 + 1 bytes, overlapping page boundary, 2 * 2 = 4 slots >>>>> Although I don't think this 51 slots skb can really happen, we need a solution >>>>> which can deal with every scenario. In real life there is only a few slots >>>>> overdue, but usually it causes the TCP stream to be blocked, as the retry will >>>>> most likely have the same buffer layout. >>>>> This patch solves this problem by linearizing the packet. This is not the >>>>> fastest way, and it can fail much easier as it tries to allocate a big linear >>>>> area for the whole packet, but probably easier by an order of magnitude than >>>>> anything else. Probably this code path is not touched very frequently anyway. >>>>> >>>>> Signed-off-by: Zoltan Kiss >>>>> Cc: Wei Liu >>>>> Cc: Ian Campbell >>>>> Cc: Paul Durrant >>>>> Cc: netdev@vger.kernel.org >>>>> Cc: linux-kernel@vger.kernel.org >>>>> Cc: xen-devel@lists.xenproject.org >>>> >>>> This does not seem to be marked explicitly as stable. Has someone already asked >>>> David Miller to put it on his stable queue? IMO it qualifies quite well and the >>>> actual change should be simple to pick/backport. >>>> >>> >>> Thank you Stefan, I'm queuing this for the next 3.16 kernel release. >> >> Don't backport this yes. It's broken. It produces malformed requests >> and netback will report a fatal error and stop all traffic on the VIF. > > Thanks David. Did this just come up? I don't remember seeing any report of the > regression. :/ There's been a couple of reports on xen-devel recently with 3.17 frontends and I've just repro'd it (by always forcing a skb_linearize() in netfront). David