From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7193540162 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8D1B140127 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackwall-org.20230601.gappssmtp.com; s=20230601; t=1695206943; x=1695811743; darn=lists.linux-foundation.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=; b=RpL1sBO5GMAbIbzRp/S2PGZZOLYIUbQQN5iOEMe4aq6VDghac/i+3BW7mACQqnyPPB JIvlQ0+8SQJCfpqr+iACjSgxaiLDIGDIKJcbnp8WVDfwLyVRMyt8H/7Zd4x198c6g4/g WA5jCRqbql/lYH1yk41aMmXEwNFSkRim1OUFYnPgvNN+X+7lDYGEBxZ5lmn9RgE50cSX I14zsS5rc07XJwsz2KugUCYIDZL54ocHbUFf6iKLakPI6WcgXoy/KuOcYenu5e5Ok/s6 4by8Qro/baR1ADbC5FxpavYJZXRHlBZvQPd/LXIYJ1NWYdCWTbnElmlKMS9g0GoUe3qs 45WQ== Message-ID: <5146e687-f5b8-86b2-e4e3-29871fe4fa5c@blackwall.org> Date: Wed, 20 Sep 2023 13:49:01 +0300 MIME-Version: 1.0 Content-Language: en-US References: <20230919-fdb_limit-v4-0-39f0293807b8@avm.de> <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> From: Nikolay Aleksandrov In-Reply-To: <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Bridge] [PATCH net-next v4 3/6] net: bridge: Track and limit dynamically learned FDB entries List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Johannes Nixdorf , "David S. Miller" , Andrew Lunn , David Ahern , Eric Dumazet , Florian Fainelli , Ido Schimmel , Jakub Kicinski , Oleksij Rempel , Paolo Abeni , Roopa Prabhu , Shuah Khan , Vladimir Oltean Cc: netdev@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org On 9/19/23 11:12, Johannes Nixdorf wrote: > A malicious actor behind one bridge port may spam the kernel with packets > with a random source MAC address, each of which will create an FDB entry, > each of which is a dynamic allocation in the kernel. > > There are roughly 2^48 different MAC addresses, further limited by the > rhashtable they are stored in to 2^31. Each entry is of the type struct > net_bridge_fdb_entry, which is currently 128 bytes big. This means the > maximum amount of memory allocated for FDB entries is 2^31 * 128B = > 256GiB, which is too much for most computers. > > Mitigate this by maintaining a per bridge count of those automatically > generated entries in fdb_n_learned, and a limit in fdb_max_learned. If > the limit is hit new entries are not learned anymore. > > For backwards compatibility the default setting of 0 disables the limit. > > User-added entries by netlink or from bridge or bridge port addresses > are never blocked and do not count towards that limit. > > Introduce a new fdb entry flag BR_FDB_DYNAMIC_LEARNED to keep track of > whether an FDB entry is included in the count. The flag is enabled for > dynamically learned entries, and disabled for all other entries. This > should be equivalent to BR_FDB_ADDED_BY_USER and BR_FDB_LOCAL being unset, > but contrary to the two flags it can be toggled atomically. > > Atomicity is required here, as there are multiple callers that modify the > flags, but are not under a common lock (br_fdb_update is the exception > for br->hash_lock, br_fdb_external_learn_add for RTNL). > > Signed-off-by: Johannes Nixdorf > --- > net/bridge/br_fdb.c | 35 +++++++++++++++++++++++++++++++++-- > net/bridge/br_private.h | 4 ++++ > 2 files changed, 37 insertions(+), 2 deletions(-) > I think this is a good counting start. :) It'd be nice to get more eyes on this one. Acked-by: Nikolay Aleksandrov