From: David Ahern <dsahern@kernel.org>
To: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>,
netdev@vger.kernel.org
Cc: "Denis V. Lunev" <den@openvz.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Yajun Deng <yajun.deng@linux.dev>,
Roopa Prabhu <roopa@nvidia.com>,
linux-kernel@vger.kernel.org,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Konstantin Khorenko <khorenko@virtuozzo.com>,
kernel@openvz.org
Subject: Re: [PATCH 1/2] neigh: fix possible DoS due to net iface start/stop loop
Date: Mon, 1 Aug 2022 09:08:37 -0600 [thread overview]
Message-ID: <09ac06d6-4373-0953-5ed0-ed85ef25c999@kernel.org> (raw)
In-Reply-To: <20220729103559.215140-2-alexander.mikhalitsyn@virtuozzo.com>
On 7/29/22 4:35 AM, Alexander Mikhalitsyn wrote:
> The patch proposed doing very simple thing. It drops only packets from
it does 2 things - adds a namespace check and a performance based change
with the way the list is walked.
> the same namespace in the pneigh_queue_purge() where network interface
> state change is detected. This is enough to prevent the problem for the
> whole node preserving original semantics of the code.
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 54625287ee5b..213ec0be800b 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -386,8 +396,7 @@ static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev,
> neigh_flush_dev(tbl, dev, skip_perm);
> pneigh_ifdown_and_unlock(tbl, dev);
>
> - del_timer_sync(&tbl->proxy_timer);
why are you removing this line too?
> - pneigh_queue_purge(&tbl->proxy_queue);
> + pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev));
> return 0;
> }
>
next prev parent reply other threads:[~2022-08-01 15:08 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-29 10:35 [PATCH 0/2] neighbour: fix possible DoS due to net iface start/stop loop Alexander Mikhalitsyn
2022-07-29 10:35 ` [PATCH 1/2] neigh: " Alexander Mikhalitsyn
2022-08-01 15:08 ` David Ahern [this message]
2022-08-01 15:44 ` Denis V. Lunev
2022-07-29 10:35 ` [PATCH 2/2] neighbour: make proxy_queue.qlen limit per-device Alexander Mikhalitsyn
2022-08-10 16:08 ` [PATCH v2 0/2] neighbour: fix possible DoS due to net iface start/stop loop Alexander Mikhalitsyn
2022-08-10 16:08 ` [PATCH v2 1/2] neigh: " Alexander Mikhalitsyn
2022-08-15 9:44 ` Christian Brauner
2022-08-15 10:47 ` Denis V. Lunev
2022-08-10 16:08 ` [PATCH v2 2/2] neighbour: make proxy_queue.qlen limit per-device Alexander Mikhalitsyn
2022-08-11 14:46 ` [PATCH v2 0/2] neighbour: fix possible DoS due to net iface start/stop loop Jakub Kicinski
2022-08-11 14:51 ` Alexander Mikhalitsyn
2022-08-11 14:53 ` Jakub Kicinski
2022-08-11 14:57 ` Alexander Mikhalitsyn
2022-08-11 15:20 ` [PATCH v3 " Alexander Mikhalitsyn
2022-08-11 15:20 ` [PATCH v3 1/2] neigh: " Alexander Mikhalitsyn
2022-08-11 15:20 ` [PATCH v3 2/2] neighbour: make proxy_queue.qlen limit per-device Alexander Mikhalitsyn
2022-08-15 10:40 ` [PATCH v3 0/2] neighbour: fix possible DoS due to net iface start/stop loop patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09ac06d6-4373-0953-5ed0-ed85ef25c999@kernel.org \
--to=dsahern@kernel.org \
--cc=alexander.mikhalitsyn@virtuozzo.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=den@openvz.org \
--cc=edumazet@google.com \
--cc=kernel@openvz.org \
--cc=khorenko@virtuozzo.com \
--cc=kuba@kernel.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=roopa@nvidia.com \
--cc=yajun.deng@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox