From: Zhu Yi <yi.zhu@intel.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"Shi, Alex" <alex.shi@intel.com>
Subject: Re: [RFC PATCH] accounting for socket backlog
Date: Mon, 01 Mar 2010 11:03:24 +0800 [thread overview]
Message-ID: <1267412604.23196.53.camel@debian> (raw)
In-Reply-To: <1267410585.9082.115.camel@edumazet-laptop>
On Mon, 2010-03-01 at 10:29 +0800, Eric Dumazet wrote:
> You focus on the case you Intel guys discovered the flaw, using
> loopback interface. I am concerned with a DOS situation, when some bad
> guys on your LAN sends a flood on your machine, using a real 10Gb NIC.
> I was concerned by two things :
>
> - One process being stuck forever in the __release_sock(), basically
> stopping an application from performing progress. This is a DOS
> problem.
> Our kernel is potentially affected. We probably should do something to
> avoid this problem. But I am _not_ saying this should be done by your
> patch, it is probably possible to address it in an independant patch.
Agreed. Unless you or someone else provides a better idea solves them
both, I'd only fix one problem at a time.
> - One process being stuck in __release_sock() and not yield to other
> processes. This is not the case since we call the
> cond_resched_sofirq()
> function that permits other high priority task to get the CPU.
>
>
> One more point :
>
> If you remember my previous mail, I suggested cleaning the len field
> in
> __release_sock(). This way, you can provide a first patch, protocol
> agnostic, then provide further patch for UDP V4, another patch for UDP
> V6, etc... to have a clean path and make the resolution of the bugs
> more
> self explaining and not as a whole and big patch.
This is my original plan. But davem just mentioned we have to prevent
from maliciously send frames, that means all protocols using backlog.
That makes me consider if I should put the check to the generic path.
Thanks,
-yi
next prev parent reply other threads:[~2010-03-01 3:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 3:13 [RFC PATCH] accounting for socket backlog Zhu Yi
2010-02-25 8:31 ` David Miller
2010-02-26 2:44 ` Zhu Yi
2010-02-26 5:52 ` David Miller
2010-02-25 11:24 ` Eric Dumazet
2010-02-26 2:34 ` Zhu Yi
2010-02-26 13:12 ` Eric Dumazet
2010-03-01 2:17 ` Zhu Yi
2010-03-01 2:29 ` Eric Dumazet
2010-03-01 3:03 ` Zhu Yi [this message]
2010-03-01 3:12 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1267412604.23196.53.camel@debian \
--to=yi.zhu@intel.com \
--cc=alex.shi@intel.com \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).