From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Axtens Subject: [PATCH 3/3] openvswitch: drop GSO packets that are too large Date: Tue, 16 Jan 2018 13:09:20 +1100 Message-ID: <20180116020920.20232-4-dja@axtens.net> References: <20180116020920.20232-1-dja@axtens.net> Cc: Daniel Axtens , Manish.Chopra@cavium.com, dev@openvswitch.org To: netdev@vger.kernel.org Return-path: Received: from mail-pl0-f65.google.com ([209.85.160.65]:35722 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750812AbeAPCK2 (ORCPT ); Mon, 15 Jan 2018 21:10:28 -0500 Received: by mail-pl0-f65.google.com with SMTP id b96so4985198pli.2 for ; Mon, 15 Jan 2018 18:10:28 -0800 (PST) In-Reply-To: <20180116020920.20232-1-dja@axtens.net> Sender: netdev-owner@vger.kernel.org List-ID: Open vSwitch attempts to detect if a packet is too large to be sent to the destination device. However, this test does not consider GSO packets, and it is possible that a GSO packet, when resegmented, will be larger than the device can send. Add detection for packets which are too large. We use skb_gso_validate_len, reusing the length calculation in the existing checks - see 738314a084aa ("openvswitch: use hard_header_len instead of hardcoded ETH_HLEN") This is different from the is_skb_forwardable logic in that it only allows for the length of a VLAN tag if one is actually present. Signed-off-by: Daniel Axtens --- net/openvswitch/vport.c | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c index b6c8524032a0..290eeaa82344 100644 --- a/net/openvswitch/vport.c +++ b/net/openvswitch/vport.c @@ -464,16 +464,16 @@ int ovs_vport_receive(struct vport *vport, struct sk_buff *skb, return 0; } -static unsigned int packet_length(const struct sk_buff *skb, - struct net_device *dev) +static unsigned int packet_length_offset(const struct sk_buff *skb, + const struct net_device *dev) { - unsigned int length = skb->len - dev->hard_header_len; + unsigned int length = dev->hard_header_len; if (!skb_vlan_tag_present(skb) && eth_type_vlan(skb->protocol)) - length -= VLAN_HLEN; + length += VLAN_HLEN; - /* Don't subtract for multiple VLAN tags. Most (all?) drivers allow + /* Don't adjust for multiple VLAN tags. Most (all?) drivers allow * (ETH_LEN + VLAN_HLEN) in addition to the mtu value, but almost none * account for 802.1ad. e.g. is_skb_forwardable(). */ @@ -481,6 +481,21 @@ static unsigned int packet_length(const struct sk_buff *skb, return length; } +static inline unsigned int packet_length(const struct sk_buff *skb, + const struct net_device *dev) +{ + return skb->len - packet_length_offset(skb, dev); +} + +static inline bool vport_gso_validate_len(const struct sk_buff *skb, + const struct net_device *dev, + unsigned int mtu) +{ + unsigned int len = mtu + packet_length_offset(skb, dev); + + return skb_gso_validate_len(skb, len); +} + void ovs_vport_send(struct vport *vport, struct sk_buff *skb, u8 mac_proto) { int mtu = vport->dev->mtu; @@ -504,13 +519,21 @@ void ovs_vport_send(struct vport *vport, struct sk_buff *skb, u8 mac_proto) goto drop; } - if (unlikely(packet_length(skb, vport->dev) > mtu && - !skb_is_gso(skb))) { + if (!skb_is_gso(skb) && + unlikely(packet_length(skb, vport->dev) > mtu)) { net_warn_ratelimited("%s: dropped over-mtu packet: %d > %d\n", vport->dev->name, packet_length(skb, vport->dev), mtu); vport->dev->stats.tx_errors++; goto drop; + } else if (skb_is_gso(skb) && + unlikely(!vport_gso_validate_len(skb, vport->dev, mtu))) { + net_warn_ratelimited("%s: dropped over-mtu GSO packet: " + "gso_size = %d, mtu = %d\n", + vport->dev->name, + skb_shinfo(skb)->gso_size, mtu); + vport->dev->stats.tx_errors++; + goto drop; } skb->dev = vport->dev; -- 2.14.1