From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Subject: Re: [PATCH 0/3] Check gso_size of packets when forwarding
Date: Wed, 17 Jan 2018 15:20:21 -0500 (EST)
Message-ID: <20180117.152021.1966828517960487469.davem@davemloft.net>
References: <20180116020920.20232-1-dja@axtens.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: dev-yBygre7rU0TnMu66kgdUjQ@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Manish.Chopra-YGCgFSpz5w/QT0dZR+AlfA@public.gmane.org
To: dja-Yfaxwxk/+vWsTnJN9+BGXg@public.gmane.org
Return-path: <ovs-dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>
In-Reply-To: <20180116020920.20232-1-dja-Yfaxwxk/+vWsTnJN9+BGXg@public.gmane.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev-yBygre7rU0TnMu66kgdUjQ@public.gmane.org>
List-Help: <mailto:ovs-dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request-yBygre7rU0TnMu66kgdUjQ@public.gmane.org?subject=subscribe>
Sender: ovs-dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org
Errors-To: ovs-dev-bounces-yBygre7rU0TnMu66kgdUjQ@public.gmane.org
List-Id: netdev.vger.kernel.org

From: Daniel Axtens <dja-Yfaxwxk/+vWsTnJN9+BGXg@public.gmane.org>
Date: Tue, 16 Jan 2018 13:09:17 +1100

> When regular packets are forwarded, we validate their size against the
> MTU of the destination device. However, when GSO packets are
> forwarded, we do not validate their size against the MTU. We
> implicitly assume that when they are segmented, the resultant packets
> will be correctly sized.
> 
> This is not always the case.
> 
> We observed a case where a packet received on an ibmveth device had a
> GSO size of around 10kB. This was forwarded by Open vSwitch to a bnx2x
> device, where it caused a firmware assert. This is described in detail
> at [0] and was the genesis of this series. Rather than fixing it in
> the driver, this series fixes the forwarding path.
> 
> To fix this:
> 
>  - Move a helper in patch 1.
> 
>  - Validate GSO segment lengths in is_skb_forwardable() in the GSO
>    case, rather than assuming all will be well. This fixes bridges.
>    This is patch 2.
> 
>  - Open vSwitch uses its own slightly specialised algorithm for
>    checking lengths. Wire up checking for that in patch 3.
> 
> [0]: https://patchwork.ozlabs.org/patch/859410/

This looks good to me, could the OVS folks please review this patch
series?

Thank you.