From: Stephen Hemminger <stephen@networkplumber.org>
To: David Miller <davem@davemloft.net>
Cc: pshelar@ovn.org, dja@axtens.net, netdev@vger.kernel.org,
Manish.Chopra@cavium.com, dev@openvswitch.org
Subject: Re: [PATCH 0/3] Check gso_size of packets when forwarding
Date: Mon, 22 Jan 2018 13:31:25 -0800 [thread overview]
Message-ID: <20180122133125.55e2730e@xeon-e3> (raw)
In-Reply-To: <20180122.151453.1675721993605626060.davem@davemloft.net>
On Mon, 22 Jan 2018 15:14:53 -0500 (EST)
David Miller <davem@davemloft.net> wrote:
> From: Pravin Shelar <pshelar@ovn.org>
> Date: Fri, 19 Jan 2018 13:54:15 -0800
>
> > I agree it is not perfect. But the other proposed patch does not fix
> > the connectivity issue. It only adds log msg in such cases at cost
> > of extra checks/code. Therefore I prefer the easier fix for the
> > issue which also fixes for all cases of packet forwarding rather
> > than just OVS and Bridge.
>
> I really think that something needs to guarantee that device drivers
> will never be given either over-MTU or over-max-GSO-seg-size SKBs.
>
> Otherwise drivers need to add completely stupid checks like making
> sure that SKB lengths do not exceed the maxmimu value that can be
> encoded into descriptors.
>
> What's probably happening often now in such situations is that the
> driver ends up masking the length blindly and ends up sending out a
> truncated packet.
>
> Which frankly is quite bad too.
>
> It doesn't scale to add these checks into every driver, or trying to
> "figure out" which drivers will behave adversely and only add checks
> to those.
>
> The kernel shouldn't pass objects with out-of-range attributes
> to the driver, period.
Agreed. We should make it easier to write non-buggy drivers.
next prev parent reply other threads:[~2018-01-22 21:31 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-16 2:09 [PATCH 0/3] Check gso_size of packets when forwarding Daniel Axtens
2018-01-16 2:09 ` [PATCH 1/3] net: move skb_gso_mac_seglen to skbuff.h Daniel Axtens
2018-01-16 2:09 ` [PATCH 2/3] net: is_skb_forwardable: validate length of GSO packet segments Daniel Axtens
2018-01-18 23:47 ` Marcelo Ricardo Leitner
2018-01-16 2:09 ` [PATCH 3/3] openvswitch: drop GSO packets that are too large Daniel Axtens
[not found] ` <20180116020920.20232-1-dja-Yfaxwxk/+vWsTnJN9+BGXg@public.gmane.org>
2018-01-17 20:20 ` [PATCH 0/3] Check gso_size of packets when forwarding David Miller
2018-01-18 8:28 ` Pravin Shelar
2018-01-18 9:49 ` Jason Wang
2018-01-18 13:17 ` Daniel Axtens
[not found] ` <87fu735ms5.fsf-hbezLPf06/Fz8PszVLmxdVaj5H9X9Tb+@public.gmane.org>
2018-01-18 14:05 ` Daniel Axtens
[not found] ` <CAOrHB_AAMzYCLsFe6+3ODSqYUe79vYtP5jSxK=GDj5rKeQXyDA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-18 13:08 ` Daniel Axtens
2018-01-18 21:57 ` Pravin Shelar
[not found] ` <CAOrHB_CyTg4iZ38T0WeNkC6ng3iznXKk+0Qr-rA2rs7ivSSf+w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-19 1:28 ` Daniel Axtens
[not found] ` <87a7xa63ix.fsf-hbezLPf06/Fz8PszVLmxdVaj5H9X9Tb+@public.gmane.org>
2018-01-19 6:11 ` Daniel Axtens
2018-01-19 7:08 ` Pravin Shelar
2018-01-19 11:58 ` Daniel Axtens
[not found] ` <871sim5abx.fsf-hbezLPf06/Fz8PszVLmxdVaj5H9X9Tb+@public.gmane.org>
2018-01-19 21:54 ` Pravin Shelar
2018-01-22 20:14 ` David Miller
2018-01-22 21:31 ` Stephen Hemminger [this message]
2018-01-23 5:47 ` Pravin Shelar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180122133125.55e2730e@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=Manish.Chopra@cavium.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=dja@axtens.net \
--cc=netdev@vger.kernel.org \
--cc=pshelar@ovn.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).