* [PATCH net] rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
@ 2018-10-02 22:47 Eric Dumazet
2018-10-02 23:09 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Eric Dumazet @ 2018-10-02 22:47 UTC (permalink / raw)
To: David S . Miller; +Cc: netdev, Eric Dumazet, Eric Dumazet
We have an impressive number of syzkaller bugs that are linked
to the fact that syzbot was able to create a networking device
with millions of TX (or RX) queues.
Let's limit the number of RX/TX queues to 4096, this really should
cover all known cases.
A separate patch will add various cond_resched() in the loops
handling sysfs entries at device creation and dismantle.
Tested:
lpaa6:~# ip link add gre-4097 numtxqueues 4097 numrxqueues 4097 type ip6gretap
RTNETLINK answers: Invalid argument
lpaa6:~# time ip link add gre-4096 numtxqueues 4096 numrxqueues 4096 type ip6gretap
real 0m0.180s
user 0m0.000s
sys 0m0.107s
Fixes: 76ff5cc91935 ("rtnl: allow to specify number of rx and tx queues on device creation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
---
net/core/rtnetlink.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 7f37fe9c65a5490c621874607f6a1c2fc32e36dd..448703312fed0f736bc7f0d58e7bda705a2344f2 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2835,6 +2835,12 @@ struct net_device *rtnl_create_link(struct net *net,
else if (ops->get_num_rx_queues)
num_rx_queues = ops->get_num_rx_queues();
+ if (num_tx_queues < 1 || num_tx_queues > 4096)
+ return ERR_PTR(-EINVAL);
+
+ if (num_rx_queues < 1 || num_rx_queues > 4096)
+ return ERR_PTR(-EINVAL);
+
dev = alloc_netdev_mqs(ops->priv_size, ifname, name_assign_type,
ops->setup, num_tx_queues, num_rx_queues);
if (!dev)
--
2.19.0.605.g01d371f741-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
2018-10-02 22:47 [PATCH net] rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Eric Dumazet
@ 2018-10-02 23:09 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-10-02 23:09 UTC (permalink / raw)
To: edumazet; +Cc: netdev, eric.dumazet
From: Eric Dumazet <edumazet@google.com>
Date: Tue, 2 Oct 2018 15:47:35 -0700
> We have an impressive number of syzkaller bugs that are linked
> to the fact that syzbot was able to create a networking device
> with millions of TX (or RX) queues.
>
> Let's limit the number of RX/TX queues to 4096, this really should
> cover all known cases.
>
> A separate patch will add various cond_resched() in the loops
> handling sysfs entries at device creation and dismantle.
>
> Tested:
>
> lpaa6:~# ip link add gre-4097 numtxqueues 4097 numrxqueues 4097 type ip6gretap
> RTNETLINK answers: Invalid argument
>
> lpaa6:~# time ip link add gre-4096 numtxqueues 4096 numrxqueues 4096 type ip6gretap
>
> real 0m0.180s
> user 0m0.000s
> sys 0m0.107s
>
> Fixes: 76ff5cc91935 ("rtnl: allow to specify number of rx and tx queues on device creation")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
Applied and queued up for -stable.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-10-03 5:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-02 22:47 [PATCH net] rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Eric Dumazet
2018-10-02 23:09 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).