Re: [PATCH net-next 2/2] net: sched: protect against stack overflow in TC act_mirred

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eyal Birger <eyal.birger@gmail.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>,
	John Hurley <john.hurley@netronome.com>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
	David Miller <davem@davemloft.net>,
	Florian Westphal <fw@strlen.de>,
	Simon Horman <simon.horman@netronome.com>,
	Jakub Kicinski <jakub.kicinski@netronome.com>,
	oss-drivers@netronome.com, shmulik@metanetworks.com
Subject: Re: [PATCH net-next 2/2] net: sched: protect against stack overflow in TC act_mirred
Date: Wed, 26 Jun 2019 07:37:03 +0300	[thread overview]
Message-ID: <20190626073703.5655f7b1@jimi> (raw)
In-Reply-To: <4a4f2f81-d87a-2a45-36b9-ac101d937219@mojatatu.com>

Hi Jamal, John,

On Tue, 25 Jun 2019 07:24:37 -0400
Jamal Hadi Salim <jhs@mojatatu.com> wrote:

> On 2019-06-25 5:06 a.m., John Hurley wrote:
> > On Tue, Jun 25, 2019 at 9:30 AM Eyal Birger <eyal.birger@gmail.com>
> > wrote:  
> 
> > I'm not sure on the history of why a value of 4 was selected here
> > but it seems to fall into line with my findings.  
> 
> Back then we could only loop in one direction (as opposed to two right
> now) - so seeing something twice would have been suspect enough,
> so 4 seems to be a good number. I still think 4 is a good number.

I think the introduction of mirred ingress affects the 'seeing something
twice is suspicious' paradigm - see below.

> > Is there a hard requirement for >4 recursive calls here?  
> 
> I think this is where testcases help (which then get permanently
> added in tdc repository). Eyal - if you have a test scenario where
> this could be demonstrated it would help.

I don't have a _hard_ requirement for >4 recursive calls.

I did encounter use cases for 2 layers of stacked net devices using TC
mirred ingress. For example, first layer redirects traffic based on
incoming protocol - e.g. some tunneling criterion - and the second
layer redirects traffic based on the IP packet src/dst, something like:

  +-----------+  +-----------+  +-----------+  +-----------+
  |    ip0    |  |    ip1    |  |    ip2    |  |    ip3    |
  +-----------+  +-----------+  +-----------+  +-----------+
          \          /                 \           /
           \        /                   \         /
         +-----------+                 +-----------+
         |   proto0  |                 |   proto1  |
         +-----------+                 +-----------+
                    \                   /
                     \                 /
                        +-----------+
                        |    eth0   |
                        +-----------+

Where packets stem from eth0 and are redirected to the appropriate devices
using mirred ingress redirect with different criteria.
This is useful for example when each 'ip' device is part of a different
routing domain.

There are probably many other ways to do this kind of thing, but using mirred
ingress to demux the traffic provides freedom in the demux criteria while
having the benefit of a netdevice at each node allowing to use tcpdump and
other such facilities.

As such, I was concerned that a hard limit of 4 may be restrictive.

I too think Florian's suggestion of using netif_rx() in order to break
the recursion when limit is met (or always use it?) is a good approach
to try in order not to force restrictions while keeping the stack sane.

Eyal.

next prev parent reply	other threads:[~2019-06-26  4:37 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-24 22:13 [PATCH net-next 0/2] Track recursive calls in TC act_mirred John Hurley
2019-06-24 22:13 ` [PATCH net-next 1/2] net: sched: refactor reinsert action John Hurley
2019-06-24 22:13 ` [PATCH net-next 2/2] net: sched: protect against stack overflow in TC act_mirred John Hurley
2019-06-25  8:30   ` Eyal Birger
2019-06-25  9:06     ` John Hurley
2019-06-25  9:15       ` Florian Westphal
2019-06-25  9:42         ` John Hurley
2019-06-25 11:24       ` Jamal Hadi Salim
2019-06-26  4:37         ` Eyal Birger [this message]
2019-06-25 11:18 ` [PATCH net-next 0/2] Track recursive calls " Jamal Hadi Salim
2019-06-25 13:26   ` John Hurley
2019-06-28 21:37 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190626073703.5655f7b1@jimi \
    --to=eyal.birger@gmail.com \
    --cc=davem@davemloft.net \
    --cc=fw@strlen.de \
    --cc=jakub.kicinski@netronome.com \
    --cc=jhs@mojatatu.com \
    --cc=john.hurley@netronome.com \
    --cc=netdev@vger.kernel.org \
    --cc=oss-drivers@netronome.com \
    --cc=shmulik@metanetworks.com \
    --cc=simon.horman@netronome.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).