From: Vladimir Oltean <olteanv@gmail.com>
To: Nikolay Aleksandrov <razor@blackwall.org>
Cc: Hans Schultz <schultz.hans@gmail.com>,
davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
Andrew Lunn <andrew@lunn.ch>,
Vivien Didelot <vivien.didelot@gmail.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
Ivan Vecera <ivecera@redhat.com>, Roopa Prabhu <roopa@nvidia.com>,
Shuah Khan <shuah@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Ido Schimmel <idosch@nvidia.com>,
linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH V3 net-next 1/4] net: bridge: add fdb flag to extent locked port feature
Date: Wed, 6 Jul 2022 23:21:30 +0300 [thread overview]
Message-ID: <20220706202130.ehzxnnqnduaq3rmt@skbuf> (raw)
In-Reply-To: <7cf30a3e-a562-d582-4391-072a2c98ab05@blackwall.org>
On Wed, Jul 06, 2022 at 10:38:04PM +0300, Nikolay Aleksandrov wrote:
> I don't think that is new or surprising, if there isn't anything to control the
> device resources you'll get there. You don't really need to write any new programs
> you can easily do it with mausezahn. I have tests that add over 10 million fdbs on
> devices for a few seconds.
Of course it isn't new, but that doesn't make the situation in any way better,
quite the opposite...
> The point is it's not the bridge's task to limit memory consumption or to watch for resource
> management. You can limit new entries from the device driver (in case of swdev learning) or
> you can use a daemon to watch the number of entries and disable learning. There are many
> different ways to avoid this. We've discussed it before and I don't mind adding a hard fdb
> per-port limit in the bridge as long as it's done properly. We've also discussed LRU and similar
> algorithms for fdb learning and eviction. But any hardcoded limits or limits that can break
> current default use cases are unacceptable, they must be opt-in.
I don't think you can really say that it's not the bridge's task to
limit memory consumption when what it does is essentially allocate
memory from untrusted and unbounded user input, in kernel softirq
context.
That's in fact the problem, the kernel OOM killer will kick in, but
there will be no process to kill. This is why the kernel deadlocks on
memory and dies.
Maybe where our expectations differ is that I believe that a Linux
bridge shouldn't need gazillions of tweaks to not kill the kernel?
There are many devices in production using a bridge without such
configuration, you can't just make it opt-in.
Of course, performance under heavy stress is a separate concern, and
maybe user space monitoring would be a better idea for that.
I know you changed jobs, but did Cumulus Linux have an application to
monitor and limit the FDB entry count? Is there some standard
application which does this somewhere, or does everybody roll their own?
Anyway, limiting FDB entry count from user space is still theoretically
different from not dying. If you need to schedule a task to dispose of
the weight while the ship is sinking from softirq context, you may never
get to actually schedule that task in time. AFAIK the bridge UAPI doesn't
expose a pre-programmed limit, so what needs to be done is for user
space to manually delete entries until the count falls below the limit.
next prev parent reply other threads:[~2022-07-06 20:21 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 15:21 [PATCH V3 net-next 0/4] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Hans Schultz
2022-05-24 15:21 ` [PATCH V3 net-next 1/4] net: bridge: add fdb flag to extent locked port feature Hans Schultz
2022-05-24 15:39 ` Nikolay Aleksandrov
2022-05-24 16:08 ` Hans Schultz
2022-05-24 16:21 ` Hans Schultz
2022-05-25 8:06 ` Nikolay Aleksandrov
2022-05-25 8:34 ` Hans Schultz
2022-05-25 8:38 ` Nikolay Aleksandrov
2022-05-25 9:11 ` Hans Schultz
2022-05-25 10:18 ` Nikolay Aleksandrov
2022-07-06 18:13 ` Vladimir Oltean
2022-07-06 19:38 ` Nikolay Aleksandrov
2022-07-06 20:21 ` Vladimir Oltean [this message]
2022-07-06 21:01 ` Nikolay Aleksandrov
2022-07-07 14:08 ` Nikolay Aleksandrov
2022-07-07 17:15 ` Vladimir Oltean
2022-07-07 17:26 ` Nikolay Aleksandrov
2022-07-08 6:38 ` Hans S
2022-05-26 14:13 ` Ido Schimmel
2022-05-27 8:52 ` Hans Schultz
2022-05-27 9:58 ` Ido Schimmel
2022-05-27 16:00 ` Hans Schultz
2022-05-31 9:34 ` Hans Schultz
2022-05-31 14:23 ` Ido Schimmel
2022-05-31 15:49 ` Hans Schultz
2022-06-02 9:17 ` Hans Schultz
2022-06-02 9:33 ` Nikolay Aleksandrov
2022-06-02 10:17 ` Hans Schultz
2022-06-02 10:30 ` Nikolay Aleksandrov
2022-06-02 10:39 ` Ido Schimmel
2022-06-02 11:36 ` Hans Schultz
2022-06-02 11:55 ` Ido Schimmel
2022-06-02 12:08 ` Hans Schultz
2022-06-02 12:18 ` Ido Schimmel
2022-06-02 13:27 ` Hans S
2022-05-24 15:21 ` [PATCH V3 net-next 2/4] net: switchdev: add support for offloading of fdb locked flag Hans Schultz
2022-06-27 16:06 ` Vladimir Oltean
2022-05-24 15:21 ` [PATCH V3 net-next 3/4] net: dsa: mv88e6xxx: mac-auth/MAB implementation Hans Schultz
2022-05-24 21:36 ` kernel test robot
2022-06-27 12:58 ` Hans S
2022-06-27 18:05 ` Vladimir Oltean
2022-06-28 12:26 ` Hans S
2022-07-05 15:05 ` Hans S
2022-07-06 13:28 ` Vladimir Oltean
2022-07-06 13:48 ` Hans S
2022-07-06 8:55 ` Vladimir Oltean
2022-07-06 10:12 ` Hans S
2022-07-06 14:23 ` Hans S
2022-07-06 14:33 ` Vladimir Oltean
2022-07-06 15:38 ` Hans S
2022-07-07 6:54 ` Hans S
2022-05-24 15:21 ` [PATCH V3 net-next 4/4] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests Hans Schultz
2022-05-26 14:27 ` Ido Schimmel
2022-05-27 9:07 ` Hans Schultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220706202130.ehzxnnqnduaq3rmt@skbuf \
--to=olteanv@gmail.com \
--cc=andrew@lunn.ch \
--cc=bridge@lists.linux-foundation.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=idosch@nvidia.com \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=schultz.hans@gmail.com \
--cc=shuah@kernel.org \
--cc=vivien.didelot@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).