* [PATCH] net/ip6_tunnel: Prevent perpetual tunnel growth
@ 2025-10-07 6:08 Dmitry Safonov via B4 Relay
2025-10-08 1:37 ` Jakub Kicinski
0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Safonov via B4 Relay @ 2025-10-07 6:08 UTC (permalink / raw)
To: David S. Miller, David Ahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, Simon Horman, Tom Herbert
Cc: netdev, linux-kernel, Florian Westphal, Francesco Ruggeri,
Dmitry Safonov
From: Dmitry Safonov <dima@arista.com>
Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too.
While ipv4 tunnel headroom adjustment growth was limited in
commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"),
ipv6 tunnel yet increases the headroom without any ceiling.
Reflect ipv4 tunnel headroom adjustment limit on ipv6 version.
Credits to Francesco Ruggeri, who was originally debugging this issue
and wrote local Arista-specific patch and a reproducer.
Fixes: 8eb30be0352d ("ipv6: Create ip6_tnl_xmit")
Cc: Florian Westphal <fw@strlen.de>
Cc: Francesco Ruggeri <fruggeri05@gmail.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
include/net/ip_tunnels.h | 15 +++++++++++++++
net/ipv4/ip_tunnel.c | 14 --------------
net/ipv6/ip6_tunnel.c | 3 +--
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 4314a97702eae094f2defc65d914390864c21006..d88532c0fbcd30110e41907722fcaf31ce2e4fda 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -611,6 +611,21 @@ struct metadata_dst *iptunnel_metadata_reply(struct metadata_dst *md,
int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst,
int headroom, bool reply);
+static inline void ip_tunnel_adj_headroom(struct net_device *dev,
+ unsigned int headroom)
+{
+ /* we must cap headroom to some upperlimit, else pskb_expand_head
+ * will overflow header offsets in skb_headers_offset_update().
+ */
+ static const unsigned int max_allowed = 512;
+
+ if (headroom > max_allowed)
+ headroom = max_allowed;
+
+ if (headroom > READ_ONCE(dev->needed_headroom))
+ WRITE_ONCE(dev->needed_headroom, headroom);
+}
+
int iptunnel_handle_offloads(struct sk_buff *skb, int gso_type_mask);
static inline int iptunnel_pull_offloads(struct sk_buff *skb)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index aaeb5d16f0c9a46d90564dc2b6d7fd0a5b33d037..158a30ae7c5f2f1fa39eea7c3d64e36fb5f7551a 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -568,20 +568,6 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
return 0;
}
-static void ip_tunnel_adj_headroom(struct net_device *dev, unsigned int headroom)
-{
- /* we must cap headroom to some upperlimit, else pskb_expand_head
- * will overflow header offsets in skb_headers_offset_update().
- */
- static const unsigned int max_allowed = 512;
-
- if (headroom > max_allowed)
- headroom = max_allowed;
-
- if (headroom > READ_ONCE(dev->needed_headroom))
- WRITE_ONCE(dev->needed_headroom, headroom);
-}
-
void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
u8 proto, int tunnel_hlen)
{
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 3262e81223dfc859a06b55087d5dac20f43e6c11..6405072050e0ef7521ca1fdddc4a0252e2159d2a 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1257,8 +1257,7 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield,
*/
max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr)
+ dst->header_len + t->hlen;
- if (max_headroom > READ_ONCE(dev->needed_headroom))
- WRITE_ONCE(dev->needed_headroom, max_headroom);
+ ip_tunnel_adj_headroom(dev, max_headroom);
err = ip6_tnl_encap(skb, t, &proto, fl6);
if (err)
---
base-commit: c746c3b5169831d7fb032a1051d8b45592ae8d78
change-id: 20251007-ip6_tunnel-headroom-ba968a2a943a
Best regards,
--
Dmitry Safonov <dima@arista.com>
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-07 6:08 [PATCH] net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Safonov via B4 Relay
@ 2025-10-08 1:37 ` Jakub Kicinski
2025-10-09 14:43 ` Dmitry Safonov
0 siblings, 1 reply; 3+ messages in thread
From: Jakub Kicinski @ 2025-10-08 1:37 UTC (permalink / raw)
To: Dmitry Safonov via B4 Relay
Cc: dima, David S. Miller, David Ahern, Eric Dumazet, Paolo Abeni,
Simon Horman, Tom Herbert, netdev, linux-kernel, Florian Westphal,
Francesco Ruggeri
On Tue, 07 Oct 2025 07:08:36 +0100 Dmitry Safonov via B4 Relay wrote:
> + static const unsigned int max_allowed = 512;
nit: could we drop this 'static' while we move the code?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-08 1:37 ` Jakub Kicinski
@ 2025-10-09 14:43 ` Dmitry Safonov
0 siblings, 0 replies; 3+ messages in thread
From: Dmitry Safonov @ 2025-10-09 14:43 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Dmitry Safonov via B4 Relay, David S. Miller, David Ahern,
Eric Dumazet, Paolo Abeni, Simon Horman, Tom Herbert, netdev,
linux-kernel, Florian Westphal, Francesco Ruggeri
On Wed, Oct 8, 2025 at 2:37 AM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Tue, 07 Oct 2025 07:08:36 +0100 Dmitry Safonov via B4 Relay wrote:
> > + static const unsigned int max_allowed = 512;
>
> nit: could we drop this 'static' while we move the code?
Yep, thanks, will send v2 with static dropped.
Thanks,
Dmitry
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-09 14:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-07 6:08 [PATCH] net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Safonov via B4 Relay
2025-10-08 1:37 ` Jakub Kicinski
2025-10-09 14:43 ` Dmitry Safonov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).