From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Jakub Kicinski <kuba@kernel.org>,
Samuel Moelius <sam.moelius@trailofbits.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>,
Jiri Pirko <jiri@resnulli.us>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
"moderated list:CAKE QDISC" <cake@lists.bufferbloat.net>,
"open list:TC subsystem" <netdev@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net v2] net/sched: cake: reject overhead values that underflow length
Date: Mon, 15 Jun 2026 13:21:12 +0200 [thread overview]
Message-ID: <87wlw0gic7.fsf@toke.dk> (raw)
In-Reply-To: <20260613142626.1b2183eb@kernel.org>
Jakub Kicinski <kuba@kernel.org> writes:
> On Tue, 9 Jun 2026 23:29:36 +0000 Samuel Moelius wrote:
>> +static const struct netlink_range_validation_signed cake_overhead_range = {
>> + .min = -64,
>> + .max = 256,
>
> Both Sashiko's complain - these values are neither safe nor sufficient.
>
> How was the -64 chosen? It looks suspiciously close the min ethernet
> frame length. But in that case (a) FCS doesn't count so 60, and
> (b) even IPv4 TCP packets can be shorter (at qdisc layer) than 64B
> leading to underflow...
>
> I see min rate in cake is 64 but I don't see any other meaning of the
> 64 literal.
>
> Toke, WDYT? Should we use a smaller constant (ETH_HLEN?) or do the
> check on the datapath?
Hmm, we do actually have a check on the datapath already, so just
amending that like the second Sashiko suggestion should add no
additional runtime overhead. In which case there's no reason to add the
policy at all, I suppose.
So basically:
diff --git i/net/sched/sch_cake.c w/net/sched/sch_cake.c
index a3c185505afc..259e4b8d09c5 100644
--- i/net/sched/sch_cake.c
+++ w/net/sched/sch_cake.c
@@ -1389,10 +1389,7 @@ static u32 cake_calc_overhead(struct cake_sched_data *qd, u32 len, u32 off)
if (qd->min_netlen > len)
WRITE_ONCE(qd->min_netlen, len);
- len += q->rate_overhead;
-
- if (len < q->rate_mpu)
- len = q->rate_mpu;
+ len = max((s32)len + q->rate_overhead, (s32)q->rate_mpu);
if (q->atm_mode == CAKE_ATM_ATM) {
len += 47;
(Sashiko suggests using max_t, but that seems a bit redundant when
there's already casts in the operands, no?)
-Toke
prev parent reply other threads:[~2026-06-15 11:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 23:29 [PATCH net v2] net/sched: cake: reject overhead values that underflow length Samuel Moelius
2026-06-10 0:45 ` Jakub Kicinski
2026-06-10 0:55 ` Samuel Moelius
2026-06-10 1:46 ` Jakub Kicinski
2026-06-10 8:06 ` Toke Høiland-Jørgensen
2026-06-13 21:26 ` Jakub Kicinski
2026-06-15 11:21 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wlw0gic7.fsf@toke.dk \
--to=toke@toke.dk \
--cc=cake@lists.bufferbloat.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sam.moelius@trailofbits.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox