From: Nikolay Aleksandrov <razor@blackwall.org>
To: Johannes Nixdorf <jnixdorf-oss@avm.de>, netdev@vger.kernel.org
Cc: bridge@lists.linux-foundation.org,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>
Subject: Re: [PATCH net-next 1/2] bridge: Add a limit on FDB entries
Date: Tue, 16 May 2023 11:38:11 +0300 [thread overview]
Message-ID: <a1d13117-a0c5-d06e-86b7-eacf4811102f@blackwall.org> (raw)
In-Reply-To: <20230515085046.4457-1-jnixdorf-oss@avm.de>
On 15/05/2023 11:50, Johannes Nixdorf wrote:
> A malicious actor behind one bridge port may spam the kernel with packets
> with a random source MAC address, each of which will create an FDB entry,
> each of which is a dynamic allocation in the kernel.
>
> There are roughly 2^48 different MAC addresses, further limited by the
> rhashtable they are stored in to 2^31. Each entry is of the type struct
> net_bridge_fdb_entry, which is currently 128 bytes big. This means the
> maximum amount of memory allocated for FDB entries is 2^31 * 128B =
> 256GiB, which is too much for most computers.
>
> Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES,
> which, if nonzero, limits the amount of entries to a user specified
> maximum.
>
> For backwards compatibility the default setting of 0 disables the limit.
>
> All changes to fdb_n_entries are under br->hash_lock, which means we do
> not need additional locking. The call paths are (✓ denotes that
> br->hash_lock is taken around the next call):
>
> - fdb_delete <-+- fdb_delete_local <-+- br_fdb_changeaddr ✓
> | +- br_fdb_change_mac_address ✓
> | +- br_fdb_delete_by_port ✓
> +- br_fdb_find_delete_local ✓
> +- fdb_add_local <-+- br_fdb_changeaddr ✓
> | +- br_fdb_change_mac_address ✓
> | +- br_fdb_add_local ✓
> +- br_fdb_cleanup ✓
> +- br_fdb_flush ✓
> +- br_fdb_delete_by_port ✓
> +- fdb_delete_by_addr_and_port <--- __br_fdb_delete ✓
> +- br_fdb_external_learn_del ✓
> - fdb_create <-+- fdb_add_local <-+- br_fdb_changeaddr ✓
> | +- br_fdb_change_mac_address ✓
> | +- br_fdb_add_local ✓
> +- br_fdb_update ✓
> +- fdb_add_entry <--- __br_fdb_add ✓
> +- br_fdb_external_learn_add ✓
>
> Signed-off-by: Johannes Nixdorf <jnixdorf-oss@avm.de>
> ---
> include/uapi/linux/if_link.h | 1 +
> net/bridge/br_device.c | 2 ++
> net/bridge/br_fdb.c | 6 ++++++
> net/bridge/br_netlink.c | 9 ++++++++-
> net/bridge/br_private.h | 2 ++
> 5 files changed, 19 insertions(+), 1 deletion(-)
>
I completely missed the fact that you don't deal with the situation where you already have fdbs created
and a limit is set later, then it would be useless because it will start counting from 0 even though
there are already entries. Also another issue that came to mind is that you don't deal with fdb_create()
for "special" entries, i.e. when adding a port. Currently it will print an error, but you should revisit
all callers and see where it might be a problem.
next prev parent reply other threads:[~2023-05-16 8:38 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-15 8:50 [PATCH net-next 1/2] bridge: Add a limit on FDB entries Johannes Nixdorf
2023-05-15 8:50 ` [PATCH net-next 2/2] bridge: Add a sysctl to limit new brides " Johannes Nixdorf
2023-05-15 9:35 ` Nikolay Aleksandrov
2023-05-15 11:27 ` Johannes Nixdorf
2023-05-16 8:27 ` Nikolay Aleksandrov
2023-05-15 15:56 ` Stephen Hemminger
2023-05-16 8:27 ` Johannes Nixdorf
2023-05-15 23:57 ` kernel test robot
2023-05-15 9:35 ` [PATCH net-next 1/2] bridge: Add a limit on " Nikolay Aleksandrov
2023-05-16 8:12 ` Johannes Nixdorf
2023-05-16 8:21 ` Nikolay Aleksandrov
2023-05-16 8:30 ` Nikolay Aleksandrov
2023-05-16 8:38 ` Nikolay Aleksandrov [this message]
2023-05-16 8:53 ` Johannes Nixdorf
2023-05-16 8:56 ` Nikolay Aleksandrov
2023-05-16 10:21 ` Vladimir Oltean
2023-05-16 10:32 ` Nikolay Aleksandrov
2023-05-16 10:44 ` Vladimir Oltean
2023-05-16 10:47 ` Nikolay Aleksandrov
2023-05-16 10:55 ` Vladimir Oltean
2023-05-16 11:04 ` Nikolay Aleksandrov
2023-05-16 11:10 ` Vladimir Oltean
2023-05-16 11:18 ` Nikolay Aleksandrov
2023-05-26 8:37 ` Johannes Nixdorf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1d13117-a0c5-d06e-86b7-eacf4811102f@blackwall.org \
--to=razor@blackwall.org \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jnixdorf-oss@avm.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=roopa@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).