From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85461C43381 for ; Thu, 14 Mar 2019 14:56:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 574112087C for ; Thu, 14 Mar 2019 14:56:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RjSjOj6i" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726914AbfCNO4P (ORCPT ); Thu, 14 Mar 2019 10:56:15 -0400 Received: from mail-yw1-f66.google.com ([209.85.161.66]:40297 "EHLO mail-yw1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726193AbfCNO4O (ORCPT ); Thu, 14 Mar 2019 10:56:14 -0400 Received: by mail-yw1-f66.google.com with SMTP id p64so1339634ywg.7 for ; Thu, 14 Mar 2019 07:56:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=8iM7pYpJF7MnbCG/MqEDtjUJV04j+AtxW5B7oEbIE3M=; b=RjSjOj6i3ifK+bD5EVK5LkUCciOyshPxhu/FMiBtXW+uiWmP2YA3e3cviGXEkOlShE UHscmwgLg2pR/O1BVcDjaduM5QOBkWCAyWl0l0qvbOzFZZDNx34bIwcNKPVUXkXNZ74J +DVI6Ob7dnJ6UWgNMBGsDow+VFGgfbcMxRA1Sj2ngrhkOQLG29fYyo+cGmeDGzhWuEFO GhzHzUMVRtWRmjjhSv5vCfyTMK38ttRNH2Hb+75ZZDo4v+3BVv3OIutwRgpCr28nRXtT YHrt7bIeiJqlt50x9l8Kh/R14b1T0fb86ANBg4+o0lBc0CmhCKArBe/roTaKVsgaZFQ2 3Z4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=8iM7pYpJF7MnbCG/MqEDtjUJV04j+AtxW5B7oEbIE3M=; b=h/OmF9X6Qg+HHk+UGHWpDjNTcyT/0wItHruMHGtnXWs+LcUKhKWN++Wq2BGndJiSEO 2b6PrFM36VG2I6Kbf9E7z2OUkB4Xj1WA5ox8de3SCMlAWjEWrz4prJBjyg2cl2T8g0ey 2Dx1i2XPuB9e7brlhrWI1t0yVfuSR9gEDjRNY4VkISltX50KlVuUofATlfwRG5U0kty2 epPsID/AFisLZLRzier22m4b9oIJ3eYFV0D0Aj5M+3QhAnU8Qnc5xQ5r/qr4YfZRL3J9 aLm8mjxSl5Md+S7gsQt8j05P5MZpQ5sZcfDS6MTBFaYMwNt7sCAZXwjr3GhcruwnotyV VlvQ== X-Gm-Message-State: APjAAAWyOPDoyVjv5O8sUsFCXngLx7Wy/V4k0ESeUHU3YEF82rKKJfg4 bOd7NE+Gv6aff9dVvM3jfWw= X-Google-Smtp-Source: APXvYqy722+HGxHgoWpTzYaXlD3nAc2vXORnXuNKYrBvA5mrTzVVZ2cmqm2n7MS4A+ETShXhwwuShQ== X-Received: by 2002:a25:e686:: with SMTP id d128mr40151484ybh.193.1552575373956; Thu, 14 Mar 2019 07:56:13 -0700 (PDT) Received: from [192.168.88.179] ([107.241.92.150]) by smtp.gmail.com with ESMTPSA id r5sm6276402ywc.58.2019.03.14.07.56.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Mar 2019 07:56:13 -0700 (PDT) Subject: Re: [PATCH net] net: enforce xmit_recursion for devices with a queue To: Sabrina Dubroca Cc: netdev@vger.kernel.org, Jianlin Shi , Stefano Brivio References: <6d9ed6c448a5c855e05abf19c205f33a66b6ff40.1552557395.git.sd@queasysnail.net> <20190314141505.GA1953@bistromath.localdomain> From: Eric Dumazet Message-ID: Date: Thu, 14 Mar 2019 07:56:10 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190314141505.GA1953@bistromath.localdomain> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 03/14/2019 07:15 AM, Sabrina Dubroca wrote: > 2019-03-14, 05:58:03 -0700, Eric Dumazet wrote: >> >> >> On 03/14/2019 03:15 AM, Sabrina Dubroca wrote: >>> Commit 745e20f1b626 ("net: add a recursion limit in xmit path") >>> introduced a recursion limit, but it only applies to devices without a >>> queue. Virtual devices with a queue (either because they don't have >>> the IFF_NO_QUEUE flag, or because the administrator added one) can >>> still cause an unbounded recursion, via __dev_queue_xmit -> >>> __dev_xmit_skb -> qdisc_run -> __qdisc_run -> qdisc_restart -> >>> sch_direct_xmit -> dev_hard_start_xmit . Jianlin reported this in a >>> setup with 16 gretap devices stacked on top of one another. >>> >>> This patch prevents the stack overflow by incrementing xmit_recursion in >>> code paths that can call dev_hard_start_xmit() (like commit 745e20f1b626 >>> did). If the recursion limit is exceeded, the packet is enqueued and the >>> qdisc is scheduled. >>> >>> Reported-by: Jianlin Shi >>> Signed-off-by: Sabrina Dubroca >>> Reviewed-by: Stefano Brivio >> >> Hi Sabrina, thanks for the patch. >> >> Can't we detect this in the control path instead ? > > I don't see how. You could have a perfectly reasonable set of gretap > devices that trigger this situation from simply reshuffling the IP > addresses: > > gretap$x remote 1.1.$((x-1)).{1,2} > (all those addresses set on a single veth device) > > Then you move those addresses to the corresponding device > (1.1.${x}.{1,2} on gretap$x), and your machine crashes. > If this only can be done with gretap, why gretap cant implement the protection, outside of the fast path ? Thanks.