[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180116020920.20232-1-dja@axtens.net>
Date: Tue, 16 Jan 2018 13:09:17 +1100
From: Daniel Axtens <dja@...ens.net>
To: netdev@...r.kernel.org
Cc: Daniel Axtens <dja@...ens.net>, Manish.Chopra@...ium.com,
dev@...nvswitch.org
Subject: [PATCH 0/3] Check gso_size of packets when forwarding
When regular packets are forwarded, we validate their size against the
MTU of the destination device. However, when GSO packets are
forwarded, we do not validate their size against the MTU. We
implicitly assume that when they are segmented, the resultant packets
will be correctly sized.
This is not always the case.
We observed a case where a packet received on an ibmveth device had a
GSO size of around 10kB. This was forwarded by Open vSwitch to a bnx2x
device, where it caused a firmware assert. This is described in detail
at [0] and was the genesis of this series. Rather than fixing it in
the driver, this series fixes the forwarding path.
To fix this:
- Move a helper in patch 1.
- Validate GSO segment lengths in is_skb_forwardable() in the GSO
case, rather than assuming all will be well. This fixes bridges.
This is patch 2.
- Open vSwitch uses its own slightly specialised algorithm for
checking lengths. Wire up checking for that in patch 3.
[0]: https://patchwork.ozlabs.org/patch/859410/
Cc: Manish.Chopra@...ium.com
Cc: dev@...nvswitch.org
Daniel Axtens (3):
net: move skb_gso_mac_seglen to skbuff.h
net: is_skb_forwardable: validate length of GSO packet segments
openvswitch: drop GSO packets that are too large
include/linux/skbuff.h | 16 ++++++++++++++++
net/core/dev.c | 7 ++++---
net/core/skbuff.c | 34 ++++++++++++++++++++++++++++++++++
net/openvswitch/vport.c | 37 ++++++++++++++++++++++++++++++-------
net/sched/sch_tbf.c | 10 ----------
5 files changed, 84 insertions(+), 20 deletions(-)
--
2.14.1
Powered by blists - more mailing lists