lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Nov 2014 16:16:07 +0000
From:	David Laight <David.Laight@...LAB.COM>
To:	"'Nelson, Shannon'" <shannon.nelson@...el.com>,
	Eric Dumazet <eric.dumazet@...il.com>,
	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>
CC:	"davem@...emloft.net" <davem@...emloft.net>,
	"Kong, Serey" <serey.kong@...el.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"nhorman@...hat.com" <nhorman@...hat.com>,
	"sassmann@...hat.com" <sassmann@...hat.com>,
	"jogreene@...hat.com" <jogreene@...hat.com>
Subject: RE: [net-next 03/12] i40e: Handle a single mss packet with more
 than 8 frags

From: Nelson, Shannon
> > From: Eric Dumazet [mailto:eric.dumazet@...il.com]
> > Sent: Saturday, November 15, 2014 10:22 AM
> >
> > On Fri, 2014-11-14 at 22:08 -0800, Jeff Kirsher wrote:
> > > From: Serey Kong <serey.kong@...el.com>
> > >
> > > This handles the case where a single packet with more than 8 data
> > > descriptors triggers a Malicious Driver Detect event in the device.
> > >
> 
> [...]
> 
> > > -	if (tx_flags & (I40E_TX_FLAGS_TSO | I40E_TX_FLAGS_FSO))
> > > +	if (tx_flags & (I40E_TX_FLAGS_TSO | I40E_TX_FLAGS_FSO)) {
> > >  		gso_segs = skb_shinfo(skb)->gso_segs;
> > > -	else
> > > +	} else {
> > >  		gso_segs = 1;
> > > +		if (skb_shinfo(skb)->nr_frags >= I40E_MAX_BUFFER_TXD)
> > > +			skb_linearize(skb);
> >
> > What exactly happens if skb_linearize() fails ?
> >
> > Is this "Malicious Driver Detect event" fatal or simply packet is
> > dropped without additional harm ?
> 
> This typically hits when there are many little TSO packets in a single MTU size frame.  The hardware
> doesn't like dealing with more than 8 separate buffers.

Except that a TSO packet is likely to be just under 64k and comprise of
a small header and 16 other fragments - most of which will be a complete 4k page.

If the hardware can't handle such packets then I suspect you can't actually
use TSO - which makes the device pretty useless.

If the problem is just too many fragment boundaries within a small number
of bytes then you need to detect that specific problem - probably merging
the adjacent small fragments into one that is large enough.

	David

Powered by blists - more mailing lists