lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <07bb0ad3-c3e9-4a23-6e75-c3df6a557dcf@redhat.com>
Date:   Wed, 26 Feb 2020 12:02:01 +0800
From:   Jason Wang <jasowang@...hat.com>
To:     David Ahern <dahern@...italocean.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: virtio_net: can change MTU after installing program


On 2020/2/26 上午11:32, David Ahern wrote:
> Another issue is that virtio_net checks the MTU when a program is
> installed, but does not restrict an MTU change after:
>
> # ip li sh dev eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 xdp qdisc fq_codel
> state UP mode DEFAULT group default qlen 1000
>      link/ether 5a:39:e6:01:a5:36 brd ff:ff:ff:ff:ff:ff
>      prog/xdp id 13 tag c5595e4590d58063 jited
>
> # ip li set dev eth0 mtu 8192
>
> # ip li sh dev eth0
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8192 xdp qdisc fq_codel
> state UP mode DEFAULT group default qlen 1000
>
>
> The simple solution is:
>
> @@ -2489,6 +2495,8 @@ static int virtnet_xdp_set(struct net_device *dev,
> struct bpf_prog *prog,
>                  }
>          }
>
> +       dev->max_mtu = prog ? max_sz : MAX_MTU;
> +
>          return 0;
>
>   err:
>
> The complicated solution is to implement ndo_change_mtu.


Right, this issue has been there for years. Qemu (or libvirt) should 
configure TAP MTU accordingly. But there's no way for driver to tell 
device about the MTU it wants to use. We need fix this.


>
> The simple solution causes a user visible change with 'ip -d li sh' by
> showing a changing max mtu, but the ndo has a poor user experience in
> that it just fails EINVAL (their is no extack) which is confusing since,
> for example, 8192 is a totally legit MTU. Changing the max does return a
> nice extack message.


Or for simplicity, just forbid changing MTU when program is installed?

Thanks


>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ