| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Apr 2020 14:44:53 -0700
From: Pravin Shelar <pravin.ovn@...il.com>
To: Tonghao Zhang <xiangxia.m.yue@...il.com>
Cc: Andy Zhou <azhou@....org>, Ben Pfaff <blp@....org>,
William Tu <u9012063@...il.com>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
ovs dev <dev@...nvswitch.org>
Subject: Re: [PATCH net-next v2 2/5] net: openvswitch: set max limitation to meters
On Sun, Apr 19, 2020 at 5:28 PM Tonghao Zhang <xiangxia.m.yue@...il.com> wrote:
>
> On Mon, Apr 20, 2020 at 1:31 AM Pravin Shelar <pravin.ovn@...il.com> wrote:
> >
> > On Sat, Apr 18, 2020 at 10:25 AM <xiangxia.m.yue@...il.com> wrote:
> > >
> > > From: Tonghao Zhang <xiangxia.m.yue@...il.com>
> > >
> > > Don't allow user to create meter unlimitedly,
> > > which may cause to consume a large amount of kernel memory.
> > > The 200,000 meters may be fine in general case.
> > >
> > > Cc: Pravin B Shelar <pshelar@....org>
> > > Cc: Andy Zhou <azhou@....org>
> > > Signed-off-by: Tonghao Zhang <xiangxia.m.yue@...il.com>
> > > ---
> > > net/openvswitch/meter.c | 21 +++++++++++++++------
> > > net/openvswitch/meter.h | 1 +
> > > 2 files changed, 16 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/net/openvswitch/meter.c b/net/openvswitch/meter.c
> > > index 494a0014ecd8..1b6776f9c109 100644
> > > --- a/net/openvswitch/meter.c
> > > +++ b/net/openvswitch/meter.c
> > > @@ -137,6 +137,7 @@ static int attach_meter(struct dp_meter_table *tbl, struct dp_meter *meter)
> > > {
> > > struct dp_meter_instance *ti = rcu_dereference_ovsl(tbl->ti);
> > > u32 hash = meter_hash(ti, meter->id);
> > > + int err;
> > >
> > > /*
> > > * In generally, slot selected should be empty, because
> > > @@ -148,16 +149,24 @@ static int attach_meter(struct dp_meter_table *tbl, struct dp_meter *meter)
> > > dp_meter_instance_insert(ti, meter);
> > >
> > > /* That function is thread-safe. */
> > > - if (++tbl->count >= ti->n_meters)
> > > - if (dp_meter_instance_realloc(tbl, ti->n_meters * 2))
> > > - goto expand_err;
> > > + tbl->count++;
> > > + if (tbl->count > DP_METER_NUM_MAX) {
> > > + err = -EFBIG;
> > > + goto attach_err;
> > > + }
> > > +
> > > + if (tbl->count >= ti->n_meters &&
> > > + dp_meter_instance_realloc(tbl, ti->n_meters * 2)) {
> > > + err = -ENOMEM;
> > > + goto attach_err;
> > > + }
> > >
> > > return 0;
> > >
> > > -expand_err:
> > > +attach_err:
> > > dp_meter_instance_remove(ti, meter);
> > > tbl->count--;
> > > - return -ENOMEM;
> > > + return err;
> > > }
> > >
> > > static void detach_meter(struct dp_meter_table *tbl, struct dp_meter *meter)
> > > @@ -264,7 +273,7 @@ static int ovs_meter_cmd_features(struct sk_buff *skb, struct genl_info *info)
> > > if (IS_ERR(reply))
> > > return PTR_ERR(reply);
> > >
> > > - if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, U32_MAX) ||
> > > + if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, DP_METER_NUM_MAX) ||
> > > nla_put_u32(reply, OVS_METER_ATTR_MAX_BANDS, DP_MAX_BANDS))
> > > goto nla_put_failure;
> > >
> > > diff --git a/net/openvswitch/meter.h b/net/openvswitch/meter.h
> > > index d91940383bbe..cdfc6b9dbd42 100644
> > > --- a/net/openvswitch/meter.h
> > > +++ b/net/openvswitch/meter.h
> > > @@ -19,6 +19,7 @@ struct datapath;
> > >
> > > #define DP_MAX_BANDS 1
> > > #define DP_METER_ARRAY_SIZE_MIN (1ULL << 10)
> > > +#define DP_METER_NUM_MAX (200000ULL)
> > >
> > Lets make it configurable and default could 200k to allow
> > customization on different memory configurations.
> Great, set different limit depend on current system memory size like tcp ?
Yes. that could be useful.
Powered by blists - more mailing lists