lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 23 Mar 2022 10:14:46 +0800
Cc:     Tonghao Zhang <>,
        Jamal Hadi Salim <>,
        Cong Wang <>,
        Jiri Pirko <>,
        "David S. Miller" <>,
        Jakub Kicinski <>,
        Jonathan Lemon <>,
        Eric Dumazet <>,
        Alexander Lobakin <>,
        Paolo Abeni <>,
        Talal Ahmad <>,
        Kevin Hao <>,
        Ilias Apalodimas <>,
        Kees Cook <>,
        Kumar Kartikeya Dwivedi <>,
        Antoine Tenart <>,
        Wei Wang <>, Arnd Bergmann <>
Subject: [net-next v11 1/2] net: sched: use queue_mapping to pick tx queue

From: Tonghao Zhang <>

This patch fixes issue:
* If we install tc filters with act_skbedit in clsact hook.
  It doesn't work, because netdev_core_pick_tx() overwrites

  $ tc filter ... action skbedit queue_mapping 1

And this patch is useful:
* We can use FQ + EDT to implement efficient policies. Tx queues
  are picked by xps, ndo_select_queue of netdev driver, or skb hash
  in netdev_core_pick_tx(). In fact, the netdev driver, and skb
  hash are _not_ under control. xps uses the CPUs map to select Tx
  queues, but we can't figure out which task_struct of pod/containter
  running on this cpu in most case. We can use clsact filters to classify
  one pod/container traffic to one Tx queue. Why ?

  In containter networking environment, there are two kinds of pod/
  containter/net-namespace. One kind (e.g. P1, P2), the high throughput
  is key in these applications. But avoid running out of network resource,
  the outbound traffic of these pods is limited, using or sharing one
  dedicated Tx queues assigned HTB/TBF/FQ Qdisc. Other kind of pods
  (e.g. Pn), the low latency of data access is key. And the traffic is not
  limited. Pods use or share other dedicated Tx queues assigned FIFO Qdisc.
  This choice provides two benefits. First, contention on the HTB/FQ Qdisc
  lock is significantly reduced since fewer CPUs contend for the same queue.
  More importantly, Qdisc contention can be eliminated completely if each
  CPU has its own FIFO Qdisc for the second kind of pods.

  There must be a mechanism in place to support classifying traffic based on
  pods/container to different Tx queues. Note that clsact is outside of Qdisc
  while Qdisc can run a classifier to select a sub-queue under the lock.

  In general recording the decision in the skb seems a little heavy handed.
  This patch introduces a per-CPU variable, suggested by Eric.

  The xmit.skip_txqueue flag is firstly cleared in __dev_queue_xmit().
  - Tx Qdisc may install that skbedit actions, then xmit.skip_txqueue flag
    is set in qdisc->enqueue() though tx queue has been selected in
    netdev_tx_queue_mapping() or netdev_core_pick_tx(). That flag is cleared
    firstly in __dev_queue_xmit(), is useful:
  - Avoid picking Tx queue with netdev_tx_queue_mapping() in next netdev
    in such case: eth0 macvlan - eth0.3 vlan - eth0 ixgbe-phy:
    For example, eth0, macvlan in pod, which root Qdisc install skbedit
    queue_mapping, send packets to eth0.3, vlan in host. In __dev_queue_xmit() of
    eth0.3, clear the flag, does not select tx queue according to skb->queue_mapping
    because there is no filters in clsact or tx Qdisc of this netdev.
    Same action taked in eth0, ixgbe in Host.
  - Avoid picking Tx queue for next packet. If we set xmit.skip_txqueue
    in tx Qdisc (qdisc->enqueue()), the proper way to clear it is clearing it
    in __dev_queue_xmit when processing next packets.

  For performance reasons, use the static key. If user does not config the NET_EGRESS,
  the patch will not be compiled.

  +----+      +----+      +----+
  | P1 |      | P2 |      | Pn |
  +----+      +----+      +----+
    |           |           |
                | clsact/skbedit
                |      MQ
    | q0        | q1        | qn
    v           v           v
  HTB/FQ      HTB/FQ  ...  FIFO

Cc: Jamal Hadi Salim <>
Cc: Cong Wang <>
Cc: Jiri Pirko <>
Cc: "David S. Miller" <>
Cc: Jakub Kicinski <>
Cc: Jonathan Lemon <>
Cc: Eric Dumazet <>
Cc: Alexander Lobakin <>
Cc: Paolo Abeni <>
Cc: Talal Ahmad <>
Cc: Kevin Hao <>
Cc: Ilias Apalodimas <>
Cc: Kees Cook <>
Cc: Kumar Kartikeya Dwivedi <>
Cc: Antoine Tenart <>
Cc: Wei Wang <>
Cc: Arnd Bergmann <>
Suggested-by: Eric Dumazet <>
Signed-off-by: Tonghao Zhang <>
Acked-by: Jamal Hadi Salim <>
 include/linux/netdevice.h |  3 +++
 include/linux/rtnetlink.h |  1 +
 net/core/dev.c            | 31 +++++++++++++++++++++++++++++--
 net/sched/act_skbedit.c   |  6 +++++-
 4 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index cd7a597c55b1..ac937b1ec746 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3067,6 +3067,9 @@ struct softnet_data {
 	struct {
 		u16 recursion;
 		u8  more;
+		u8  skip_txqueue;
 	} xmit;
 #ifdef CONFIG_RPS
 	/* input_queue_head should be written by cpu owning this struct,
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index 7f970b16da3a..ae2c6a3cec5d 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -100,6 +100,7 @@ void net_dec_ingress_queue(void);
 void net_inc_egress_queue(void);
 void net_dec_egress_queue(void);
+void netdev_xmit_skip_txqueue(bool skip);
 void rtnetlink_init(void);
diff --git a/net/core/dev.c b/net/core/dev.c
index 8a5109479dbe..67919422e5a2 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3920,6 +3920,25 @@ sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev)
 	return skb;
+static struct netdev_queue *
+netdev_tx_queue_mapping(struct net_device *dev, struct sk_buff *skb)
+	int qm = skb_get_queue_mapping(skb);
+	return netdev_get_tx_queue(dev, netdev_cap_txqueue(dev, qm));
+static bool netdev_xmit_txqueue_skipped(void)
+	return __this_cpu_read(softnet_data.xmit.skip_txqueue);
+void netdev_xmit_skip_txqueue(bool skip)
+	__this_cpu_write(softnet_data.xmit.skip_txqueue, skip);
 #endif /* CONFIG_NET_EGRESS */
 #ifdef CONFIG_XPS
@@ -4090,7 +4109,7 @@ struct netdev_queue *netdev_core_pick_tx(struct net_device *dev,
 static int __dev_queue_xmit(struct sk_buff *skb, struct net_device *sb_dev)
 	struct net_device *dev = skb->dev;
-	struct netdev_queue *txq;
+	struct netdev_queue *txq = NULL;
 	struct Qdisc *q;
 	int rc = -ENOMEM;
 	bool again = false;
@@ -4118,11 +4137,17 @@ static int __dev_queue_xmit(struct sk_buff *skb, struct net_device *sb_dev)
 			if (!skb)
 				goto out;
+		netdev_xmit_skip_txqueue(false);
 		nf_skip_egress(skb, true);
 		skb = sch_handle_egress(skb, &rc, dev);
 		if (!skb)
 			goto out;
 		nf_skip_egress(skb, false);
+		if (netdev_xmit_txqueue_skipped())
+			txq = netdev_tx_queue_mapping(dev, skb);
 	/* If device/qdisc don't need skb->dst, release it right now while
@@ -4133,7 +4158,9 @@ static int __dev_queue_xmit(struct sk_buff *skb, struct net_device *sb_dev)
-	txq = netdev_core_pick_tx(dev, skb, sb_dev);
+	if (!txq)
+		txq = netdev_core_pick_tx(dev, skb, sb_dev);
 	q = rcu_dereference_bh(txq->qdisc);
diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c
index ceba11b198bb..d5799b4fc499 100644
--- a/net/sched/act_skbedit.c
+++ b/net/sched/act_skbedit.c
@@ -58,8 +58,12 @@ static int tcf_skbedit_act(struct sk_buff *skb, const struct tc_action *a,
 	if (params->flags & SKBEDIT_F_QUEUE_MAPPING &&
-	    skb->dev->real_num_tx_queues > params->queue_mapping)
+	    skb->dev->real_num_tx_queues > params->queue_mapping) {
+		netdev_xmit_skip_txqueue(true);
 		skb_set_queue_mapping(skb, params->queue_mapping);
+	}
 	if (params->flags & SKBEDIT_F_MARK) {
 		skb->mark &= ~params->mask;
 		skb->mark |= params->mark & params->mask;

Powered by blists - more mailing lists