lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAA93jw520FBOfmhpOBNyfFPy1UKbjOdc52=0L8uzADUKQyeLHQ@mail.gmail.com>
Date: Tue, 5 Dec 2023 14:28:15 -0800
From: Dave Taht <dave.taht@...il.com>
To: Victor Nogueira <victor@...atatu.com>
Cc: jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us, 
	davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, 
	daniel@...earbox.net, dcaratti@...hat.com, netdev@...r.kernel.org, 
	kernel@...atatu.com
Subject: Re: [PATCH net-next v2 3/3] net: sched: Add initial TC error skb drop reasons

On Fri, Dec 1, 2023 at 6:00 PM Victor Nogueira <victor@...atatu.com> wrote:
>
> Continue expanding Daniel's patch by adding new skb drop reasons that
> are idiosyncratic to TC.
>
> More specifically:
>
> - SKB_DROP_REASON_TC_EXT_COOKIE_NOTFOUND: tc cookie was looked up using
>   ext, but was not found.
>
> - SKB_DROP_REASON_TC_COOKIE_EXT_MISMATCH: tc ext was looked up using cookie
>   and either was not found or different from expected.
>
> - SKB_DROP_REASON_TC_CHAIN_NOTFOUND: tc chain lookup failed.
>
> - SKB_DROP_REASON_TC_RECLASSIFY_LOOP: tc exceeded max reclassify loop
>   iterations
>
> Signed-off-by: Victor Nogueira <victor@...atatu.com>
> ---
>  include/net/dropreason-core.h | 30 +++++++++++++++++++++++++++---
>  net/sched/act_api.c           |  3 ++-
>  net/sched/cls_api.c           | 22 ++++++++++++++--------
>  3 files changed, 43 insertions(+), 12 deletions(-)
>
> diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> index 3c70ad53a49c..fa6ace8f1611 100644
> --- a/include/net/dropreason-core.h
> +++ b/include/net/dropreason-core.h
> @@ -85,7 +85,11 @@
>         FN(IPV6_NDISC_BAD_OPTIONS)      \
>         FN(IPV6_NDISC_NS_OTHERHOST)     \
>         FN(QUEUE_PURGE)                 \
> -       FN(TC_ERROR)                    \
> +       FN(TC_EXT_COOKIE_NOTFOUND)      \
> +       FN(TC_COOKIE_EXT_MISMATCH)      \
> +       FN(TC_COOKIE_MISMATCH)          \
> +       FN(TC_CHAIN_NOTFOUND)           \
> +       FN(TC_RECLASSIFY_LOOP)          \
>         FNe(MAX)
>
>  /**
> @@ -376,8 +380,28 @@ enum skb_drop_reason {
>         SKB_DROP_REASON_IPV6_NDISC_NS_OTHERHOST,
>         /** @SKB_DROP_REASON_QUEUE_PURGE: bulk free. */
>         SKB_DROP_REASON_QUEUE_PURGE,
> -       /** @SKB_DROP_REASON_TC_ERROR: generic internal tc error. */
> -       SKB_DROP_REASON_TC_ERROR,
> +       /**
> +        * @SKB_DROP_REASON_TC_EXT_COOKIE_NOTFOUND: tc cookie was looked up
> +        * using ext, but was not found.
> +        */
> +       SKB_DROP_REASON_TC_EXT_COOKIE_NOTFOUND,
> +       /**
> +        * @SKB_DROP_REASON_TC_COOKIE_EXT_MISMATCH: tc ext was lookup using
> +        * cookie and either was not found or different from expected.
> +        */
> +       SKB_DROP_REASON_TC_COOKIE_EXT_MISMATCH,
> +       /**
> +        * @SKB_DROP_REASON_TC_COOKIE_MISMATCH: tc cookie available but was
> +        * unable to match to filter.
> +        */
> +       SKB_DROP_REASON_TC_COOKIE_MISMATCH,
> +       /** @SKB_DROP_REASON_TC_CHAIN_NOTFOUND: tc chain lookup failed. */
> +       SKB_DROP_REASON_TC_CHAIN_NOTFOUND,
> +       /**
> +        * @SKB_DROP_REASON_TC_RECLASSIFY_LOOP: tc exceeded max reclassify loop
> +        * iterations.
> +        */
> +       SKB_DROP_REASON_TC_RECLASSIFY_LOOP,
>         /**
>          * @SKB_DROP_REASON_MAX: the maximum of core drop reasons, which
>          * shouldn't be used as a real 'reason' - only for tracing code gen
> diff --git a/net/sched/act_api.c b/net/sched/act_api.c
> index 12ac05857045..429cb232e17b 100644
> --- a/net/sched/act_api.c
> +++ b/net/sched/act_api.c
> @@ -1098,7 +1098,8 @@ int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions,
>                         }
>                 } else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) {
>                         if (unlikely(!rcu_access_pointer(a->goto_chain))) {
> -                               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                               tcf_set_drop_reason(skb,
> +                                                   SKB_DROP_REASON_TC_CHAIN_NOTFOUND);
>                                 return TC_ACT_SHOT;
>                         }
>                         tcf_action_goto_chain_exec(a, res);
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index 32457a236d77..5012fc0a24a1 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -1682,13 +1682,15 @@ static inline int __tcf_classify(struct sk_buff *skb,
>                          */
>                         if (unlikely(n->tp != tp || n->tp->chain != n->chain ||
>                                      !tp->ops->get_exts)) {
> -                               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                               tcf_set_drop_reason(skb,
> +                                                   SKB_DROP_REASON_TC_COOKIE_MISMATCH);
>                                 return TC_ACT_SHOT;
>                         }
>
>                         exts = tp->ops->get_exts(tp, n->handle);
>                         if (unlikely(!exts || n->exts != exts)) {
> -                               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                               tcf_set_drop_reason(skb,
> +                                                   SKB_DROP_REASON_TC_COOKIE_EXT_MISMATCH);
>                                 return TC_ACT_SHOT;
>                         }
>
> @@ -1717,7 +1719,8 @@ static inline int __tcf_classify(struct sk_buff *skb,
>         }
>
>         if (unlikely(n)) {
> -               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +               tcf_set_drop_reason(skb,
> +                                   SKB_DROP_REASON_TC_COOKIE_MISMATCH);
>                 return TC_ACT_SHOT;
>         }
>
> @@ -1729,7 +1732,8 @@ static inline int __tcf_classify(struct sk_buff *skb,
>                                        tp->chain->block->index,
>                                        tp->prio & 0xffff,
>                                        ntohs(tp->protocol));
> -               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +               tcf_set_drop_reason(skb,
> +                                   SKB_DROP_REASON_TC_RECLASSIFY_LOOP);
>                 return TC_ACT_SHOT;
>         }
>
> @@ -1767,7 +1771,8 @@ int tcf_classify(struct sk_buff *skb,
>                                 n = tcf_exts_miss_cookie_lookup(ext->act_miss_cookie,
>                                                                 &act_index);
>                                 if (!n) {
> -                                       tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                                       tcf_set_drop_reason(skb,
> +                                                           SKB_DROP_REASON_TC_EXT_COOKIE_NOTFOUND);
>                                         return TC_ACT_SHOT;
>                                 }
>
> @@ -1778,7 +1783,9 @@ int tcf_classify(struct sk_buff *skb,
>
>                         fchain = tcf_chain_lookup_rcu(block, chain);
>                         if (!fchain) {
> -                               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                               tcf_set_drop_reason(skb,
> +                                                   SKB_DROP_REASON_TC_CHAIN_NOTFOUND);
> +
>                                 return TC_ACT_SHOT;
>                         }
>
> @@ -1800,10 +1807,9 @@ int tcf_classify(struct sk_buff *skb,
>
>                         ext = tc_skb_ext_alloc(skb);
>                         if (WARN_ON_ONCE(!ext)) {
> -                               tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
> +                               tcf_set_drop_reason(skb, SKB_DROP_REASON_NOMEM);
>                                 return TC_ACT_SHOT;
>                         }
> -
>                         ext->chain = last_executed_chain;
>                         ext->mru = cb->mru;
>                         ext->post_ct = cb->post_ct;
> --
> 2.25.1
>
>

I have been meaning to get around to adding
QDISC_DROP_REASON_{CONGEST,OVERFLOW,FLOOD,SPIKE} to
cake/fq_codel/red/etc for some time now. Would this be the right
facility to leverage (or something more direct?) I discussed the why
at netdevconf:

https://docs.google.com/document/d/1tTYBPeaRdCO9AGTGQCpoiuLORQzN_bG3TAkEolJPh28/edit

Other names welcomed. Otherwise I suppose I will wait for this stuff to land:

Acked-By: Dave Taht <dave.taht@...il.com>

--
:( My old R&D campus is up for sale: https://tinyurl.com/yurtlab
Dave Täht CSO, LibreQos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ