lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240705032048.110896-1-chengcheng.luo@smartx.com>
Date: Fri,  5 Jul 2024 03:20:48 +0000
From: echken <chengcheng.luo@...rtx.com>
To: davem@...emloft.net,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com
Cc: netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	echken <chengcheng.luo@...rtx.com>
Subject: [PATCH] Support for segment offloading on software interfaces for packets from virtual machine guests without the SKB_GSO_UDP_L4 flag.

When running virtual machines on a host, and the guest uses a kernel
version below v6.2 (without commit https://
github.com/torvalds/linux/commit/860b7f27b8f78564ca5a2f607e0820b2d352a562),
 the UDP packets emitted from the guest do not include the SKB_GSO_UDP_L4
flag in their skb gso_type. Therefore, UDP packets from such guests always
bypass the __udp_gso_segment during the udp4_ufo_fragment process and go
directly to software segmentation prematurely. When the guest sends UDP
packets significantly larger than the MSS, and there are software
interfaces in the data path, such as Geneve, this can lead to substantial
additional performance overhead.

Signed-off-by: echken <chengcheng.luo@...rtx.com>
---
 net/ipv4/udp_offload.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c
index 59448a2dbf2c..6aa5a97d8bde 100644
--- a/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -402,6 +402,13 @@ static struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb,
 	if (unlikely(skb->len <= mss))
 		goto out;
 
+	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
+		/* Packet is from an untrusted source, reset gso_segs. */
+		skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len - sizeof(*uh),
+							 mss);
+		return NULL;
+	}
+
 	/* Do software UFO. Complete and fill in the UDP checksum as
 	 * HW cannot do checksum of UDP packets sent as multiple
 	 * IP fragments.
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ