lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250826125031.1578842-1-edumazet@google.com>
Date: Tue, 26 Aug 2025 12:50:26 +0000
From: Eric Dumazet <edumazet@...gle.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>
Cc: Simon Horman <horms@...nel.org>, netdev@...r.kernel.org, eric.dumazet@...il.com, 
	Willem de Bruijn <willemb@...gle.com>, Kuniyuki Iwashima <kuniyu@...gle.com>, 
	Eric Dumazet <edumazet@...gle.com>
Subject: [PATCH v2 net-next 0/5] net: better drop accounting

Incrementing sk->sk_drops for every dropped packet can
cause serious cache line contention under DOS.

Add optional sk->sk_drop_counters pointer so that
protocols can opt-in to use two dedicated cache lines
to hold drop counters.

Convert UDP and RAW to use this infrastructure.

Tested on UDP (see patch 4/5 for details)

Before:

nstat -n ; sleep 1 ; nstat | grep Udp
Udp6InDatagrams                 615091             0.0
Udp6InErrors                    3904277            0.0
Udp6RcvbufErrors                3904277            0.0

After:

nstat -n ; sleep 1 ; nstat | grep Udp
Udp6InDatagrams                 816281             0.0
Udp6InErrors                    7497093            0.0
Udp6RcvbufErrors                7497093            0.0

Eric Dumazet (5):
  net: add sk_drops_read(), sk_drops_inc() and sk_drops_reset() helpers
  net: add sk_drops_skbadd() helper
  net: add sk->sk_drop_counters
  udp: add drop_counters to udp socket
  inet: raw: add drop_counters to raw sockets

 include/linux/ipv6.h                          |  2 +-
 include/linux/skmsg.h                         |  2 +-
 include/linux/udp.h                           |  1 +
 include/net/raw.h                             |  1 +
 include/net/sock.h                            | 56 ++++++++++++++++++-
 include/net/tcp.h                             |  2 +-
 include/net/udp.h                             |  3 +-
 net/core/datagram.c                           |  2 +-
 net/core/sock.c                               | 16 +++---
 net/ipv4/ping.c                               |  2 +-
 net/ipv4/raw.c                                |  7 ++-
 net/ipv4/tcp_input.c                          |  2 +-
 net/ipv4/tcp_ipv4.c                           |  4 +-
 net/ipv4/udp.c                                | 14 ++---
 net/ipv6/datagram.c                           |  2 +-
 net/ipv6/raw.c                                |  9 +--
 net/ipv6/tcp_ipv6.c                           |  4 +-
 net/ipv6/udp.c                                |  6 +-
 net/iucv/af_iucv.c                            |  4 +-
 net/mptcp/protocol.c                          |  2 +-
 net/netlink/af_netlink.c                      |  4 +-
 net/packet/af_packet.c                        |  2 +-
 net/phonet/pep.c                              |  6 +-
 net/phonet/socket.c                           |  2 +-
 net/sctp/diag.c                               |  2 +-
 net/tipc/socket.c                             |  6 +-
 .../selftests/bpf/progs/bpf_iter_udp4.c       |  3 +-
 .../selftests/bpf/progs/bpf_iter_udp6.c       |  4 +-
 28 files changed, 114 insertions(+), 56 deletions(-)

-- 
2.51.0.261.g7ce5a0a67e-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ