From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id B86163B29E for ; Mon, 6 Jul 2020 06:53:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594032802; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DDrKhQJ/LeBJeWNJbgWb3c/9LBMiGCiDMeRqR2oCvdU=; b=UBiV2HGngH23sy6etSFhB+gHeibWoG96cs5V6FwFqOz2pFEX4frLECk7kyd3sAEDaHutGu zZ93rf7vkwA5oUN1j67E/NzxWAGCnHdbUEFPel4DZyIUG3KOkeP45phzZSE4KR7UabPu6b repNG+6ces1//goQQrBrArk93frVa5g= Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-367-uWuCsKJDOY6Dt_3w5S1Ksw-1; Mon, 06 Jul 2020 06:53:19 -0400 X-MC-Unique: uWuCsKJDOY6Dt_3w5S1Ksw-1 Received: by mail-pl1-f199.google.com with SMTP id y9so10962752plr.9 for ; Mon, 06 Jul 2020 03:53:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=NNn4lPIzDwTEM2THr/KH6JkSvVcflXvGyR2W59aQaSk=; b=Q4r1mC3YMFJskIH/vcrfUBCEgL4teUdIxNGeydBLSRFjaPwLYrc+z+wpvOydgfv+e5 4DHYe3HQBdiQvTXwkCuZ0Z6WeWuQzpmdl2CY2T1bt3qvJrc7/46TjOpeov+uif7OZjDW Z/2bJOUi9z7bvLMxIs9zuKSCJ5dt/1peCs/vztEbV/spEYqnLzaFiO8zCaSTH72lFs0s LBZHpJt1srt01ketYdRBQEFaobqffjEyQUSCuGfdTeR+ONMBUfBpAnQBuFAIoSSEUJdq 8o8BmdvMwkHqb68yvuFLE0HoaMNAVwybr4cOf5owN6qZry81PJoRjsaBcYL6yHCXXKju U9QA== X-Gm-Message-State: AOAM530xsbX3IxwK9il9wA3cBEFyv+ODSN3yDF/YMlBbly+EAqcaYDEV J4GSwh2/v5SycPHpqvDBoqqm9N577Wz5Xi/EndGOH5UoIAsJ308HxwbeeYmZFW087DB9avlIRx5 pyC0uP0kcOSqsc6lNk8BXfw== X-Received: by 2002:a63:e50a:: with SMTP id r10mr39164234pgh.285.1594032798189; Mon, 06 Jul 2020 03:53:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxn2BPP8PHjBIuh7k4X2AXIL7g+wnqUI3sZsXOl6bg0fevLnkJSHbnf7UrOH01FWX607jY0EA== X-Received: by 2002:a63:e50a:: with SMTP id r10mr39164213pgh.285.1594032797866; Mon, 06 Jul 2020 03:53:17 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([2a0c:4d80:42:443::2]) by smtp.gmail.com with ESMTPSA id k4sm17925318pjt.16.2020.07.06.03.53.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jul 2020 03:53:17 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 748F91804EB; Mon, 6 Jul 2020 12:53:12 +0200 (CEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: Toshiaki Makita Cc: davem@davemloft.net, netdev@vger.kernel.org, bpf@vger.kernel.org, cake@lists.bufferbloat.net, Davide Caratti , Jiri Pirko , Jamal Hadi Salim , Cong Wang , Roman Mashak , Lawrence Brakmo , Ilya Ponetayev In-Reply-To: References: <20200703202643.12919-1-toke@redhat.com> <878sfzms4p.fsf@toke.dk> X-Clacks-Overhead: GNU Terry Pratchett Date: Mon, 06 Jul 2020 12:53:12 +0200 Message-ID: <875zb0ncdj.fsf@toke.dk> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=toke@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Mon, 06 Jul 2020 07:06:32 -0400 Subject: Re: [Cake] [PATCH net v3] sched: consistently handle layer3 header accesses in the presence of VLANs X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2020 10:53:22 -0000 Toshiaki Makita writes: > On 2020/07/04 20:33, Toke H=C3=B8iland-J=C3=B8rgensen wrote: >> Toshiaki Makita writes: >>> On 2020/07/04 5:26, Toke H=C3=B8iland-J=C3=B8rgensen wrote: >>> ... >>>> +/* A getter for the SKB protocol field which will handle VLAN tags co= nsistently >>>> + * whether VLAN acceleration is enabled or not. >>>> + */ >>>> +static inline __be16 skb_protocol(const struct sk_buff *skb, bool ski= p_vlan) >>>> +{ >>>> +=09unsigned int offset =3D skb_mac_offset(skb) + sizeof(struct ethhdr= ); >>>> +=09__be16 proto =3D skb->protocol; >>>> + >>>> +=09if (!skip_vlan) >>>> +=09=09/* VLAN acceleration strips the VLAN header from the skb and >>>> +=09=09 * moves it to skb->vlan_proto >>>> +=09=09 */ >>>> +=09=09return skb_vlan_tag_present(skb) ? skb->vlan_proto : proto; >>>> + >>>> +=09while (eth_type_vlan(proto)) { >>>> +=09=09struct vlan_hdr vhdr, *vh; >>>> + >>>> +=09=09vh =3D skb_header_pointer(skb, offset, sizeof(vhdr), &vhdr); >>>> +=09=09if (!vh) >>>> +=09=09=09break; >>>> + >>>> +=09=09proto =3D vh->h_vlan_encapsulated_proto; >>>> +=09=09offset +=3D sizeof(vhdr); >>>> +=09} >>> >>> Why don't you use __vlan_get_protocol() here? It looks quite similar. >>> Is there any problem with using that? >>=20 >> TBH, I completely missed that helper. It seems to have side effects, >> though (pskb_may_pull()), which is one of the things the original patch >> to sch_cake that initiated all of this was trying to avoid. > > Sorry for not completely following the discussion... > Pulling data is wrong for cake or other schedulers? This was not explicit in the current thread, but the reason I started looking into this in the first place was a pull request on the out-of-tree version of sch_cake that noticed that there are drivers that will allocate SKBs in such a way that accessing the packet header causes it to be reallocated: https://github.com/dtaht/sch_cake/pull/136 I'm not entirely positive that this applies to just reading the header through pskb_may_pull(), or if it was only on skb_try_make_writable(); but in any case it seems to me that it's better for a helper like __vlan_get_protocol() to not have side effects. >> I guess I could just fix that, though, and switch __vlan_get_protocol() >> over to using skb_header_pointer(). Will send a follow-up to do that. >>=20 >> Any opinion on whether it's a good idea to limit the max parse depth >> while I'm at it (see Daniel's reply)? > > The logic was originally introduced by skb_network_protocol() back in > v3.10, and I have never heard of security report about that. But yes, > I guess it potentially can be used for DoS attack. Right, I'll add the limit as well, then :) -Toke