[Cake] [PATCH net v3] sched: consistently handle layer3 header accesses in the presence of VLANs

Toke Høiland-Jørgensen toke at redhat.com
Mon Jul 6 06:53:12 EDT 2020


Toshiaki Makita <toshiaki.makita1 at gmail.com> writes:

> On 2020/07/04 20:33, Toke Høiland-Jørgensen wrote:
>> Toshiaki Makita <toshiaki.makita1 at gmail.com> writes:
>>> On 2020/07/04 5:26, Toke Høiland-Jørgensen wrote:
>>> ...
>>>> +/* A getter for the SKB protocol field which will handle VLAN tags consistently
>>>> + * whether VLAN acceleration is enabled or not.
>>>> + */
>>>> +static inline __be16 skb_protocol(const struct sk_buff *skb, bool skip_vlan)
>>>> +{
>>>> +	unsigned int offset = skb_mac_offset(skb) + sizeof(struct ethhdr);
>>>> +	__be16 proto = skb->protocol;
>>>> +
>>>> +	if (!skip_vlan)
>>>> +		/* VLAN acceleration strips the VLAN header from the skb and
>>>> +		 * moves it to skb->vlan_proto
>>>> +		 */
>>>> +		return skb_vlan_tag_present(skb) ? skb->vlan_proto : proto;
>>>> +
>>>> +	while (eth_type_vlan(proto)) {
>>>> +		struct vlan_hdr vhdr, *vh;
>>>> +
>>>> +		vh = skb_header_pointer(skb, offset, sizeof(vhdr), &vhdr);
>>>> +		if (!vh)
>>>> +			break;
>>>> +
>>>> +		proto = vh->h_vlan_encapsulated_proto;
>>>> +		offset += sizeof(vhdr);
>>>> +	}
>>>
>>> Why don't you use __vlan_get_protocol() here? It looks quite similar.
>>> Is there any problem with using that?
>> 
>> TBH, I completely missed that helper. It seems to have side effects,
>> though (pskb_may_pull()), which is one of the things the original patch
>> to sch_cake that initiated all of this was trying to avoid.
>
> Sorry for not completely following the discussion...
> Pulling data is wrong for cake or other schedulers?

This was not explicit in the current thread, but the reason I started
looking into this in the first place was a pull request on the
out-of-tree version of sch_cake that noticed that there are drivers that
will allocate SKBs in such a way that accessing the packet header causes
it to be reallocated: https://github.com/dtaht/sch_cake/pull/136

I'm not entirely positive that this applies to just reading the header
through pskb_may_pull(), or if it was only on skb_try_make_writable();
but in any case it seems to me that it's better for a helper like
__vlan_get_protocol() to not have side effects.

>> I guess I could just fix that, though, and switch __vlan_get_protocol()
>> over to using skb_header_pointer(). Will send a follow-up to do that.
>> 
>> Any opinion on whether it's a good idea to limit the max parse depth
>> while I'm at it (see Daniel's reply)?
>
> The logic was originally introduced by skb_network_protocol() back in
> v3.10, and I have never heard of security report about that. But yes,
> I guess it potentially can be used for DoS attack.

Right, I'll add the limit as well, then :)

-Toke



More information about the Cake mailing list