Xen project Mailing List

Re: [PATCH] net/xen-netback: Break build if netback slots > max_skbs + 1

To: Jakub Kicinski <kuba@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>

From: David Kahurani <k.kahurani@xxxxxxxxx>

Date: Thu, 5 Oct 2023 18:39:51 +0300

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, wei.liu@xxxxxxxxxx, paul@xxxxxxx

Delivery-date: Thu, 05 Oct 2023 15:40:12 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This change was suggested by Juergen and looked okay and straightforward to me. On Wed, Oct 4, 2023 at 9:48 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Wed, 27 Sep 2023 11:29:18 +0300 David Kahurani wrote: > > If XEN_NETBK_LEGACY_SLOTS_MAX and MAX_SKB_FRAGS have a difference of > > more than 1, with MAX_SKB_FRAGS being the lesser value, it opens up a > > path for null-dereference. It was also noted that some distributions > > were modifying upstream behaviour in that direction which necessitates > > this patch. > > MAX_SKB_FRAGS can now be set via Kconfig, this allows us to create > larger super-packets. Can XEN_NETBK_LEGACY_SLOTS_MAX be made relative > to MAX_SKB_FRAGS, or does the number have to match between guest and > host? Historically, netback driver allows for a maximum of 18 fragments. With recent changes, it also relies on the assumption that the difference between MAX_SKB_FRAGS and XEN_NETBK_LEGACY_SLOTS_MAX is one and MAX_SKB_FRAGS is the lesser value. Now, look at Ubuntu kernel for instance( a change has been made and, presumably, with good reason so we have reason to assume that the change will persist in future releases). /* To allow 64K frame to be packed as single skb without frag_list we * require 64K/PAGE_SIZE pages plus 1 additional page to allow for * buffers which do not start on a page boundary. * * Since GRO uses frags we allocate at least 16 regardless of page * size. */ #if (65536/PAGE_SIZE + 1) < 16 #define MAX_SKB_FRAGS 16UL #else #define MAX_SKB_FRAGS (65536/PAGE_SIZE + 1) #endif So, MAX_SKB_FRAGS can sometimes be 16. This is exactly what we're trying to avoid with this patch. I host running with this change is vulnerable to attack by the guest(though, this will only happen when PAGE_SIZE > 4096). Option #2 would be to add a Kconfig dependency for the driver > to make sure high MAX_SKB_FRAGS is incompatible with it. netback doesn't support larger super-packets. At least as of now. The maximum number of fragments in a packet is 18. Any packets with the number of fragments above that value from the guest are dropped. I would assume that support for super-packets is probably something that should be worked on or maybe even is already being worked on. However, this is not the issue we are trying to fix in this patch. > > Breaking the build will make build bots very sad. This patch build should not break build for upstream. It will only break for those patching upstream behaviour. My intent is not to break build bots but to alert someone building that netback doesn't work with the particular MAX_SKB_FRAGS value. Seeing as they have modified upstream behaviour, then, they might as well take a look at the issue and make a decision themselves. Seeing as this issue will hit the distros before it goes downstream, I don't think it should be a problem for users. > > We'll also need a Fixes tag, I presume this is a fix? Yeah, I guess that would be needed too. > -- > pw-bot: cr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.