Re: [PATCH RFC 2/2] veth: propagate bridge GSO to peer

Thu, 30 Nov 2017 09:50:21 -0800 

On Thu, 30 Nov 2017 09:26:39 -0800
Eric Dumazet <eric.duma...@gmail.com> wrote:

> On Thu, 2017-11-30 at 09:10 -0800, Stephen Hemminger wrote:
> > 
> > 
> > The problem goes back into the core GSO networking code.
> > Something like this is needed.
> > 
> > static inline bool netif_needs_gso(struct sk_buff *skb,
> >                                const struct net_device *dev,
> >                                netdev_features_t features)
> > {
> >     return skb_is_gso(skb) &&
> >             (!skb_gso_ok(skb, features) ||
> >              unlikely(skb_shinfo(skb)->gso_segs > dev-  
> > >gso_max_segs) ||  << new  
> >              unlikely(skb_shinfo(skb)->gso_size > dev-  
> > >gso_max_size) ||  << new  
> >              unlikely((skb->ip_summed != CHECKSUM_PARTIAL) &&
> >                       (skb->ip_summed != CHECKSUM_UNNECESSARY)));
> > }
> > 
> > What that will do is split up the monster GSO packets if they ever
> > bleed
> > across from one device to another through the twisty mazes of packet
> > processing paths.  
> 
> 
> Since very few drivers have these gso_max_segs / gso_max_size, check
> could be done in their ndo_features_check()

Actually, we already check for max_segs, just missing check for size here:

From 71a134f41c4aae8947241091300d21745aa237f2 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <sthem...@microsoft.com>
Date: Thu, 30 Nov 2017 09:45:11 -0800
Subject: [PATCH] net: do not GSO if frame is too large

This adds an additional check to breakup skb's that exceed a devices
GSO maximum size. The code was already checking for too many segments
but did not check size.

This has been observed to be a problem when using containers on
Hyper-V/Azure where the allowed GSO maximum size is less than
maximum and skb's have gone through multiple layers to arrive
at the virtual device.

Signed-off-by: Stephen Hemminger <sthem...@microsoft.com>
---
 net/core/dev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 07ed21d64f92..0bb398f3bfa3 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2918,9 +2918,11 @@ static netdev_features_t gso_features_check(const struct 
sk_buff *skb,
                                            struct net_device *dev,
                                            netdev_features_t features)
 {
+       unsigned int gso_size = skb_shinfo(skb)->gso_size;
        u16 gso_segs = skb_shinfo(skb)->gso_segs;
 
-       if (gso_segs > dev->gso_max_segs)
+       if (gso_segs > dev->gso_max_segs ||
+           gso_size > dev->gso_max_size)
                return features & ~NETIF_F_GSO_MASK;
 
        /* Support for GSO partial features requires software
-- 
2.11.0

Reply via email to