On 02/26/2019 02:56 AM, Michael Chan wrote:
> There have been reports of oversize UDP packets being sent to the
> driver to be transmitted, causing error conditions. The issue is
> likely caused by the dst of the SKB switching between 'lo' with
> 64K MTU and the hardware device with a smaller MTU. Patches are
> being proposed by Mahesh Bandewar <[email protected]> to fix the
> issue.
>
> Separately, we should add a length check in validate_xmit_skb()
> to drop these oversize packets before they reach the driver.
Why ?
We keep adding checks in the 'fast path' and make slower and slower after each
release.
We need to fix the root cause really.
> This patch only validates non-TSO packets. Complete validation
> of segmented TSO packet size will probably be too slow.
>
> Signed-off-by: Michael Chan <[email protected]>
> ---
> net/core/dev.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 5d03889..50c5174 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -3373,6 +3373,13 @@ static struct sk_buff *validate_xmit_skb(struct
> sk_buff *skb, struct net_device
> }
> }
>
> + if (!skb_is_gso(skb) &&
> + skb->len > (dev->mtu + dev->hard_header_len + VLAN_HLEN)) {
> + net_warn_ratelimited("%s(): Dropping %d bytes oversize skb.\n",
> + __func__, skb->len);
> + goto out_kfree_skb;
> + }
> +
> skb = validate_xmit_xfrm(skb, features, again);
>
> return skb;
>