LVS
lvs-devel
Google
 
Web LinuxVirtualServer.org

Re: [patch] ipvs: prevent some underflows

To: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Subject: Re: [patch] ipvs: prevent some underflows
Cc: Wensong Zhang <wensong@xxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, coreteam@xxxxxxxxxxxxx, kernel-janitors@xxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Mon, 8 Jun 2015 22:16:23 +0300 (EEST)
        Hello,

On Fri, 5 Jun 2015, Dan Carpenter wrote:

> @@ -1363,7 +1363,8 @@ static int set_sync_mesg_maxlen(struct net *net, int 
> sync_state)

        May be we should use min(dev->mtu, 1500) instead of
dev->mtu to avoid sending too large packets for the common
case.

>                      sizeof(struct udphdr) -
>                      SYNC_MESG_HEADER_LEN - 20) / SIMPLE_CONN_SIZE;
>               ipvs->send_mesg_maxlen = SYNC_MESG_HEADER_LEN +
> -                     SIMPLE_CONN_SIZE * min(num, MAX_CONNS_PER_SYNCBUFF);
> +                     SIMPLE_CONN_SIZE * min_t(uint, num,
> +                                              MAX_CONNS_PER_SYNCBUFF);

        ipvs->send_mesg_maxlen = max(min(dev->mtu, 1500) -
                sizeof(struct iphdr) - sizeof(struct udphdr),
                /* Some new const is needed here: */
                2 * FULL_CONN_SIZE);

        And may be we should add more correct checks in
ip_vs_sync_conn() in case dev->mtu was changed after thread
start. Currently, it is assumed that fresh new buffer from
ip_vs_sync_buff_create() will have space for at least one
message... We can even set inet->pmtudisc to IP_PMTUDISC_DONT
so that packets can be fragmented for too small MTU.

>               IP_VS_DBG(7, "setting the maximum length of sync sending "
>                         "message %d.\n", ipvs->send_mesg_maxlen);
>       } else if (sync_state == IP_VS_STATE_BACKUP) {
> @@ -1371,8 +1372,11 @@ static int set_sync_mesg_maxlen(struct net *net, int 
> sync_state)
>               if (!dev)
>                       return -ENODEV;
>  
> -             ipvs->recv_mesg_maxlen = dev->mtu -
> -                     sizeof(struct iphdr) - sizeof(struct udphdr);
> +             if (dev->mtu < sizeof(struct iphdr) + sizeof(struct udphdr))
> +                     ipvs->recv_mesg_maxlen = 0;
> +             else
> +                     ipvs->recv_mesg_maxlen = dev->mtu -
> +                             sizeof(struct iphdr) - sizeof(struct udphdr);

        May be ipvs->recv_mesg_maxlen = max(dev->mtu, 1500);
This is single buffer allocated when backup starts...

>               IP_VS_DBG(7, "setting the maximum length of sync receiving "
>                         "message %d.\n", ipvs->recv_mesg_maxlen);
>       }
> 

Regards

--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread] Current Thread [Next in Thread>