提交 14d7b812 编写于 作者: J Jakub Kicinski 提交者: David S. Miller

net: don't allow user space to lift the device limits

Up until commit 46e6b992 ("rtnetlink: allow GSO maximums to
be set on device creation") the gso_max_segs and gso_max_size
of a device were not controlled from user space.

The quoted commit added the ability to control them because of
the following setup:

 netns A  |  netns B
     veth<->veth   eth0

If eth0 has TSO limitations and user wants to efficiently forward
traffic between eth0 and the veths they should copy the TSO
limitations of eth0 onto the veths. This would happen automatically
for macvlans or ipvlan but veth users are not so lucky (given the
loose coupling).

Unfortunately the commit in question allowed users to also override
the limits on real HW devices.

It may be useful to control the max GSO size and someone may be using
that ability (not that I know of any user), so create a separate set
of knobs to reliably record the TSO limitations. Validate the user
requests.
Signed-off-by: NJakub Kicinski <kuba@kernel.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 6df6398f
...@@ -1917,8 +1917,10 @@ enum netdev_ml_priv_type { ...@@ -1917,8 +1917,10 @@ enum netdev_ml_priv_type {
* @rtnl_link_ops: Rtnl_link_ops * @rtnl_link_ops: Rtnl_link_ops
* *
* @gso_max_size: Maximum size of generic segmentation offload * @gso_max_size: Maximum size of generic segmentation offload
* @tso_max_size: Device (as in HW) limit on the max TSO request size
* @gso_max_segs: Maximum number of segments that can be passed to the * @gso_max_segs: Maximum number of segments that can be passed to the
* NIC for GSO * NIC for GSO
* @tso_max_segs: Device (as in HW) limit on the max TSO segment count
* *
* @dcbnl_ops: Data Center Bridging netlink ops * @dcbnl_ops: Data Center Bridging netlink ops
* @num_tc: Number of traffic classes in the net device * @num_tc: Number of traffic classes in the net device
...@@ -2262,8 +2264,13 @@ struct net_device { ...@@ -2262,8 +2264,13 @@ struct net_device {
/* for setting kernel sock attribute on TCP connection setup */ /* for setting kernel sock attribute on TCP connection setup */
#define GSO_MAX_SIZE 65536 #define GSO_MAX_SIZE 65536
unsigned int gso_max_size; unsigned int gso_max_size;
#define TSO_LEGACY_MAX_SIZE 65536
#define TSO_MAX_SIZE UINT_MAX
unsigned int tso_max_size;
#define GSO_MAX_SEGS 65535 #define GSO_MAX_SEGS 65535
u16 gso_max_segs; u16 gso_max_segs;
#define TSO_MAX_SEGS U16_MAX
u16 tso_max_segs;
#ifdef CONFIG_DCB #ifdef CONFIG_DCB
const struct dcbnl_rtnl_ops *dcbnl_ops; const struct dcbnl_rtnl_ops *dcbnl_ops;
...@@ -4895,6 +4902,8 @@ static inline void netif_set_gro_max_size(struct net_device *dev, ...@@ -4895,6 +4902,8 @@ static inline void netif_set_gro_max_size(struct net_device *dev,
WRITE_ONCE(dev->gro_max_size, size); WRITE_ONCE(dev->gro_max_size, size);
} }
void netif_set_tso_max_size(struct net_device *dev, unsigned int size);
void netif_set_tso_max_segs(struct net_device *dev, unsigned int segs);
void netif_inherit_tso_max(struct net_device *to, void netif_inherit_tso_max(struct net_device *to,
const struct net_device *from); const struct net_device *from);
......
...@@ -2992,6 +2992,39 @@ int netif_set_real_num_queues(struct net_device *dev, ...@@ -2992,6 +2992,39 @@ int netif_set_real_num_queues(struct net_device *dev,
} }
EXPORT_SYMBOL(netif_set_real_num_queues); EXPORT_SYMBOL(netif_set_real_num_queues);
/**
* netif_set_tso_max_size() - set the max size of TSO frames supported
* @dev: netdev to update
* @size: max skb->len of a TSO frame
*
* Set the limit on the size of TSO super-frames the device can handle.
* Unless explicitly set the stack will assume the value of %GSO_MAX_SIZE.
*/
void netif_set_tso_max_size(struct net_device *dev, unsigned int size)
{
dev->tso_max_size = size;
if (size < READ_ONCE(dev->gso_max_size))
netif_set_gso_max_size(dev, size);
}
EXPORT_SYMBOL(netif_set_tso_max_size);
/**
* netif_set_tso_max_segs() - set the max number of segs supported for TSO
* @dev: netdev to update
* @segs: max number of TCP segments
*
* Set the limit on the number of TCP segments the device can generate from
* a single TSO super-frame.
* Unless explicitly set the stack will assume the value of %GSO_MAX_SEGS.
*/
void netif_set_tso_max_segs(struct net_device *dev, unsigned int segs)
{
dev->tso_max_segs = segs;
if (segs < READ_ONCE(dev->gso_max_segs))
netif_set_gso_max_segs(dev, segs);
}
EXPORT_SYMBOL(netif_set_tso_max_segs);
/** /**
* netif_inherit_tso_max() - copy all TSO limits from a lower device to an upper * netif_inherit_tso_max() - copy all TSO limits from a lower device to an upper
* @to: netdev to update * @to: netdev to update
...@@ -10572,6 +10605,8 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name, ...@@ -10572,6 +10605,8 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
dev->gso_max_size = GSO_MAX_SIZE; dev->gso_max_size = GSO_MAX_SIZE;
dev->gso_max_segs = GSO_MAX_SEGS; dev->gso_max_segs = GSO_MAX_SEGS;
dev->gro_max_size = GRO_MAX_SIZE; dev->gro_max_size = GRO_MAX_SIZE;
dev->tso_max_size = TSO_LEGACY_MAX_SIZE;
dev->tso_max_segs = TSO_MAX_SEGS;
dev->upper_level = 1; dev->upper_level = 1;
dev->lower_level = 1; dev->lower_level = 1;
#ifdef CONFIG_LOCKDEP #ifdef CONFIG_LOCKDEP
......
...@@ -2803,7 +2803,7 @@ static int do_setlink(const struct sk_buff *skb, ...@@ -2803,7 +2803,7 @@ static int do_setlink(const struct sk_buff *skb,
if (tb[IFLA_GSO_MAX_SIZE]) { if (tb[IFLA_GSO_MAX_SIZE]) {
u32 max_size = nla_get_u32(tb[IFLA_GSO_MAX_SIZE]); u32 max_size = nla_get_u32(tb[IFLA_GSO_MAX_SIZE]);
if (max_size > GSO_MAX_SIZE) { if (max_size > GSO_MAX_SIZE || max_size > dev->tso_max_size) {
err = -EINVAL; err = -EINVAL;
goto errout; goto errout;
} }
...@@ -2817,7 +2817,7 @@ static int do_setlink(const struct sk_buff *skb, ...@@ -2817,7 +2817,7 @@ static int do_setlink(const struct sk_buff *skb,
if (tb[IFLA_GSO_MAX_SEGS]) { if (tb[IFLA_GSO_MAX_SEGS]) {
u32 max_segs = nla_get_u32(tb[IFLA_GSO_MAX_SEGS]); u32 max_segs = nla_get_u32(tb[IFLA_GSO_MAX_SEGS]);
if (max_segs > GSO_MAX_SEGS) { if (max_segs > GSO_MAX_SEGS || max_segs > dev->tso_max_segs) {
err = -EINVAL; err = -EINVAL;
goto errout; goto errout;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册