git.ipfire.org Git - people/ms/linux.git/commit

author	Jesper Dangaard Brouer <brouer@redhat.com>
	Tue, 9 Feb 2021 13:38:09 +0000 (14:38 +0100)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Sat, 13 Feb 2021 00:14:08 +0000 (01:14 +0100)
commit	6306c1189e77a513bf02720450bb43bd4ba5d8ae
tree	c7fdb60d6d7ec0a2d2ba83c4ec3c698bb9dd7895	tree \| snapshot
parent	7d4553b69fb335496c597c31590e982485ebe071	commit \| diff

bpf: Remove MTU check in __bpf_skb_max_len

Multiple BPF-helpers that can manipulate/increase the size of the SKB uses
__bpf_skb_max_len() as the max-length. This function limit size against
the current net_device MTU (skb->dev->mtu).

When a BPF-prog grow the packet size, then it should not be limited to the
MTU. The MTU is a transmit limitation, and software receiving this packet
should be allowed to increase the size. Further more, current MTU check in
__bpf_skb_max_len uses the MTU from ingress/current net_device, which in
case of redirects uses the wrong net_device.

This patch keeps a sanity max limit of SKB_MAX_ALLOC (16KiB). The real limit
is elsewhere in the system. Jesper's testing[1] showed it was not possible
to exceed 8KiB when expanding the SKB size via BPF-helper. The limiting
factor is the define KMALLOC_MAX_CACHE_SIZE which is 8192 for
SLUB-allocator (CONFIG_SLUB) in-case PAGE_SIZE is 4096. This define is
in-effect due to this being called from softirq context see code
__gfp_pfmemalloc_flags() and __do_kmalloc_node(). Jakub's testing showed
that frames above 16KiB can cause NICs to reset (but not crash). Keep this
sanity limit at this level as memory layer can differ based on kernel
config.

[1] https://github.com/xdp-project/bpf-examples/tree/master/MTU-tests

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/161287788936.790810.2937823995775097177.stgit@firesoul