inet: limit length of fragment queue hash table bucket lists

This patch introduces a constant limit of the fragment queue hash table bucket list lengths. Currently the limit 128 is choosen somewhat arbitrary and just ensures that we can fill up the fragment cache with empty packets up to the default ip_frag_high_thresh limits. It should just protect from list iteration eating considerable amounts of cpu. If we reach the maximum length in one hash bucket a warning is printed. This is implemented on the caller side of inet_frag_find to distinguish between the different users of inet_fragment.c. I dropped the out of memory warning in the ipv4 fragment lookup path, because we already get a warning by the slab allocator. Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jesper Dangaard Brouer <jbrouer@redhat.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Hannes Frederic Sowa <hannes@stressinduktion.org> 2013-03-15 07:32:30 -0400
committer: David S. Miller <davem@davemloft.net> 2013-03-19 10:28:36 -0400
commit: 5a3da1fe9561828d0ca7eca664b16ec2b9bf0055 (patch)
tree: b7bbaabf1271af7d912e9bdbb7f5810d2d0a5d3e /net/ipv6
parent: 271648b4c610eed540daaf9ff366209825757565 (diff)
2 files changed, 12 insertions, 8 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 54087e96d7b8..6700069949dd 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -14,6 +14,8 @@
 * 2 of the License, or (at your option) any later version.
 */
+#define pr_fmt(fmt) "IPv6-nf: " fmt
 #include <linux/errno.h>
 #include <linux/types.h>
 #include <linux/string.h>
@@ -180,13 +182,11 @@ static inline struct frag_queue *fq_find(struct net *net, __be32 id,
        q = inet_frag_find(&net->nf_frag.frags, &nf_frags, &arg, hash);
        local_bh_enable();
-        if (q == NULL)
+        if (IS_ERR_OR_NULL(q)) {
-                goto oom;
+                inet_frag_maybe_warn_overflow(q, pr_fmt());
+                return NULL;
+        }
        return container_of(q, struct frag_queue, q);
-oom:
-        return NULL;
 }
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 3c6a77290c6e..196ab9347ad1 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -26,6 +26,9 @@
 *      YOSHIFUJI,H. @USAGI     Always remove fragment header to
 *                              calculate ICV correctly.
 */
+#define pr_fmt(fmt) "IPv6: " fmt
 #include <linux/errno.h>
 #include <linux/types.h>
 #include <linux/string.h>
@@ -185,9 +188,10 @@ fq_find(struct net *net, __be32 id, const struct in6_addr *src, const struct in6
        hash = inet6_hash_frag(id, src, dst, ip6_frags.rnd);
        q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
-        if (q == NULL)
+        if (IS_ERR_OR_NULL(q)) {
+                inet_frag_maybe_warn_overflow(q, pr_fmt());
                return NULL;
+        }
        return container_of(q, struct frag_queue, q);
 }
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	2013-03-15 07:32:30 -0400
committer	David S. Miller <davem@davemloft.net>	2013-03-19 10:28:36 -0400
commit	5a3da1fe9561828d0ca7eca664b16ec2b9bf0055 (patch)
tree	b7bbaabf1271af7d912e9bdbb7f5810d2d0a5d3e /net/ipv6
parent	271648b4c610eed540daaf9ff366209825757565 (diff)

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 54087e96d7b8..6700069949dd 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -14,6 +14,8 @@
14	* 2 of the License, or (at your option) any later version.	14	* 2 of the License, or (at your option) any later version.
15	*/	15	*/
16		16
		17	#define pr_fmt(fmt) "IPv6-nf: " fmt
		18
17	#include <linux/errno.h>	19	#include <linux/errno.h>
18	#include <linux/types.h>	20	#include <linux/types.h>
19	#include <linux/string.h>	21	#include <linux/string.h>
@@ -180,13 +182,11 @@ static inline struct frag_queue fq_find(struct net net, __be32 id,
180		182
181	q = inet_frag_find(&net->nf_frag.frags, &nf_frags, &arg, hash);	183	q = inet_frag_find(&net->nf_frag.frags, &nf_frags, &arg, hash);
182	local_bh_enable();	184	local_bh_enable();
183	if (q == NULL)	185	if (IS_ERR_OR_NULL(q)) {
184	goto oom;	186	inet_frag_maybe_warn_overflow(q, pr_fmt());
185		187	return NULL;
		188	}
186	return container_of(q, struct frag_queue, q);	189	return container_of(q, struct frag_queue, q);
187
188	oom:
189	return NULL;
190	}	190	}
191		191
192		192


diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 3c6a77290c6e..196ab9347ad1 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c
@@ -26,6 +26,9 @@
26	* YOSHIFUJI,H. @USAGI Always remove fragment header to	26	* YOSHIFUJI,H. @USAGI Always remove fragment header to
27	* calculate ICV correctly.	27	* calculate ICV correctly.
28	*/	28	*/
		29
		30	#define pr_fmt(fmt) "IPv6: " fmt
		31
29	#include <linux/errno.h>	32	#include <linux/errno.h>
30	#include <linux/types.h>	33	#include <linux/types.h>
31	#include <linux/string.h>	34	#include <linux/string.h>
@@ -185,9 +188,10 @@ fq_find(struct net net, __be32 id, const struct in6_addr src, const struct in6
185	hash = inet6_hash_frag(id, src, dst, ip6_frags.rnd);	188	hash = inet6_hash_frag(id, src, dst, ip6_frags.rnd);
186		189
187	q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);	190	q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
188	if (q == NULL)	191	if (IS_ERR_OR_NULL(q)) {
		192	inet_frag_maybe_warn_overflow(q, pr_fmt());
189	return NULL;	193	return NULL;
190		194	}
191	return container_of(q, struct frag_queue, q);	195	return container_of(q, struct frag_queue, q);
192	}	196	}
193		197