Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4537444imm; Mon, 17 Sep 2018 16:05:33 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbPwOkv8gDx6xRgGVJ6ryb+ZR14fwRz1NHwRfdNiaDR/aEnE2PzPyRlqm8RpebEi7jmJBXG X-Received: by 2002:a17:902:15c5:: with SMTP id a5-v6mr26693246plh.137.1537225533338; Mon, 17 Sep 2018 16:05:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537225533; cv=none; d=google.com; s=arc-20160816; b=xgSZ3Zm/4uX/TmrUnLAFNM1rS+KKztDwJ8Ileg+MOCjWfU3QGkQAKYsad5ff1cKFQ1 suxypzOK484tZFtibGK//35bz+RgtMhuMk6RkDXapSRbQ7ZduaEiwHRoOMDVtTedUgKH hykvP5AX8zx9x9Fuxin+SovqtvVpkvE6qMixKT0wMaIijvitcAEFpFjEU5dVzv1Y6n6J 9azNp3fbhxL1y9jRK00lpWA5NGW0aOX7+bVLnVIZiD/CjN4U940eApFQj5CODKfxBO1K 8iLiw5ddZIBYwxtZDgHG5OU1f17Iqmg1XAQ43ANE0OWE5U5/W9MvPn+GUKoex0ZC5Mi6 qRRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=smCPTd7nRsvH6owbWB3S8U99hKWTz6rBYp79TVDffv4=; b=q+Ji6dJVyFqofHPLEH8OVCvJI+4K1/LECgz9nBw4zf8oAODuuDQfEKxMvzzCoUoU3J m9x2H6TQGHqodo6GyxX6khNEVAyIVTamvexIQM1D7AP0rfSLZhngWkzbzP+J1uEPGYTQ ZPDpCC11wA/0vEOzPHrsiYnpLtq4F5lKnrwejD4AXGj2VcxCzM1qcXE5VfWNmVkdibTX pnO/NIqVQJrq9TT5lTQoATOTNbPgHxv3MCR97GazehnPEEbKuzGOlFxHQgJZtTDah9/P f/zQHJTSg5h2E5VUzAY+ZepJGDorSlTL5J//69Jv738QaorgywfN7ZG6uuvihveVS6se bE1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1-v6si17467415pfe.259.2018.09.17.16.05.17; Mon, 17 Sep 2018 16:05:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730986AbeIREei (ORCPT + 99 others); Tue, 18 Sep 2018 00:34:38 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:49270 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730207AbeIREeh (ORCPT ); Tue, 18 Sep 2018 00:34:37 -0400 Received: from localhost (li1825-44.members.linode.com [172.104.248.44]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6392BCB2; Mon, 17 Sep 2018 23:05:07 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , "David S. Miller" Subject: [PATCH 4.14 102/126] inet: frags: get rif of inet_frag_evicting() Date: Tue, 18 Sep 2018 00:42:30 +0200 Message-Id: <20180917211710.649942476@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180917211703.481236999@linuxfoundation.org> References: <20180917211703.481236999@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Dumazet This refactors ip_expire() since one indentation level is removed. Note: in the future, we should try hard to avoid the skb_clone() since this is a serious performance cost. Under DDOS, the ICMP message wont be sent because of rate limits. Fact that ip6_expire_frag_queue() does not use skb_clone() is disturbing too. Presumably IPv6 should have the same issue than the one we fixed in commit ec4fbd64751d ("inet: frag: release spinlock before calling icmp_send()") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller (cherry picked from commit 399d1404be660d355192ff4df5ccc3f4159ec1e4) Signed-off-by: Greg Kroah-Hartman --- include/net/inet_frag.h | 5 --- net/ipv4/ip_fragment.c | 65 +++++++++++++++++++++++------------------------- net/ipv6/reassembly.c | 4 -- 3 files changed, 32 insertions(+), 42 deletions(-) --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h @@ -119,11 +119,6 @@ static inline void inet_frag_put(struct inet_frag_destroy(q); } -static inline bool inet_frag_evicting(struct inet_frag_queue *q) -{ - return false; -} - /* Memory Tracking Functions. */ static inline int frag_mem_limit(struct netns_frags *nf) --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -143,8 +143,11 @@ static bool frag_expire_skip_icmp(u32 us static void ip_expire(struct timer_list *t) { struct inet_frag_queue *frag = from_timer(frag, t, timer); - struct ipq *qp; + struct sk_buff *clone, *head; + const struct iphdr *iph; struct net *net; + struct ipq *qp; + int err; qp = container_of(frag, struct ipq, q); net = container_of(qp->q.net, struct net, ipv4.frags); @@ -158,45 +161,41 @@ static void ip_expire(struct timer_list ipq_kill(qp); __IP_INC_STATS(net, IPSTATS_MIB_REASMFAILS); - if (!inet_frag_evicting(&qp->q)) { - struct sk_buff *clone, *head = qp->q.fragments; - const struct iphdr *iph; - int err; + head = qp->q.fragments; - __IP_INC_STATS(net, IPSTATS_MIB_REASMTIMEOUT); + __IP_INC_STATS(net, IPSTATS_MIB_REASMTIMEOUT); - if (!(qp->q.flags & INET_FRAG_FIRST_IN) || !qp->q.fragments) - goto out; + if (!(qp->q.flags & INET_FRAG_FIRST_IN) || !head) + goto out; - head->dev = dev_get_by_index_rcu(net, qp->iif); - if (!head->dev) - goto out; + head->dev = dev_get_by_index_rcu(net, qp->iif); + if (!head->dev) + goto out; - /* skb has no dst, perform route lookup again */ - iph = ip_hdr(head); - err = ip_route_input_noref(head, iph->daddr, iph->saddr, + /* skb has no dst, perform route lookup again */ + iph = ip_hdr(head); + err = ip_route_input_noref(head, iph->daddr, iph->saddr, iph->tos, head->dev); - if (err) - goto out; + if (err) + goto out; + + /* Only an end host needs to send an ICMP + * "Fragment Reassembly Timeout" message, per RFC792. + */ + if (frag_expire_skip_icmp(qp->q.key.v4.user) && + (skb_rtable(head)->rt_type != RTN_LOCAL)) + goto out; + + clone = skb_clone(head, GFP_ATOMIC); - /* Only an end host needs to send an ICMP - * "Fragment Reassembly Timeout" message, per RFC792. - */ - if (frag_expire_skip_icmp(qp->q.key.v4.user) && - (skb_rtable(head)->rt_type != RTN_LOCAL)) - goto out; - - clone = skb_clone(head, GFP_ATOMIC); - - /* Send an ICMP "Fragment Reassembly Timeout" message. */ - if (clone) { - spin_unlock(&qp->q.lock); - icmp_send(clone, ICMP_TIME_EXCEEDED, - ICMP_EXC_FRAGTIME, 0); - consume_skb(clone); - goto out_rcu_unlock; - } + /* Send an ICMP "Fragment Reassembly Timeout" message. */ + if (clone) { + spin_unlock(&qp->q.lock); + icmp_send(clone, ICMP_TIME_EXCEEDED, + ICMP_EXC_FRAGTIME, 0); + consume_skb(clone); + goto out_rcu_unlock; } out: spin_unlock(&qp->q.lock); --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -106,10 +106,6 @@ void ip6_expire_frag_queue(struct net *n goto out_rcu_unlock; __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS); - - if (inet_frag_evicting(&fq->q)) - goto out_rcu_unlock; - __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT); /* Don't send error if the first segment did not arrive. */