Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1457136rdb;
        Wed, 20 Sep 2023 09:34:01 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEH+QZpDZU/5xIKLAdYViJBJO5wzPelmHss0uKit7HnCTJTN31kPN7iAEc2LOJdmtR6lN/A
X-Received: by 2002:a17:902:ea8b:b0:1c3:73aa:618b with SMTP id x11-20020a170902ea8b00b001c373aa618bmr2808329plb.9.1695227640698;
        Wed, 20 Sep 2023 09:34:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695227640; cv=none;
        d=google.com; s=arc-20160816;
        b=C983W1fcYq9pcCuFgr8nSnbYAK7UrCfsdmCJSsLgigX5X3QoCpTyxNymo2U5FpJfo2
         rBkEB6Bg36y2B7t/s8+OL7wBNVi1+CD5UkwvB7Ea7o0GnHqBhydPw5GCHj2WyC9itw0Z
         nIYErXDv9okGaZ1jLRskxXbvkHYBbd4xBH5nybIOBgokNHm11IzKkR2rO7ErZdoTyTfh
         bpzdj/+CqReyg7Uz3EjfOaaCkuRQYFS7sQpSTqqg+EJiPg5m9ekQ829IyPZR1GCYzw+V
         auKUw3mEzAgHipZ0J++dQHBze3Qw+E6cT17/G8SmxxzqQeQWbo3OPINR0SqiwIaKOGDX
         WIvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=;
        fh=r8zpVSSoSO6PfqQy7ooLS7GpPkua5AzwTepuYCrhBPo=;
        b=XvMwWrQrfkQTcJgHvSap3D+AaJML4R9h4138petMPZD4E5lA2EbNpjIG+1qCHG6yhZ
         8+xTnzq9HSvTvlE7ktEsCgYaKRtenfpUSI9oju+iDOQz5kFphhywmGCg/eNFdfT/S4hr
         kxMEwGJug82fUwGtJy39jCb+R6EhHkWiWnZrS47gTMUIgg+JmRMvc+XH2VPFGgPNzVP6
         tc0oUyUOOExLTOZEjQKvfZnk1NT97HxmnJOemnpBdxJGEMHlUcIwRmNv4utf44AfDAqA
         3VvANN+FxN1DifvZmDixna22+5QRMrIIbO0x1Sesj3ke7udetPxULdCAT2gk0ejmDabQ
         wq2w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@blackwall-org.20230601.gappssmtp.com header.s=20230601 header.b=RazleXos;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from fry.vger.email (fry.vger.email. [23.128.96.38])
        by mx.google.com with ESMTPS id x9-20020a170902b40900b001bbb39ffe06si11598333plr.69.2023.09.20.09.34.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 20 Sep 2023 09:34:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@blackwall-org.20230601.gappssmtp.com header.s=20230601 header.b=RazleXos;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by fry.vger.email (Postfix) with ESMTP id 308B783457F7;
	Wed, 20 Sep 2023 03:50:01 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233125AbjITKt4 (ORCPT <rfc822;bh1scw@gmail.com> + 99 others);
        Wed, 20 Sep 2023 06:49:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43066 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234036AbjITKte (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 Sep 2023 06:49:34 -0400
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BC80CF4
        for <linux-kernel@vger.kernel.org>; Wed, 20 Sep 2023 03:49:05 -0700 (PDT)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-99c3d3c3db9so919911266b.3
        for <linux-kernel@vger.kernel.org>; Wed, 20 Sep 2023 03:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=blackwall-org.20230601.gappssmtp.com; s=20230601; t=1695206943; x=1695811743; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=;
        b=RazleXos7/k53GEoTRbGsHzMX9JT1DA51tFBZ3TYPXQeK02nojwcfEvtKhThwk0g8M
         OvIua8Ana6XbAIrjagYg9R65I2oLsi7VatOXOqZ/jp05kJJcCaQnlsjCvKjtgaSKniBp
         kdQ00CxPkWdHRmAtTG6Vohb/MtRvmFibKLunTXsfkCgE7cjy/qQZPjKENA7TsO4kg7xs
         8XL9ldy45vWFtAsw00TZrwTXm4dAS/8Yn5FvAUNhsJhNPad8JF8Pg6pgAnkC3+2amoNk
         iCvx+vmSwo8oBuBTyg9JsgwKcw2UCn03NpVnskrr2UciHNjkIZk7ImQ2yoMBbrFXudxc
         D8Tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1695206943; x=1695811743;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=;
        b=hY9gbyzj5GcI8VYkLCPgeatm1nqSWfLnNtmfZffoPzJRhJPLV15GLtSTRjxFgQYOZJ
         OxLCWgzHDDMwvvwIdumMMckgccTdpZmeMI3WH5czirWse9q7dss6z56GLb3IU4BS7Xyv
         211qWYKSJBlqjTIi4XlV+7bHjvsw71YCv/l136nVNbgorYJtGWndkTgNb2SWJSHJuLc8
         TYe6qhzKyaStz8cAyexvItIzaRA//VrBkeWmMOVQ3aDySXlLHDD7uHmmQ/6JsYv7xSU1
         U33U9+oJpy+Jcnwof0t0C8B7VHXpAfSjh/ZDYbJnBvO7g2BH53d4ZTrgY9GE09QM6dWJ
         r9tg==
X-Gm-Message-State: AOJu0YxMzPYPTznRUPylSdFbG0s4v3QHSt/GLMPcP4f6V8lhlqX+ffSb
        3xEn+jb4lhai/hDS/781K+a4Mw==
X-Received: by 2002:a17:906:3d21:b0:9a2:1e14:86bd with SMTP id l1-20020a1709063d2100b009a21e1486bdmr1622513ejf.65.1695206943489;
        Wed, 20 Sep 2023 03:49:03 -0700 (PDT)
Received: from [192.168.0.105] (haunt.prize.volia.net. [93.72.109.136])
        by smtp.gmail.com with ESMTPSA id qb18-20020a1709077e9200b009adc5802d08sm8191805ejc.190.2023.09.20.03.49.02
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 20 Sep 2023 03:49:03 -0700 (PDT)
Message-ID: <5146e687-f5b8-86b2-e4e3-29871fe4fa5c@blackwall.org>
Date:   Wed, 20 Sep 2023 13:49:01 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.5.0
Subject: Re: [PATCH net-next v4 3/6] net: bridge: Track and limit dynamically
 learned FDB entries
Content-Language: en-US
To:     Johannes Nixdorf <jnixdorf-oss@avm.de>,
        "David S. Miller" <davem@davemloft.net>,
        Andrew Lunn <andrew@lunn.ch>, David Ahern <dsahern@gmail.com>,
        Eric Dumazet <edumazet@google.com>,
        Florian Fainelli <f.fainelli@gmail.com>,
        Ido Schimmel <idosch@nvidia.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Oleksij Rempel <linux@rempel-privat.de>,
        Paolo Abeni <pabeni@redhat.com>,
        Roopa Prabhu <roopa@nvidia.com>, Shuah Khan <shuah@kernel.org>,
        Vladimir Oltean <vladimir.oltean@nxp.com>
Cc:     bridge@lists.linux-foundation.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org
References: <20230919-fdb_limit-v4-0-39f0293807b8@avm.de>
 <20230919-fdb_limit-v4-3-39f0293807b8@avm.de>
From:   Nikolay Aleksandrov <razor@blackwall.org>
In-Reply-To: <20230919-fdb_limit-v4-3-39f0293807b8@avm.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 20 Sep 2023 03:50:01 -0700 (PDT)

On 9/19/23 11:12, Johannes Nixdorf wrote:
> A malicious actor behind one bridge port may spam the kernel with packets
> with a random source MAC address, each of which will create an FDB entry,
> each of which is a dynamic allocation in the kernel.
> 
> There are roughly 2^48 different MAC addresses, further limited by the
> rhashtable they are stored in to 2^31. Each entry is of the type struct
> net_bridge_fdb_entry, which is currently 128 bytes big. This means the
> maximum amount of memory allocated for FDB entries is 2^31 * 128B =
> 256GiB, which is too much for most computers.
> 
> Mitigate this by maintaining a per bridge count of those automatically
> generated entries in fdb_n_learned, and a limit in fdb_max_learned. If
> the limit is hit new entries are not learned anymore.
> 
> For backwards compatibility the default setting of 0 disables the limit.
> 
> User-added entries by netlink or from bridge or bridge port addresses
> are never blocked and do not count towards that limit.
> 
> Introduce a new fdb entry flag BR_FDB_DYNAMIC_LEARNED to keep track of
> whether an FDB entry is included in the count. The flag is enabled for
> dynamically learned entries, and disabled for all other entries. This
> should be equivalent to BR_FDB_ADDED_BY_USER and BR_FDB_LOCAL being unset,
> but contrary to the two flags it can be toggled atomically.
> 
> Atomicity is required here, as there are multiple callers that modify the
> flags, but are not under a common lock (br_fdb_update is the exception
> for br->hash_lock, br_fdb_external_learn_add for RTNL).
> 
> Signed-off-by: Johannes Nixdorf <jnixdorf-oss@avm.de>
> ---
>   net/bridge/br_fdb.c     | 35 +++++++++++++++++++++++++++++++++--
>   net/bridge/br_private.h |  4 ++++
>   2 files changed, 37 insertions(+), 2 deletions(-)
> 

I think this is a good counting start. :) It'd be nice to get
more eyes on this one.
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>