| Message ID | 20210607173530.46493-1-dsahern@kernel.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] neighbour: allow NUD_NOARP entries to be forced GCed | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 5 maintainers not CCed: trix@redhat.com jdike@akamai.com chinagar@codeaurora.org zhutong@amazon.com weichen.chen@linux.alibaba.com |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 41 this patch: 41 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 7 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 34 this patch: 34 |
| netdev/header_inline | success | Link |
On 6/7/21 10:35 AM, David Ahern wrote: > IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to > fill up the neighbour table with enough entries that it will overflow for > valid connections after that. > > This behaviour is more prevalent after commit 58956317c8de ("neighbor: > Improve garbage collection") is applied, as it prevents removal from > entries that are not NUD_FAILED, unless they are more than 5s old. > > Fixes: 58956317c8de (neighbor: Improve garbage collection) > Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net> > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > Signed-off-by: David Ahern <dsahern@kernel.org> > --- > rebased to net tree There are other use-cases that use NUD_NOARP as static neighbour entries which should be exempt from forced gc. for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case. The check in your patch below should exclude NTF_EXT_LEARNED entries. (unrelated to the neighbour code , but bridge driver also uses NUD_NOARP for static entries) > > net/core/neighbour.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/core/neighbour.c b/net/core/neighbour.c > index 98f20efbfadf..bf774575ad71 100644 > --- a/net/core/neighbour.c > +++ b/net/core/neighbour.c > @@ -238,6 +238,7 @@ static int neigh_forced_gc(struct neigh_table *tbl) > > write_lock(&n->lock); > if ((n->nud_state == NUD_FAILED) || > + (n->nud_state == NUD_NOARP) || > (tbl->is_multicast && > tbl->is_multicast(n->primary_key)) || > time_after(tref, n->updated))
On 6/7/21 12:53 PM, Roopa Prabhu wrote: > > On 6/7/21 10:35 AM, David Ahern wrote: >> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's >> possible to >> fill up the neighbour table with enough entries that it will overflow for >> valid connections after that. >> >> This behaviour is more prevalent after commit 58956317c8de ("neighbor: >> Improve garbage collection") is applied, as it prevents removal from >> entries that are not NUD_FAILED, unless they are more than 5s old. >> >> Fixes: 58956317c8de (neighbor: Improve garbage collection) >> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net> >> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> >> Signed-off-by: David Ahern <dsahern@kernel.org> >> --- >> rebased to net tree > > > There are other use-cases that use NUD_NOARP as static neighbour > entries which should be exempt from forced gc. > > for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case. > > The check in your patch below should exclude NTF_EXT_LEARNED entries. > > > (unrelated to the neighbour code , but bridge driver also uses > NUD_NOARP for static entries) > > Maybe I misunderstand your comment: forced_gc does not apply to static entries; those were moved to a separate list to avoid walking them.
On 6/7/21 3:04 PM, David Ahern wrote: > On 6/7/21 12:53 PM, Roopa Prabhu wrote: >> On 6/7/21 10:35 AM, David Ahern wrote: >>> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's >>> possible to >>> fill up the neighbour table with enough entries that it will overflow for >>> valid connections after that. >>> >>> This behaviour is more prevalent after commit 58956317c8de ("neighbor: >>> Improve garbage collection") is applied, as it prevents removal from >>> entries that are not NUD_FAILED, unless they are more than 5s old. >>> >>> Fixes: 58956317c8de (neighbor: Improve garbage collection) >>> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net> >>> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> >>> Signed-off-by: David Ahern <dsahern@kernel.org> >>> --- >>> rebased to net tree >> >> There are other use-cases that use NUD_NOARP as static neighbour >> entries which should be exempt from forced gc. >> >> for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case. >> >> The check in your patch below should exclude NTF_EXT_LEARNED entries. >> >> >> (unrelated to the neighbour code , but bridge driver also uses >> NUD_NOARP for static entries) >> >> > Maybe I misunderstand your comment: forced_gc does not apply to static > entries; those were moved to a separate list to avoid walking them. > I think you are right. so just to confirm, NUD_NOARP + NTF_EXT_LEARNED will never be included in the list for forced_gc and hence not affected by your patch ? if yes, I am good.
From: David Ahern <dsahern@kernel.org> Date: Mon, 7 Jun 2021 11:35:30 -0600 > IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to > fill up the neighbour table with enough entries that it will overflow for > valid connections after that. > > This behaviour is more prevalent after commit 58956317c8de ("neighbor: > Improve garbage collection") is applied, as it prevents removal from > entries that are not NUD_FAILED, unless they are more than 5s old. > > Fixes: 58956317c8de (neighbor: Improve garbage collection) > Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net> > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > Signed-off-by: David Ahern <dsahern@kernel.org> > --- > rebased to net tree Applied, thanks.
diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 98f20efbfadf..bf774575ad71 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -238,6 +238,7 @@ static int neigh_forced_gc(struct neigh_table *tbl) write_lock(&n->lock); if ((n->nud_state == NUD_FAILED) || + (n->nud_state == NUD_NOARP) || (tbl->is_multicast && tbl->is_multicast(n->primary_key)) || time_after(tref, n->updated))
IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that. This behaviour is more prevalent after commit 58956317c8de ("neighbor: Improve garbage collection") is applied, as it prevents removal from entries that are not NUD_FAILED, unless they are more than 5s old. Fixes: 58956317c8de (neighbor: Improve garbage collection) Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: David Ahern <dsahern@kernel.org> --- rebased to net tree net/core/neighbour.c | 1 + 1 file changed, 1 insertion(+)