Patchwork [RFC] net: usbnet: prevent buggy devices from killing us

login
register
mail settings
Submitter Bjørn Mork
Date Jan. 24, 2013, 12:47 p.m.
Message ID <87y5fig32r.fsf@nemi.mork.no>
Download mbox | patch
Permalink /patch/215344/
State Superseded
Headers show

Comments

Bjørn Mork - Jan. 24, 2013, 12:47 p.m.
Oliver Neukum <oneukum@suse.de> writes:
> On Thursday 24 January 2013 12:22:54 Bjørn Mork wrote:
>
>> Sorry for being daft, but how do I code the "20 among the last 30" part
>> there?
>
> Just by agreeing that you can live with false negatives but not false positives
>
> if (++counter > 30) {
> 	counter = bogus = 0;
> } else {
> 	if (is_bogus(packet)
> 		bogus++;
> 	if (bogus > counter/2)
> 		throttle();
> }

So, add two new counters to struct usbnet for this?  That seems a little
overkill to me, but I don't see how else to implement anything like that.

It is still not completely clear to me how the throttling/unthrottling
should be done.  It tested with static counters (to avoid having to
rebuild everything for this test) and a new EVENT_RX_THROTTLE flag.
Still on top of my previous patch just for safety while testing, as I am
fed up of having to reboot all the time :-)

Doing the flag test in rx_submit seems simpler than trying to track all
the places this is called.  Still checking the dev->done.qlen to be able
to unthrottle.

Was this along the lines you thought?






--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Oliver Neukum - Jan. 24, 2013, 1:12 p.m.
On Thursday 24 January 2013 13:47:40 Bjørn Mork wrote:
> Oliver Neukum <oneukum@suse.de> writes:
> > On Thursday 24 January 2013 12:22:54 Bjørn Mork wrote:
> >
> >> Sorry for being daft, but how do I code the "20 among the last 30" part
> >> there?
> >
> > Just by agreeing that you can live with false negatives but not false positives
> >
> > if (++counter > 30) {
> > 	counter = bogus = 0;
> > } else {
> > 	if (is_bogus(packet)
> > 		bogus++;
> > 	if (bogus > counter/2)

Should probably be something like bogus > counter/2 + 10

> > 		throttle();
> > }
> 
> So, add two new counters to struct usbnet for this?  That seems a little
> overkill to me, but I don't see how else to implement anything like that.

Memory is cheap.
 
> It is still not completely clear to me how the throttling/unthrottling
> should be done.  It tested with static counters (to avoid having to
> rebuild everything for this test) and a new EVENT_RX_THROTTLE flag.
> Still on top of my previous patch just for safety while testing, as I am
> fed up of having to reboot all the time :-)
> 
> Doing the flag test in rx_submit seems simpler than trying to track all
> the places this is called.  Still checking the dev->done.qlen to be able
> to unthrottle.

Ideally we would do some error handling. Does the device keep spewing
zero packets for all eternity?

	Regards
		Oliver

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Bjørn Mork - Jan. 24, 2013, 1:42 p.m.
Oliver Neukum <oneukum@suse.de> writes:

> On Thursday 24 January 2013 13:47:40 Bjørn Mork wrote:
>> Oliver Neukum <oneukum@suse.de> writes:
>> > On Thursday 24 January 2013 12:22:54 Bjørn Mork wrote:
>> >
>> >> Sorry for being daft, but how do I code the "20 among the last 30" part
>> >> there?
>> >
>> > Just by agreeing that you can live with false negatives but not false positives
>> >
>> > if (++counter > 30) {
>> > 	counter = bogus = 0;
>> > } else {
>> > 	if (is_bogus(packet)
>> > 		bogus++;
>> > 	if (bogus > counter/2)
>
> Should probably be something like bogus > counter/2 + 10

right

>> > 		throttle();
>> > }
>> 
>> So, add two new counters to struct usbnet for this?  That seems a little
>> overkill to me, but I don't see how else to implement anything like that.
>
> Memory is cheap.

OK

>> It is still not completely clear to me how the throttling/unthrottling
>> should be done.  It tested with static counters (to avoid having to
>> rebuild everything for this test) and a new EVENT_RX_THROTTLE flag.
>> Still on top of my previous patch just for safety while testing, as I am
>> fed up of having to reboot all the time :-)
>> 
>> Doing the flag test in rx_submit seems simpler than trying to track all
>> the places this is called.  Still checking the dev->done.qlen to be able
>> to unthrottle.
>
> Ideally we would do some error handling. Does the device keep spewing
> zero packets for all eternity?

Yes. The only way to get rid of the bug once it has triggered seems to
be powering the device off/on.  So unthrottling is not important for
this device.  But I guess it will be for other devices with more
temporary problems.



Bjørn
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 85c7ffd..e3a1d63 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -380,6 +382,13 @@  static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags)
 	unsigned long		lockflags;
 	size_t			size = dev->rx_urb_size;
 
+
+	if (test_bit(EVENT_RX_THROTTLE, &dev->flags) && dev->done.qlen > 0) {
+		netif_dbg(dev, rx_err, dev->net, "%s: EVENT_RX_THROTTLE: (done.qlen=%u)\n", __func__, dev->done.qlen);
+		usb_free_urb(urb);
+		return -ENOLINK;
+	}
+
 	/* Do not let a device flood us to death! */
 	if (dev->done.qlen > 1024) {
 		netif_dbg(dev, rx_err, dev->net, "done queue filling up (%u) - throttling\n", dev->done.qlen);
@@ -482,6 +491,7 @@  static void rx_complete (struct urb *urb)
 	struct usbnet		*dev = entry->dev;
 	int			urb_status = urb->status;
 	enum skb_state		state;
+	static int counter, bogus;
 
 	skb_put (skb, urb->actual_length);
 	state = rx_done;
@@ -547,6 +557,17 @@  block:
 		break;
 	}
 
+	/* keep track of bogus packet ratio */
+	if (++counter > 30) {
+		counter = bogus = 0;
+		clear_bit(EVENT_RX_THROTTLE, &dev->flags);
+	} else {
+		if (state == rx_cleanup)
+			bogus++;
+		if (bogus > counter/2)
+			set_bit(EVENT_RX_THROTTLE, &dev->flags);
+	}
+
 	state = defer_bh(dev, skb, &dev->rxq, state);
 
 	if (urb) {