diff mbox

net: Validate frames going through the direct_xmit path

Message ID 1409718220.26422.28.camel@edumazet-glaptop2.roam.corp.google.com
State RFC, archived
Delegated to: David Miller
Headers show

Commit Message

Eric Dumazet Sept. 3, 2014, 4:23 a.m. UTC 
On Tue, 2014-09-02 at 19:46 -0700, Alexander Duyck wrote:

> Actually it looks like there are several issues.  One is the bypass
> problem which is the major issue. Another side effect of the original
> patch is that a bad frame will cause us to exit __qdisc_run prematurely
> even if other frames are still in the qdisc.

Hmm... maybe a the following would fix that ?

Also note we lack counters tracking these kind of events (dropped count)



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 5b261e91bdbd..e051fdf95783 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -71,9 +71,13 @@  static inline struct sk_buff *dequeue_skb(struct Qdisc *q)
 			skb = NULL;
 	} else {
 		if (!(q->flags & TCQ_F_ONETXQUEUE) || !netif_xmit_frozen_or_stopped(txq)) {
+dequeue:
 			skb = q->dequeue(q);
-			if (skb)
+			if (skb) {
 				skb = validate_xmit_skb(skb, qdisc_dev(q));
+				if (!skb)
+					goto dequeue;
+			}
 		}
 	}