Bug#1079684: Network errors on VM

To: David Prévot <taffit@debian.org>, 1079684@bugs.debian.org
Subject: Bug#1079684: Network errors on VM
From: David Prévot <taffit@debian.org>
Date: Mon, 26 Aug 2024 15:44:16 +0200
Message-id: <[🔎] ZsyGsJoOjTOisCKH@brocoli.tilapin.org>
Reply-to: David Prévot <taffit@debian.org>, 1079684@bugs.debian.org
In-reply-to: <[🔎] ZsxC0U-tAnxWPJH7@brocoli.tilapin.org>
References: <[🔎] ZsxC0U-tAnxWPJH7@brocoli.tilapin.org> <[🔎] ZsxC0U-tAnxWPJH7@brocoli.tilapin.org>

Hi,

Thanks Salvatore for the quick follow up on IRC and for pointing me at
the following doc in order to quickly rebuild the kernel with the
proposed patches.

https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#id-1.6.6.4

Le Mon, Aug 26, 2024 at 10:54:41AM +0200, David Prévot a écrit :
[…]
> Forwarded: https://bugzilla.kernel.org/show_bug.cgi?id=219129
[…]
> It seems real network issues have been noticed in some VMs we rebooted
> on friday (they are now running the previous kernel).

There are indeed severe consequences in network performances: e.g., it
took me two minutes instead of a fraction of second to upload the
patched kernel to the server (~500kB/s instead of 62MB/s).

> The forwarded upstream issue seems to match.

I just rebuilt the kernel with the three following patches and can’t
reproduce the issue once booted on the patched version.

>   89add40066f9 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
>   fc8b2a619469 ("net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation")
>   9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4")

The first patch (in reverse order) didn’t apply cleanly, so I only used
the first diff (out of three):


Index: linux-6.1.106/net/ipv4/udp_offload.c
===================================================================
--- linux-6.1.106.orig/net/ipv4/udp_offload.c	2024-08-26 14:01:13.869618434 +0200
+++ linux-6.1.106/net/ipv4/udp_offload.c	2024-08-26 14:01:13.869618434 +0200
@@ -273,13 +273,20 @@
 	__sum16 check;
 	__be16 newlen;

-	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST)
-		return __udp_gso_segment_list(gso_skb, features, is_ipv6);
-
 	mss = skb_shinfo(gso_skb)->gso_size;
 	if (gso_skb->len <= sizeof(*uh) + mss)
 		return ERR_PTR(-EINVAL);

+	if (skb_gso_ok(gso_skb, features | NETIF_F_GSO_ROBUST)) {
+		/* Packet is from an untrusted source, reset gso_segs. */
+		skb_shinfo(gso_skb)->gso_segs = DIV_ROUND_UP(gso_skb->len - sizeof(*uh),
+							     mss);
+		return NULL;
+	}
+
+	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST)
+		return __udp_gso_segment_list(gso_skb, features, is_ipv6);
+
 	skb_pull(gso_skb, sizeof(*uh));

 	/* clear destructor to avoid skb_segment assigning it to tail */


Regards

taffit

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1079684: Network errors on VM
  - From: David Prévot <taffit@debian.org>

Prev by Date: Processed: reassign 1079684 to src:linux
Next by Date: Processed: tagging 1079684
Previous by thread: Bug#1079684: Network errors on VM
Next by thread: Bug#1079684: marked as done (Network errors on VM)
Index(es):
- Date
- Thread