On 2/26/24 14:10, Simon Horman wrote:
> On Thu, Feb 22, 2024 at 04:06:32PM +0100, Ilya Maximets wrote:
>> Trace attempts to process all the recirculations. However, if there
>> is a recirculation loop, i.e. if every recirculation generates another
>> recirculation, this process will never stop. It will grind until the
>> trace fills the system memory.
>>
>> A simple reproducer:
>>
>> make sandbox
>> ovs-vsctl add-br br0
>> ovs-vsctl add-port br0 p1
>> ovs-ofctl add-flow br0 "table=0,in_port=p1,ip,actions=ct(table=0)"
>> ovs-appctl ofproto/trace br0 in_port=p1,ip
>>
>> Limit the number of recirculations trace is processing with a fairly
>> arbitrary number - 4096 (loosely based on the resubmit limit, but
>> they are not actually related).
>>
>> Not adding a test for this since it's only for a trace, but also
>> because the test may lead to OOM event in a system if the test fails,
>> which is not nice.
>>
>> Fixes: e6bc8e749381 ("ofproto/trace: Add support for tracing conntrack
>> recirculation")
>> Reported-by: Jaime Caamaño Ruiz <[email protected]>
>> Signed-off-by: Ilya Maximets <[email protected]>
>
> Acked-by: Simon Horman <[email protected]>
>
> FWIIW, 4096 strikes me as an excessively generous limit.
> But I have no reason to argue for a smaller value.
I think, there is a couple of legit cases where we would want that
many recirculations, since they are not necessarily very deep, but
may look like a very wide tree instead. And in general we only
actually need protection from infinite cases. So, should be fine
to have 4096, I suppose.
Thanks for review!
Applied and backported down to 2.17.
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
