lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHS8izPGa99LyEc=AeqNaK8X68b7dovxCHOLbR=hnbaybN_zgQ@mail.gmail.com> Date: Tue, 7 Nov 2023 13:19:32 -0800 From: Mina Almasry <almasrymina@...gle.com> To: Yunsheng Lin <linyunsheng@...wei.com> Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-media@...r.kernel.org, dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Jesper Dangaard Brouer <hawk@...nel.org>, Ilias Apalodimas <ilias.apalodimas@...aro.org>, Arnd Bergmann <arnd@...db.de>, David Ahern <dsahern@...nel.org>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, Shuah Khan <shuah@...nel.org>, Sumit Semwal <sumit.semwal@...aro.org>, Christian König <christian.koenig@....com>, Shakeel Butt <shakeelb@...gle.com>, Jeroen de Borst <jeroendb@...gle.com>, Praveen Kaligineedi <pkaligineedi@...gle.com> Subject: Re: [RFC PATCH v3 08/12] net: support non paged skb frags On Tue, Nov 7, 2023 at 1:00 AM Yunsheng Lin <linyunsheng@...wei.com> wrote: > > On 2023/11/6 10:44, Mina Almasry wrote: > > Make skb_frag_page() fail in the case where the frag is not backed > > by a page, and fix its relevent callers to handle this case. > > > > Correctly handle skb_frag refcounting in the page_pool_iovs case. > > > > Signed-off-by: Mina Almasry <almasrymina@...gle.com> > > > > ... > > > /** > > * skb_frag_page - retrieve the page referred to by a paged fragment > > * @frag: the paged fragment > > * > > - * Returns the &struct page associated with @frag. > > + * Returns the &struct page associated with @frag. Returns NULL if this frag > > + * has no associated page. > > */ > > static inline struct page *skb_frag_page(const skb_frag_t *frag) > > { > > - return frag->bv_page; > > + if (!page_is_page_pool_iov(frag->bv_page)) > > + return frag->bv_page; > > + > > + return NULL; > > It seems most of callers don't expect NULL returning for skb_frag_page(), > and this patch only changes a few relevant callers to handle the NULL case. > Yes, I did not change code that I guessed was not likely to be affected or enable the devmem TCP case. Here is my breakdown: ➜ cos-kernel git:(tcpdevmem) ✗ ack -i "skb_frag_page\(" --ignore-dir=drivers -t cc -l net/core/dev.c net/core/datagram.c net/core/xdp.c net/core/skbuff.c net/core/filter.c net/core/gro.c net/appletalk/ddp.c net/wireless/util.c net/tls/tls_device.c net/tls/tls_device_fallback.c net/ipv4/tcp.c net/ipv4/tcp_output.c net/bpf/test_run.c include/linux/skbuff.h I'm ignoring ank skb_frag_page() calls in drivers because drivers need to add support for devmem TCP, and handle these calls at time of adding support, I think that's reasonable. net/core/dev.c: I think I missed ilegal_highdma() net/core/datagram.c: __skb_datagram_iter() protected by not_readable(skb) check. net/core/skbuff.c: protected by not_readable(skb) check. net/core/filter.c: bpf_xdp_frags_shrink_tail seems like xdp specific, not sure it's relevant here. net/core/gro.c: skb_gro_reset_offset: protected by NULL check net/ipv4/tcp.c: tcp_zerocopy_receive protected by NULL check. net/ipv4/tcp_output.c: tcp_clone_payload: handles NULL return fine. net/bpf/test_run.c: seems xdp specific and not sure if it can run into devmem issues. include/linux/skbuff.h: I think the multiple calls here are being handled correctly, but let me know if not. All the calls in these files, I think, are code paths not possible to hit devmem TCP with the current support, I think: net/core/xdp.c net/appletalk/ddp.c net/wireless/util.c net/tls/tls_device.c net/tls/tls_device_fallback.c All in all I think maybe all in all I missed illegal_highdma(). I'll fix it in the next iteration. > It may make more sense to add a new helper to do the above checking, and > add a warning in skb_frag_page() to catch any missing NULL checking for > skb_frag_page() caller, something like below? > > static inline struct page *skb_frag_page(const skb_frag_t *frag) > { > - return frag->bv_page; > + struct page *page = frag->bv_page; > + > + BUG_ON(page_is_page_pool_iov(page)); > + > + return page; > +} > + > +static inline struct page *skb_frag_readable_page(const skb_frag_t *frag) > +{ > + struct page *page = frag->bv_page; > + > + if (!page_is_page_pool_iov(page)) > + return page; > + > + return NULL; > } > > My personal immediate reaction is that this may just introduce code churn without significant benefit. If an unsuspecting caller call skb_frag_page() on devmem frag and doesn't correctly handle NULL return, it will crash or error out anyway, and likely in some obvious way, so maybe the BUG_ON() isn't so useful that it's worth changing all the call sites. But if there is consensus on adding a change like you propose, I have no problem adding it. -- Thanks, Mina
Powered by blists - more mailing lists