[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FA19F5B.7040407@intel.com>
Date: Wed, 02 May 2012 13:55:55 -0700
From: Alexander Duyck <alexander.h.duyck@...el.com>
To: Eric Dumazet <eric.dumazet@...il.com>
CC: Alexander Duyck <alexander.duyck@...il.com>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Neal Cardwell <ncardwell@...gle.com>,
Tom Herbert <therbert@...gle.com>,
Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
Michael Chan <mchan@...adcom.com>,
Matt Carlson <mcarlson@...adcom.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ben Hutchings <bhutchings@...arflare.com>,
Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>,
Maciej Żenczykowski <maze@...gle.com>
Subject: Re: [PATCH net-next] net: take care of cloned skbs in tcp_try_coalesce()
On 05/02/2012 11:15 AM, Eric Dumazet wrote:
> On Wed, 2012-05-02 at 11:05 -0700, Alexander Duyck wrote:
>
>> You're correct about the fragstolen case, I actually was thinking of the
>> first patch you sent, not this second one.
>>
>> However we still have a problem. What we end up with now is a case of
>> sharing in which the clone skb no longer knows that it is sharing the
>> head with another skb. The dataref will drop to 1 when we call
>> __kfree_skb. This means that any other function out there that tries to
>> see if the skb is shared would return false. This could lead to issues
>> if there is anything out there that manipulates the data in head based
>> on the false assumption that it is not cloned. What we would probably
>> need to do in this case is tweak the logic for skb_cloned. If you are
>> using a head_frag you should probably add a check that returns true if
>> cloned is true and page_count is greater than 1. We should be safe in
>> the case of skb_header_cloned since we already dropped are dataref when
>> we stole the page and freed the skb.
> I really dont understand this concern.
>
> When skb is cloned, we copy in head_frag __skb_clone()
>
> So both skbs have the bit set, and dataref = 2.
>
> first skb is freed, dataref becomes 1 and nothing special happen
>
> >From this point, skb->head is not 'shared' anymore (taken your own
> words). And we are free to do whatever we want.
>
> second skb is freed, dataref becomes 0 and we call the right destructor.
The problem is that the stack will not be able to detect sharing. As
long as page_count is greater than 2 and skb->cloned is set we should be
telling any callers to skb_cloned that the head is cloned. Otherwise we
can run into issues elsewhere with well meaning code checking and not
detecting sharing, and then mangling the header.
Also I am not sure if the big monolithic changes are really the best way
to approach this. It would be nice if we could fix this incrementally
instead of trying to do it all at once since there are multiple issues
that need to be addressed.
I will try to submit a few patches from my end later today. I still
need to look over all of the changes from the past couple of weeks that
were based on the assumption that the IP stack completely owned the skb.
Thanks,
Alex
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists