lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Nov 2013 11:05:36 +0800 From: Jason Wang <jasowang@...hat.com> To: "Michael S. Tsirkin" <mst@...hat.com>, Eric Dumazet <eric.dumazet@...il.com> CC: rusty@...tcorp.com.au, virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Michael Dalton <mwdalton@...gle.com>, Eric Dumazet <edumazet@...gle.com> Subject: Re: [PATCH net] virtio-net: fix page refcnt leaking when fail to allocate frag skb On 11/20/2013 04:49 AM, Michael S. Tsirkin wrote: > On Tue, Nov 19, 2013 at 06:03:48AM -0800, Eric Dumazet wrote: >> On Tue, 2013-11-19 at 16:05 +0800, Jason Wang wrote: >>> We need to drop the refcnt of page when we fail to allocate an skb for frag >>> list, otherwise it will be leaked. The bug was introduced by commit >>> 2613af0ed18a11d5c566a81f9a6510b73180660a ("virtio_net: migrate mergeable rx >>> buffers to page frag allocators"). >>> >>> Cc: Michael Dalton <mwdalton@...gle.com> >>> Cc: Eric Dumazet <edumazet@...gle.com> >>> Cc: Rusty Russell <rusty@...tcorp.com.au> >>> Cc: Michael S. Tsirkin <mst@...hat.com> >>> Signed-off-by: Jason Wang <jasowang@...hat.com> >>> --- >>> The patch was needed for 3.12 stable. >> Good catch, but if we return from receive_mergeable() in the 'middle' >> of the frags we would need for the current skb, who will >> call the virtqueue_get_buf() to flush the remaining frags ? >> >> Don't we also need to call virtqueue_get_buf() like >> >> while (--num_buf) { >> buf = virtqueue_get_buf(rq->vq, &len); >> if (!buf) >> break; >> put_page(virt_to_head_page(buf)); >> } >> >> ? >> >> > > Let me explain what worries me in your suggestion: > > struct sk_buff *nskb = alloc_skb(0, GFP_ATOMIC); > if (unlikely(!nskb)) { > head_skb->dev->stats.rx_dropped++; > return -ENOMEM; > } > > is this the failure case we are talking about? > > I think this is a symprom of a larger problem > introduced by 2613af0ed18a11d5c566a81f9a6510b73180660a, > namely that we now need to allocate memory in the > middle of processing a packet. > > > I think discarding a completely valid and well-formed > packet from the receive queue because we are unable > to allocate new memory with GFP_ATOMIC > for future packets is not a good idea. > > It certainly violates the principle of least surprize: > when one sees host pass packet to guest, one expects > the packet to get into the networking stack, not get > dropped by the driver internally. > Guest stack can do with the packet what it sees fit. > > We actually wake up a thread if we can't fill up the queue, > that will fill it up in GFP_KERNEL context. > > So I think we should find a way to pre-allocate if necessary and avoid > error paths where allocating new memory is a required to avoid drops. > The problem happens only on memory pressure, this pre-allocation may add more stress on this. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists