lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Apr 2019 13:05:50 +0200
From:   Jesper Dangaard Brouer <>
To:     Jason Wang <>
Cc:     "Michael S. Tsirkin" <>,
        Toshiaki Makita <>,
        David Ahern <>,
        Toke Høiland-Jørgensen <>,
        "" <>,, John Fastabend <>
Subject: Re: virtio_net: suspicious RCU usage with xdp

On Fri, 26 Apr 2019 16:00:28 +0800
Jason Wang <> wrote:

> On 2019/4/26 上午1:41, Jesper Dangaard Brouer wrote:
> > It does sound like my commit 5d053f9da431 ("bpf: devmap prepare xdp
> > frames for bulking") introduced this issue.  I guess we can add the RCU
> > section to xdp_do_flush_map(), and then also verify that the devmap
> > (and cpumap) take-down code also have appropriate RCU sections (which
> > they should have).
> >
> > Another requirement for calling .ndo_xdp_xmit is running under NAPI
> > protection,  
> May I know the reason for this? I'm asking since if the packet was 
> redirected from tuntap, ndo_xdp_xmit()  won't be called under the 
> protection of NAPI (but bh is disabled).

There are a number of things that rely on this NAPI/softirq protection.

One is preempt-free access per-cpu struct bpf_redirect_info. Which is
at the core of the XDP and TC redirect feature.

  DEFINE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info);
  struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);

And devmap and cpumap also have per-cpu variables, that we don't use
preempt-disable around.

Another is xdp_return_frame_rx_napi() that when page_pool is active,
can store frames to be recycled directly into an array, in function
__page_pool_recycle_direct() (but as I don't trust every driver getting
this correct I've added a safe-guard in page-pool via

I guess, disable_bh is sufficient protection, as we are mostly
optimizing away a preempt-disable when accessing per-cpu variables.

Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat

Powered by blists - more mailing lists