lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Apr 2019 11:06:56 +0800 From: Jason Wang <jasowang@...hat.com> To: Jesper Dangaard Brouer <brouer@...hat.com> Cc: "Michael S. Tsirkin" <mst@...hat.com>, Toshiaki Makita <makita.toshiaki@....ntt.co.jp>, David Ahern <dsahern@...il.com>, Toke Høiland-Jørgensen <toke@...e.dk>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, John Fastabend <john.fastabend@...il.com> Subject: Re: virtio_net: suspicious RCU usage with xdp On 2019/4/26 下午7:05, Jesper Dangaard Brouer wrote: > On Fri, 26 Apr 2019 16:00:28 +0800 > Jason Wang <jasowang@...hat.com> wrote: > >> On 2019/4/26 上午1:41, Jesper Dangaard Brouer wrote: >>> It does sound like my commit 5d053f9da431 ("bpf: devmap prepare xdp >>> frames for bulking") introduced this issue. I guess we can add the RCU >>> section to xdp_do_flush_map(), and then also verify that the devmap >>> (and cpumap) take-down code also have appropriate RCU sections (which >>> they should have). >>> >>> Another requirement for calling .ndo_xdp_xmit is running under NAPI >>> protection, >> >> May I know the reason for this? I'm asking since if the packet was >> redirected from tuntap, ndo_xdp_xmit() won't be called under the >> protection of NAPI (but bh is disabled). > There are a number of things that rely on this NAPI/softirq protection. > > One is preempt-free access per-cpu struct bpf_redirect_info. Which is > at the core of the XDP and TC redirect feature. > > DEFINE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info); > EXPORT_PER_CPU_SYMBOL_GPL(bpf_redirect_info); > struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); > > And devmap and cpumap also have per-cpu variables, that we don't use > preempt-disable around. > > Another is xdp_return_frame_rx_napi() that when page_pool is active, > can store frames to be recycled directly into an array, in function > __page_pool_recycle_direct() (but as I don't trust every driver getting > this correct I've added a safe-guard in page-pool via > in_serving_softirq(). I see, if I want to use page pool for tap for VM2VM traffic, this probably means I can only recycle through ptr_ring. > > I guess, disable_bh is sufficient protection, as we are mostly > optimizing away a preempt-disable when accessing per-cpu variables. > Yes, that's what I want for confirm. Thanks
Powered by blists - more mailing lists