lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2b0606ef-71d2-cc85-98db-1e16cc63c9d2@linux.ibm.com>
Date:   Tue, 3 Nov 2020 18:36:30 +0200
From:   Julian Wiedmann <jwi@...ux.ibm.com>
To:     Vladimir Oltean <olteanv@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>
Cc:     netdev@...r.kernel.org, "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, james.jurack@...tek.com
Subject: Re: [PATCH net v2 1/2] gianfar: Replace skb_realloc_headroom with
 skb_cow_head for PTP

On 03.11.20 18:13, Vladimir Oltean wrote:
> On Thu, Oct 29, 2020 at 10:10:56AM +0200, Claudiu Manoil wrote:
>> When PTP timestamping is enabled on Tx, the controller
>> inserts the Tx timestamp at the beginning of the frame
>> buffer, between SFD and the L2 frame header.  This means
>> that the skb provided by the stack is required to have
>> enough headroom otherwise a new skb needs to be created
>> by the driver to accommodate the timestamp inserted by h/w.
>> Up until now the driver was relying on skb_realloc_headroom()
>> to create new skbs to accommodate PTP frames.  Turns out that
>> this method is not reliable in this context at least, as
>> skb_realloc_headroom() for PTP frames can cause random crashes,
>> mostly in subsequent skb_*() calls, when multiple concurrent
>> TCP streams are run at the same time with the PTP flow
>> on the same device (as seen in James' report).  I also noticed
>> that when the system is loaded by sending multiple TCP streams,
>> the driver receives cloned skbs in large numbers.
>> skb_cow_head() instead proves to be stable in this scenario,
>> and not only handles cloned skbs too but it's also more efficient
>> and widely used in other drivers.
>> The commit introducing skb_realloc_headroom in the driver
>> goes back to 2009, commit 93c1285c5d92
>> ("gianfar: reallocate skb when headroom is not enough for fcb").
>> For practical purposes I'm referencing a newer commit (from 2012)
>> that brings the code to its current structure (and fixes the PTP
>> case).
>>
>> Fixes: 9c4886e5e63b ("gianfar: Fix invalid TX frames returned on error queue when time stamping")
>> Reported-by: James Jurack <james.jurack@...tek.com>
>> Suggested-by: Jakub Kicinski <kuba@...nel.org>
>> Signed-off-by: Claudiu Manoil <claudiu.manoil@....com>
>> ---
> 
> Still crashes for me:
> 

Given the various skb modifications in its xmit path, I wonder why
gianfar doesn't clear IFF_TX_SKB_SHARING.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ