| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2021 22:03:08 +0300
From: Ilias Apalodimas <ilias.apalodimas@...aro.org>
To: Alexander Duyck <alexander.duyck@...il.com>
Cc: Yunsheng Lin <linyunsheng@...wei.com>,
David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, linuxarm@...neuler.org,
yisen.zhuang@...wei.com, Salil Mehta <salil.mehta@...wei.com>,
thomas.petazzoni@...tlin.com, Marcin Wojtas <mw@...ihalf.com>,
Russell King - ARM Linux <linux@...linux.org.uk>,
hawk@...nel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
John Fastabend <john.fastabend@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Will Deacon <will@...nel.org>,
Matthew Wilcox <willy@...radead.org>,
Vlastimil Babka <vbabka@...e.cz>, fenghua.yu@...el.com,
guro@...com, peterx@...hat.com, Feng Tang <feng.tang@...el.com>,
Jason Gunthorpe <jgg@...pe.ca>, mcroce@...rosoft.com,
Hugh Dickins <hughd@...gle.com>,
Jonathan Lemon <jonathan.lemon@...il.com>,
Alexander Lobakin <alobakin@...me>,
Willem de Bruijn <willemb@...gle.com>, wenxu@...oud.cn,
cong.wang@...edance.com, Kevin Hao <haokexin@...il.com>,
nogikh@...gle.com, Marco Elver <elver@...gle.com>,
Netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH net-next RFC 1/2] page_pool: add page recycling support
based on elevated refcnt
> > Hi, Alexander
> >
> > Thanks for detailed reviewing.
> >
Likewise!
I'll have a look on the entire conversation in a few days...
> > >
> > > So this isn't going to work with the current recycling logic. The
> > > expectation there is that we can safely unmap the entire page as soon
> > > as the reference count is greater than 1.
> >
> > Yes, the expectation is changed to we can always recycle the page
> > when the last user has dropped the refcnt that has given to it when
> > the page is not pfmemalloced.
> >
> > The above expectation is based on that the last user will always
> > call page_pool_put_full_page() in order to do the recycling or do
> > the resource cleanup(dma unmaping..etc).
> >
> > As the skb_free_head() and skb_release_data() have both checked the
> > skb->pp_recycle to call the page_pool_put_full_page() if needed, I
> > think we are safe for most case, the one case I am not so sure above
> > is the rx zero copy, which seems to also bump up the refcnt before
> > mapping the page to user space, we might need to ensure rx zero copy
> > is not the last user of the page or if it is the last user, make sure
> > it calls page_pool_put_full_page() too.
>
> Yes, but the skb->pp_recycle value is per skb, not per page. So my
> concern is that carrying around that value can be problematic as there
> are a number of possible cases where the pages might be
> unintentionally recycled. All it would take is for a packet to get
> cloned a few times and then somebody starts using pskb_expand_head and
> you would have multiple cases, possibly simultaneously, of entities
> trying to free the page. I just worry it opens us up to a number of
> possible races.
Maybe I missde something, but I thought the cloned SKBs would never trigger
the recycling path, since they are protected by the atomic dataref check in
skb_release_data(). What am I missing?
[...]
Thanks
/Ilias
Powered by blists - more mailing lists