lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Feb 2022 11:10:40 -0500
From:   Soheil Hassas Yeganeh <soheil@...gle.com>
To:     Eric Dumazet <eric.dumazet@...il.com>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        netdev <netdev@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Talal Ahmad <talalahmad@...gle.com>,
        Arjun Roy <arjunroy@...gle.com>,
        Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH net] tcp: fix mem under-charging with zerocopy sendmsg()

On Tue, Feb 1, 2022 at 1:53 AM Eric Dumazet <eric.dumazet@...il.com> wrote:
>
> From: Eric Dumazet <edumazet@...gle.com>
>
> We got reports of following warning in inet_sock_destruct()
>
>         WARN_ON(sk_forward_alloc_get(sk));
>
> Whenever we add a non zero-copy fragment to a pure zerocopy skb,
> we have to anticipate that whole skb->truesize will be uncharged
> when skb is finally freed.
>
> skb->data_len is the payload length. But the memory truesize
> estimated by __zerocopy_sg_from_iter() is page aligned.
>
> Fixes: 9b65b17db723 ("net: avoid double accounting for pure zerocopy skbs")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Talal Ahmad <talalahmad@...gle.com>
> Cc: Arjun Roy <arjunroy@...gle.com>
> Cc: Soheil Hassas Yeganeh <soheil@...gle.com>
> Cc: Willem de Bruijn <willemb@...gle.com>

Acked-by: Soheil Hassas Yeganeh <soheil@...gle.com>

Nice catch! and thank you for the fix!


> ---
>  net/ipv4/tcp.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 78e81465f5f3632f54093495d2f2a064e60c7237..bdf108f544a45a2aa24bc962fb81dfd0ca1e0682 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -1322,10 +1322,13 @@ int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size)
>
>                         /* skb changing from pure zc to mixed, must charge zc */
>                         if (unlikely(skb_zcopy_pure(skb))) {
> -                               if (!sk_wmem_schedule(sk, skb->data_len))
> +                               u32 extra = skb->truesize -
> +                                           SKB_TRUESIZE(skb_end_offset(skb));
> +
> +                               if (!sk_wmem_schedule(sk, extra))
>                                         goto wait_for_space;
>
> -                               sk_mem_charge(sk, skb->data_len);
> +                               sk_mem_charge(sk, extra);
>                                 skb_shinfo(skb)->flags &= ~SKBFL_PURE_ZEROCOPY;
>                         }
>
> --
> 2.35.0.rc2.247.g8bbb082509-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ