lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53282d15-1e73-9aef-6384-3f76812480e6@gmail.com>
Date:   Mon, 7 Feb 2022 20:47:26 -0800
From:   David Ahern <dsahern@...il.com>
To:     Dongli Zhang <dongli.zhang@...cle.com>, netdev@...r.kernel.org,
        Eric Dumazet <edumazet@...gle.com>
Cc:     linux-kernel@...r.kernel.org, davem@...emloft.net, kuba@...nel.org,
        rostedt@...dmis.org, mingo@...hat.com, ast@...nel.org,
        daniel@...earbox.net, andrii@...nel.org, imagedong@...cent.com,
        joao.m.martins@...cle.com, joe.jin@...cle.com
Subject: Re: [PATCH 1/2] net: tap: track dropped skb via kfree_skb_reason()

On 2/7/22 7:55 PM, Dongli Zhang wrote:
> diff --git a/drivers/net/tap.c b/drivers/net/tap.c
> index 8e3a28ba6b28..232572289e63 100644
> --- a/drivers/net/tap.c
> +++ b/drivers/net/tap.c
> @@ -322,6 +322,7 @@ rx_handler_result_t tap_handle_frame(struct sk_buff **pskb)
>  	struct tap_dev *tap;
>  	struct tap_queue *q;
>  	netdev_features_t features = TAP_FEATURES;
> +	int drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;

maybe I missed an exit path, but I believe drop_reason is always set
before a goto jump, so this init is not needed.

>  
>  	tap = tap_dev_get_rcu(dev);
>  	if (!tap)
> @@ -343,12 +344,16 @@ rx_handler_result_t tap_handle_frame(struct sk_buff **pskb)
>  		struct sk_buff *segs = __skb_gso_segment(skb, features, false);
>  		struct sk_buff *next;
>  
> -		if (IS_ERR(segs))
> +		if (IS_ERR(segs)) {
> +			drop_reason = SKB_DROP_REASON_SKB_GSO_SEGMENT;

This reason points to a line of code, not the real reason for the drop.
If you unwind __skb_gso_segment the only failure there is ENOMEM. The
reason code needs to be meaningful to users, not just code references.


>  			goto drop;
> +		}
>  
>  		if (!segs) {
> -			if (ptr_ring_produce(&q->ring, skb))
> +			if (ptr_ring_produce(&q->ring, skb)) {
> +				drop_reason = SKB_DROP_REASON_PTR_FULL;

similar comment to Eric - PTR_FULL needs to be more helpful.

>  				goto drop;
> +			}
>  			goto wake_up;
>  		}
>  
> @@ -369,10 +374,14 @@ rx_handler_result_t tap_handle_frame(struct sk_buff **pskb)
>  		 */
>  		if (skb->ip_summed == CHECKSUM_PARTIAL &&
>  		    !(features & NETIF_F_CSUM_MASK) &&
> -		    skb_checksum_help(skb))
> +		    skb_checksum_help(skb)) {
> +			drop_reason = SKB_DROP_REASON_SKB_CHECKSUM;

That is not helpful explanation of the root cause; it is more of a code
reference.


>  			goto drop;
> -		if (ptr_ring_produce(&q->ring, skb))
> +		}
> +		if (ptr_ring_produce(&q->ring, skb)) {
> +			drop_reason = SKB_DROP_REASON_PTR_FULL;

ditto above comment

>  			goto drop;
> +		}
>  	}
>  
>  wake_up:
> @@ -383,7 +392,7 @@ rx_handler_result_t tap_handle_frame(struct sk_buff **pskb)
>  	/* Count errors/drops only here, thus don't care about args. */
>  	if (tap->count_rx_dropped)
>  		tap->count_rx_dropped(tap);
> -	kfree_skb(skb);
> +	kfree_skb_reason(skb, drop_reason);
>  	return RX_HANDLER_CONSUMED;
>  }
>  EXPORT_SYMBOL_GPL(tap_handle_frame);
> @@ -632,6 +641,7 @@ static ssize_t tap_get_user(struct tap_queue *q, void *msg_control,
>  	int depth;
>  	bool zerocopy = false;
>  	size_t linear;
> +	int drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
>  
>  	if (q->flags & IFF_VNET_HDR) {
>  		vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz);
> @@ -696,8 +706,10 @@ static ssize_t tap_get_user(struct tap_queue *q, void *msg_control,
>  	else
>  		err = skb_copy_datagram_from_iter(skb, 0, from, len);
>  
> -	if (err)
> +	if (err) {
> +		drop_reason = SKB_DROP_REASON_SKB_COPY_DATA;

As mentioned above, plus unwind the above functions and give a more
explicit description of why the above fails.

>  		goto err_kfree;
> +	}
>  
>  	skb_set_network_header(skb, ETH_HLEN);
>  	skb_reset_mac_header(skb);
> @@ -706,8 +718,10 @@ static ssize_t tap_get_user(struct tap_queue *q, void *msg_control,
>  	if (vnet_hdr_len) {
>  		err = virtio_net_hdr_to_skb(skb, &vnet_hdr,
>  					    tap_is_little_endian(q));
> -		if (err)
> +		if (err) {
> +			drop_reason = SKB_DROP_REASON_VIRTNET_HDR;

and here too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ