lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00ca7beb7fe054a3ba1a36c61c1e3b1314369f11.camel@nvidia.com>
Date: Tue, 23 May 2023 16:35:16 +0000
From: Dragos Tatulea <dtatulea@...dia.com>
To: Tariq Toukan <tariqt@...dia.com>, "ttoukan.linux@...il.com"
	<ttoukan.linux@...il.com>, "jbrouer@...hat.com" <jbrouer@...hat.com>, Saeed
 Mahameed <saeedm@...dia.com>, "saeed@...nel.org" <saeed@...nel.org>,
	"linyunsheng@...wei.com" <linyunsheng@...wei.com>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>
CC: "maxtram95@...il.com" <maxtram95@...il.com>, "lorenzo@...nel.org"
	<lorenzo@...nel.org>, "alexander.duyck@...il.com"
	<alexander.duyck@...il.com>, "kheib@...hat.com" <kheib@...hat.com>,
	"ilias.apalodimas@...aro.org" <ilias.apalodimas@...aro.org>,
	"mkabat@...hat.com" <mkabat@...hat.com>, "brouer@...hat.com"
	<brouer@...hat.com>, "atzin@...hat.com" <atzin@...hat.com>,
	"fmaurer@...hat.com" <fmaurer@...hat.com>, "bpf@...r.kernel.org"
	<bpf@...r.kernel.org>, "jbenc@...hat.com" <jbenc@...hat.com>
Subject: Re: mlx5 XDP redirect leaking memory on kernel 6.3


On Tue, 2023-05-23 at 17:55 +0200, Jesper Dangaard Brouer wrote:
> 
> When the mlx5 driver runs an XDP program doing XDP_REDIRECT, then memory
> is getting leaked. Other XDP actions, like XDP_DROP, XDP_PASS and XDP_TX
> works correctly. I tested both redirecting back out same mlx5 device and
> cpumap redirect (with XDP_PASS), which both cause leaking.
> 
> After removing the XDP prog, which also cause the page_pool to be
> released by mlx5, then the leaks are visible via the page_pool periodic
> inflight reports. I have this bpftrace[1] tool that I also use to detect
> the problem faster (not waiting 60 sec for a report).
> 
>   [1] 
> https://github.com/xdp-project/xdp-project/blob/master/areas/mem/bpftrace/page_pool_track_shutdown01.bt
> 
> I've been debugging and reading through the code for a couple of days,
> but I've not found the root-cause, yet. I would appreciate new ideas
> where to look and fresh eyes on the issue.
> 
>
> To Lin, it looks like mlx5 uses PP_FLAG_PAGE_FRAG, and my current
> suspicion is that mlx5 driver doesn't fully release the bias count (hint
> see MLX5E_PAGECNT_BIAS_MAX).
> 

Thanks for the report Jesper. Incidentally I've just picked up this issue today
as well.

On XDP redirect and tx, the page is set to skip the bias counter release with
the expectation that page_pool_put_defragged_page will be called from [1]. But,
as I found out now, during XDP redirect only one fragment of the page is
released in xdp core [2]. This is where the leak is coming from.

We'll provide a fix soon.

[1]
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c#n665

[2]
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/net/core/xdp.c#n390

Thanks,
Dragos


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ