[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4619a067-6e54-47fd-aa8b-3397a032aae0@redhat.com>
Date: Wed, 19 Mar 2025 16:49:21 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>, netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>, David Ahern
<dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Simon Horman <horms@...nel.org>,
Willem de Bruijn <willemb@...gle.com>, steffen.klassert@...unet.com
Subject: Re: [PATCH net-next] udp_tunnel: properly deal with xfrm gro encap.
On 3/19/25 3:35 PM, Willem de Bruijn wrote:
> Paolo Abeni wrote:
>> The blamed commit below does not take in account that xfrm
>> can enable GRO over UDP encapsulation without going through
>> setup_udp_tunnel_sock().
>>
>> At deletion time such socket will still go through
>> udp_tunnel_cleanup_gro(), and the failed GRO type lookup will
>> trigger the reported warning.
>>
>> We can safely remove such warning, simply performing no action
>> on failed GRO type lookup at deletion time.
>>
>> Reported-by: syzbot+8c469a2260132cd095c1@...kaller.appspotmail.com
>> Closes: https://syzkaller.appspot.com/bug?extid=8c469a2260132cd095c1
>> Fixes: 311b36574ceac ("udp_tunnel: use static call for GRO hooks when possible")
>> Signed-off-by: Paolo Abeni <pabeni@...hat.com>
>
> Because XFRM does not call udp_tunnel_update_gro_rcv when enabling its
> UDP GRO offload, from set_xfrm_gro_udp_encap_rcv. But it does call it
> when disabling the offload, as called for all udp sockest from
> udp(v6)_destroy_sock. (Just to verify my understanding.)
Exactly.
> Not calling udp_tunnel_update_gro_rcv on add will have the unintended
> side effect of enabling the static call if one other tunnel is also
> active, breaking UDP GRO for XFRM socket, right?
Ouch, right again. I think we can/should do better.
Given syzkaller has found another splat with no reproducer on the other
UDP GRO change of mine [1] and we are almost at merge window time, I'm
considering reverting entirely such changes and re-submit later
(hopefully fixed). WDYT?
Thanks,
Paolo
[1] https://syzkaller.appspot.com/bug?extid=1fb3291cc1beeb3c315a
I *think* moving:
if (!up->tunnel_list.pprev)
from udp_tunnel_cleanup_gro() into udp_tunnel_update_gro_lookup(), under
the udp_tunnel_gro_lock spinlock should fix it, but without a repro it's
a bit risky,
Powered by blists - more mailing lists