lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAAVpQUCivp-5vNq01z3CTikX50OkeEVt=ikVa90CioqGkf9XCQ@mail.gmail.com>
Date: Tue, 2 Sep 2025 12:32:06 -0700
From: Kuniyuki Iwashima <kuniyu@...gle.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, 
	Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, 
	Stanislav Fomichev <sdf@...ichev.me>, Johannes Weiner <hannes@...xchg.org>, Michal Hocko <mhocko@...nel.org>, 
	Roman Gushchin <roman.gushchin@...ux.dev>, Shakeel Butt <shakeel.butt@...ux.dev>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	Neal Cardwell <ncardwell@...gle.com>, Willem de Bruijn <willemb@...gle.com>, 
	Mina Almasry <almasrymina@...gle.com>, Kuniyuki Iwashima <kuni1840@...il.com>, bpf@...r.kernel.org, 
	netdev@...r.kernel.org
Subject: Re: [PATCH v4 bpf-next/net 1/5] tcp: Save lock_sock() for memcg in inet_csk_accept().

On Tue, Sep 2, 2025 at 11:55 AM Martin KaFai Lau <martin.lau@...ux.dev> wrote:
>
> On 8/28/25 6:00 PM, Kuniyuki Iwashima wrote:
> > mem_cgroup_sk_alloc() is called for SCTP before __inet_accept(),
> > so I added the protocol check in __inet_accept(), but this can be
> > removed once SCTP uses sk_clone_lock().
>
> >   void __inet_accept(struct socket *sock, struct socket *newsock, struct sock *newsk)
> >   {
> > +     /* TODO: use sk_clone_lock() in SCTP and remove protocol checks */
> > +     if (mem_cgroup_sockets_enabled &&
> > +         (!IS_ENABLED(CONFIG_IP_SCTP) ||
> > +          sk_is_tcp(newsk) || sk_is_mptcp(newsk))) {
>
> Instead of protocol check, is it the same as checking
> "if (mem_cgroup_sockets_enabled && !mem_cgroup_from_sk(newsk))"

sk_memcg could be NULL when the socket is belongs to the root
memcg, and then we shouldn't call kmem_cache_charge() for SCTP.

Also, SCTP's child sockets are not supported until we convert them to
sk_clone_lock(), and I plan to do so after this series lands on net-next.

https://github.com/q2ven/linux/commits/522_sctp_sk_clone_lock/


>
> > +             gfp_t gfp = GFP_KERNEL | __GFP_NOFAIL;
> > +
> > +             mem_cgroup_sk_alloc(newsk);
> > +
> > +             if (mem_cgroup_from_sk(newsk)) {
> > +                     int amt;
> > +
> > +                     /* The socket has not been accepted yet, no need
> > +                      * to look at newsk->sk_wmem_queued.
> > +                      */
> > +                     amt = sk_mem_pages(newsk->sk_forward_alloc +
> > +                                        atomic_read(&newsk->sk_rmem_alloc));
> > +                     if (amt)
> > +                             mem_cgroup_sk_charge(newsk, amt, gfp);
> > +             }
> > +
> > +             kmem_cache_charge(newsk, gfp);
> > +     }
> > +

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ