From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keith Busch Subject: Re: [PATCH net/jkirsher] bpf, xdp, i40e: fix i40e_build_skb skb reserve and truesize Date: Wed, 13 Jun 2018 07:30:55 -0600 Message-ID: <20180613133055.GA5331@localhost.localdomain> References: <20180613090436.4266-1-daniel@iogearbox.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: jeffrey.t.kirsher@intel.com, intel-wired-lan@lists.osuosl.org, makita.toshiaki@lab.ntt.co.jp, bjorn.topel@intel.com, john.fastabend@gmail.com, netdev@vger.kernel.org To: Daniel Borkmann Return-path: Received: from mga01.intel.com ([192.55.52.88]:4949 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935487AbeFMN2C (ORCPT ); Wed, 13 Jun 2018 09:28:02 -0400 Content-Disposition: inline In-Reply-To: <20180613090436.4266-1-daniel@iogearbox.net> Sender: netdev-owner@vger.kernel.org List-ID: On Wed, Jun 13, 2018 at 11:04:36AM +0200, Daniel Borkmann wrote: > Using skb_reserve(skb, I40E_SKB_PAD + (xdp->data - xdp->data_hard_start)) > is clearly wrong since I40E_SKB_PAD already points to the offset where > the original xdp->data was sitting since xdp->data_hard_start is defined > as xdp->data - i40e_rx_offset(rx_ring) where latter offsets to I40E_SKB_PAD > when build skb is used. > > However, also before cc5b114dcf98 ("bpf, i40e: add meta data support") > this seems broken since bpf_xdp_adjust_head() helper could have been used > to alter headroom and enlarge / shrink the frame and with that the assumption > that the xdp->data remains unchanged does not hold and would push a bogus > packet to upper stack. > > ixgbe got this right in 924708081629 ("ixgbe: add XDP support for pass and > drop actions"). In any case, fix it by removing the I40E_SKB_PAD from both > skb_reserve() and truesize calculation. > > Fixes: cc5b114dcf98 ("bpf, i40e: add meta data support") > Fixes: 0c8493d90b6b ("i40e: add XDP support for pass and drop actions") > Reported-by: Keith Busch > Reported-by: Toshiaki Makita > Signed-off-by: Daniel Borkmann > Cc: Björn Töpel > Cc: John Fastabend Thanks for the quick fix! This works for me. Tested-by: Keith Busch From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keith Busch Date: Wed, 13 Jun 2018 07:30:55 -0600 Subject: [Intel-wired-lan] [PATCH net/jkirsher] bpf, xdp, i40e: fix i40e_build_skb skb reserve and truesize In-Reply-To: <20180613090436.4266-1-daniel@iogearbox.net> References: <20180613090436.4266-1-daniel@iogearbox.net> Message-ID: <20180613133055.GA5331@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: intel-wired-lan@osuosl.org List-ID: On Wed, Jun 13, 2018 at 11:04:36AM +0200, Daniel Borkmann wrote: > Using skb_reserve(skb, I40E_SKB_PAD + (xdp->data - xdp->data_hard_start)) > is clearly wrong since I40E_SKB_PAD already points to the offset where > the original xdp->data was sitting since xdp->data_hard_start is defined > as xdp->data - i40e_rx_offset(rx_ring) where latter offsets to I40E_SKB_PAD > when build skb is used. > > However, also before cc5b114dcf98 ("bpf, i40e: add meta data support") > this seems broken since bpf_xdp_adjust_head() helper could have been used > to alter headroom and enlarge / shrink the frame and with that the assumption > that the xdp->data remains unchanged does not hold and would push a bogus > packet to upper stack. > > ixgbe got this right in 924708081629 ("ixgbe: add XDP support for pass and > drop actions"). In any case, fix it by removing the I40E_SKB_PAD from both > skb_reserve() and truesize calculation. > > Fixes: cc5b114dcf98 ("bpf, i40e: add meta data support") > Fixes: 0c8493d90b6b ("i40e: add XDP support for pass and drop actions") > Reported-by: Keith Busch > Reported-by: Toshiaki Makita > Signed-off-by: Daniel Borkmann > Cc: Bj?rn T?pel > Cc: John Fastabend Thanks for the quick fix! This works for me. Tested-by: Keith Busch