From: Phi Nguyen <phind.uet@gmail.com>
To: Eric Dumazet <edumazet@google.com>
Cc: "David Miller" <davem@davemloft.net>,
"Jakub Kicinski" <kuba@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
"John Fastabend" <john.fastabend@gmail.com>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
kpsingh@kernel.org, "Antoine Tenart" <atenart@kernel.org>,
"Alexander Lobakin" <alobakin@pm.me>,
"Wei Wang" <weiwan@google.com>, "Taehee Yoo" <ap420073@gmail.com>,
"Björn Töpel" <bjorn@kernel.org>,
memxor@gmail.com, netdev <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
linux-kernel-mentees@lists.linuxfoundation.org,
syzbot+989efe781c74de1ddb54@syzkaller.appspotmail.com
Subject: Re: [PATCH] net: drop skbs in napi->rx_list when removing the napi context.
Date: Fri, 13 Aug 2021 03:17:18 +0800 [thread overview]
Message-ID: <663ac8c4-b0c3-5af6-c3c3-f371e0410a43@gmail.com> (raw)
In-Reply-To: <CANn89iLQj4Xm-6Bcygtkd5QqDzmJBDALznL8mEJrF1Fh_W32iQ@mail.gmail.com>
On 8/12/2021 3:07 PM, Eric Dumazet wrote:
> Also I object to this fix.
>
> If packets have been stored temporarily in GRO, they should be
> released at some point,
> normally at the end of a napi poll.
>
> By released, I mean that these packets should reach the upper stack,
> instead of being dropped without
> any notification.
>
> It seems a call to gro_normal_list() is missing somewhere.
>
> Can you find where ?
>
> Thanks !
> H Eric,
I think the location that should have a call to gro_normal_list() is
__netif_napi_del(). Let say, if the driver call a function that lead to
gro_normal_one(), and add a skb to the rx_list while the napi poll is
not scheduled, and the driver remove the napi context before a napi poll
could be triggered, then the added skb will be lost.
Actually, this was the first solution that I tried with syzbot (It
passed the test too).
Best regards,
Phi
WARNING: multiple messages have this Message-ID (diff)
From: Phi Nguyen <phind.uet@gmail.com>
To: Eric Dumazet <edumazet@google.com>
Cc: "Song Liu" <songliubraving@fb.com>,
"Alexander Lobakin" <alobakin@pm.me>,
syzbot+989efe781c74de1ddb54@syzkaller.appspotmail.com,
"Alexei Starovoitov" <ast@kernel.org>,
"Wei Wang" <weiwan@google.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"John Fastabend" <john.fastabend@gmail.com>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Yonghong Song" <yhs@fb.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
kpsingh@kernel.org, memxor@gmail.com,
"Jakub Kicinski" <kuba@kernel.org>,
netdev <netdev@vger.kernel.org>,
"Antoine Tenart" <atenart@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"David Miller" <davem@davemloft.net>,
"Björn Töpel" <bjorn@kernel.org>, bpf <bpf@vger.kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Taehee Yoo" <ap420073@gmail.com>
Subject: Re: [PATCH] net: drop skbs in napi->rx_list when removing the napi context.
Date: Fri, 13 Aug 2021 03:17:18 +0800 [thread overview]
Message-ID: <663ac8c4-b0c3-5af6-c3c3-f371e0410a43@gmail.com> (raw)
In-Reply-To: <CANn89iLQj4Xm-6Bcygtkd5QqDzmJBDALznL8mEJrF1Fh_W32iQ@mail.gmail.com>
On 8/12/2021 3:07 PM, Eric Dumazet wrote:
> Also I object to this fix.
>
> If packets have been stored temporarily in GRO, they should be
> released at some point,
> normally at the end of a napi poll.
>
> By released, I mean that these packets should reach the upper stack,
> instead of being dropped without
> any notification.
>
> It seems a call to gro_normal_list() is missing somewhere.
>
> Can you find where ?
>
> Thanks !
> H Eric,
I think the location that should have a call to gro_normal_list() is
__netif_napi_del(). Let say, if the driver call a function that lead to
gro_normal_one(), and add a skb to the rx_list while the napi poll is
not scheduled, and the driver remove the napi context before a napi poll
could be triggered, then the added skb will be lost.
Actually, this was the first solution that I tried with syzbot (It
passed the test too).
Best regards,
Phi
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2021-08-12 19:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-11 23:59 [PATCH] net: drop skbs in napi->rx_list when removing the napi context Nguyen Dinh Phi
2021-08-11 23:59 ` Nguyen Dinh Phi
2021-08-12 4:50 ` Hillf Danton
2021-08-12 5:19 ` [syzbot] memory leak in packet_sendmsg syzbot
2021-08-12 5:19 ` syzbot
2021-08-12 7:07 ` [PATCH] net: drop skbs in napi->rx_list when removing the napi context Eric Dumazet
2021-08-12 7:07 ` Eric Dumazet via Linux-kernel-mentees
2021-08-12 19:17 ` Phi Nguyen [this message]
2021-08-12 19:17 ` Phi Nguyen
2021-08-13 10:16 ` Eric Dumazet
2021-08-13 10:16 ` Eric Dumazet
2021-08-13 10:51 ` Nguyen Dinh Phi
2021-08-13 10:51 ` Nguyen Dinh Phi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=663ac8c4-b0c3-5af6-c3c3-f371e0410a43@gmail.com \
--to=phind.uet@gmail.com \
--cc=alobakin@pm.me \
--cc=andrii@kernel.org \
--cc=ap420073@gmail.com \
--cc=ast@kernel.org \
--cc=atenart@kernel.org \
--cc=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hawk@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=syzbot+989efe781c74de1ddb54@syzkaller.appspotmail.com \
--cc=weiwan@google.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.