From: Cong Wang <xiyou.wangcong@gmail.com>
To: Vlad Buslov <vladbu@nvidia.com>
Cc: David Miller <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Jiri Pirko <jiri@resnulli.us>,
Saeed Mahameed <saeedm@mellanox.com>,
Florian Westphal <fw@strlen.de>, wenxu <wenxu@ucloud.cn>,
Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: [PATCH net v2] net: zero-initialize tc skb extension on allocation
Date: Tue, 25 May 2021 14:48:55 -0700 [thread overview]
Message-ID: <CAM_iQpUtGw5MO0DAWkVuHP7PU-iSkmEsBWa+SkCqiZtB3eeSoQ@mail.gmail.com> (raw)
In-Reply-To: <20210525132152.2589420-1-vladbu@nvidia.com>
On Tue, May 25, 2021 at 6:22 AM Vlad Buslov <vladbu@nvidia.com> wrote:
>
> Function skb_ext_add() doesn't initialize created skb extension with any
> value and leaves it up to the user. However, since extension of type
> TC_SKB_EXT originally contained only single value tc_skb_ext->chain its
> users used to just assign the chain value without setting whole extension
> memory to zero first. This assumption changed when TC_SKB_EXT extension was
> extended with additional fields but not all users were updated to
> initialize the new fields which leads to use of uninitialized memory
> afterwards. UBSAN log:
Hm, I thought the memset() in __skb_ext_alloc() does the job, clearly
I was wrong.
[...]
>
> Fix the issue by providing new function tc_skb_ext_alloc() that allocates
> tc skb extension and initializes its memory to 0 before returning it to the
> caller. Change all existing users to use new API instead of calling
> skb_ext_add() directly.
Just a note: struct tc_skb_ext is currently only 8-byte long, so memset()
it should not be a problem for performance.
>
> Fixes: 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct")
> Fixes: d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct")
> Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Acked-by: Cong Wang <cong.wang@bytedance.com>
Thanks.
next prev parent reply other threads:[~2021-05-25 21:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-25 13:21 [PATCH net v2] net: zero-initialize tc skb extension on allocation Vlad Buslov
2021-05-25 21:48 ` Cong Wang [this message]
2021-05-25 22:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAM_iQpUtGw5MO0DAWkVuHP7PU-iSkmEsBWa+SkCqiZtB3eeSoQ@mail.gmail.com \
--to=xiyou.wangcong@gmail.com \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=saeedm@mellanox.com \
--cc=vladbu@nvidia.com \
--cc=wenxu@ucloud.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.