archive mirror
 help / color / mirror / Atom feed
From: Christian Eggers <>
To: Vladimir Oltean <>
Cc: Woojung Huh <>,
	Andrew Lunn <>,
	Vivien Didelot <>,
	Florian Fainelli <>,
	Microchip Linux Driver Support <>,
	"David S . Miller" <>,
	Jakub Kicinski <>, <>,
	Kurt Kanzenbach <>
Subject: Re: [PATCH net] net: dsa: ksz: fix padding size of skb
Date: Thu, 15 Oct 2020 19:58:52 +0200	[thread overview]
Message-ID: <1647199.FWNDY5eN7L@n95hx1g2> (raw)
In-Reply-To: <20201014173103.26nvgqtrpewqskg4@skbuf>

Hi Vladimir,

sorry for the delay, getting answers to all you questions seems to be 
challenging for me. Unfortunately it's about 1 year ago when I was originally 
working on this particular problem and obviously I didn't understand the full 

On Wednesday, 14 October 2020, 19:31:03 CEST, Vladimir Oltean wrote:
> On Wed, Oct 14, 2020 at 07:02:13PM +0200, Christian Eggers wrote:
> > > Otherwise said, the frame must be padded to
> > > max(skb->len, ETH_ZLEN) + tail tag length.
> > 
> > At first I thought the same when working on this. But IMHO the padding
> > must
> > only ensure the minimum required size, there is no need to pad to the
> > "real" size of the skb. The check for the tailroom above ensures that
> > enough memory for the "real" size is available.
> Yes, that's right, that's the current logic, but what's the point of
> your patch, then, if the call to __skb_put_padto is only supposed to
> ensure ETH_ZLEN length?
After checking __skb_put_padto, I realized that I didn't knew what it actually 
does. The problem in my case is, that the condition

skb_tailroom(skb) >= padlen + len

may not be met anymore after __skb_put_padto(..., skb->len + padlen, ...) 
returns. If skb has previously been cloned, __skb_put_padto() will allocate a 
copy which may have a size of equal / only slightly more than skb->len + 
padlen, which misses the full space for the tail tag. Further calls to 
skb_put() may not find enough tailroom for placing the tail tag.

> In fact, __skb_put_padto fundamentally does:
> - an extension of skb->len to the requested argument, via __skb_put
> - a zero-filling of the extra area
> So if you include the length of the tag in the call to __skb_put_padto,
> then what's the other skb_put() from ksz8795_xmit, ksz9477_xmit,
> ksz9893_xmit going to do? Aren't you increasing the frame length twice
> by the length of one tag when you are doing this?
I initially thought that __skb_put_padto() would perform some sort of 
allocation which can later be used by skb_put(). You are right that my change 
would increase the frame twice. The only reason why this worked for me was 
because the newly allocated skb had enough tailroom due to alignment.

> What problem are you actually trying to solve?
After (hopefully) understanding the important bits, I would like to solve the 
problem that after calling __skb_put_padto() there may be no tailroom for the 
tail tag.

The conditions where this can happen are quite special. You need a skb->len < 
ETH_ZLEN and the skb must be marked as cloned. One condition where this 
happens in practice is when the skb has been selected for TX time stamping in 
dsa_skb_tx_timestamp() [cloned] and L2 is used as transport for PTP [size < 
ETH_ZLEN]. But maybe cloned sk_buffs can also happen for other reasons.

I now suggest the following:
-	if (skb_tailroom(skb) >= padlen + len) {
+	if (skb_tailroom(skb) >= padlen + len && !skb_cloned(skb)) {

This would avoid allocation of a new skb in __skb_put_padto() which may be 
finally too small.

> Can you show a skb_dump(KERN_ERR, skb, true) before and after your change?

Best regards

  reply	other threads:[~2020-10-15 18:00 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-14 16:17 Christian Eggers
2020-10-14 16:47 ` Vladimir Oltean
2020-10-14 16:54   ` Vladimir Oltean
2020-10-14 17:02     ` Christian Eggers
2020-10-14 17:31       ` Vladimir Oltean
2020-10-15 17:58         ` Christian Eggers [this message]
2020-10-16  7:45           ` Kurt Kanzenbach
2020-10-16  9:00             ` Christian Eggers
2020-10-16  9:05               ` Vladimir Oltean
2020-10-16 12:44                 ` Christian Eggers
2020-10-16 15:56                   ` Vladimir Oltean
2020-10-16 18:03                     ` Jakub Kicinski
2020-10-16 18:13                       ` Vladimir Oltean
2020-10-16 18:52                         ` Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1647199.FWNDY5eN7L@n95hx1g2 \ \ \ \ \ \ \ \ \ \ \ \ \
    --subject='Re: [PATCH net] net: dsa: ksz: fix padding size of skb' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).