From: John Fastabend <john.fastabend@gmail.com>
To: Cong Wang <xiyou.wangcong@gmail.com>, netdev@vger.kernel.org
Cc: bpf@vger.kernel.org, Cong Wang <cong.wang@bytedance.com>,
John Fastabend <john.fastabend@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Jakub Sitnicki <jakub@cloudflare.com>,
Lorenz Bauer <lmb@cloudflare.com>
Subject: RE: [Patch bpf] udp: fix a memory leak in udp_read_sock()
Date: Mon, 17 May 2021 22:36:29 -0700 [thread overview]
Message-ID: <60a3525d188d9_18a5f208f5@john-XPS-13-9370.notmuch> (raw)
In-Reply-To: <20210517022322.50501-1-xiyou.wangcong@gmail.com>
Cong Wang wrote:
> From: Cong Wang <cong.wang@bytedance.com>
>
> sk_psock_verdict_recv() clones the skb and uses the clone
> afterward, so udp_read_sock() should free the original skb after
> done using it.
The clone only happens if sk_psock_verdict_recv() returns >0.
>
> Fixes: d7f571188ecf ("udp: Implement ->read_sock() for sockmap")
> Cc: John Fastabend <john.fastabend@gmail.com>
> Cc: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Jakub Sitnicki <jakub@cloudflare.com>
> Cc: Lorenz Bauer <lmb@cloudflare.com>
> Signed-off-by: Cong Wang <cong.wang@bytedance.com>
> ---
> net/ipv4/udp.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 15f5504adf5b..e31d67fd5183 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -1798,11 +1798,13 @@ int udp_read_sock(struct sock *sk, read_descriptor_t *desc,
> if (used <= 0) {
> if (!copied)
> copied = used;
> + kfree_skb(skb);
This case is different from the TCP side, if there is an error
the sockmap side will also call kfree_skb(). In TCP side we peek
the skb because we don't want to drop it. On UDP side this will
just drop data on the floor. Its not super friendly, but its
UDP so we are making the assumption this is ok? We've tried
to remove all the drop data cases from TCP it would be nice
to not drop data on UDP side if we can help it. Could we
requeue or peek the UDP skb to avoid this?
> break;
> } else if (used <= skb->len) {
> copied += used;
> }
>
> + kfree_skb(skb);
> if (!desc->count)
> break;
> }
> --
> 2.25.1
>
next prev parent reply other threads:[~2021-05-18 5:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 2:23 [Patch bpf] udp: fix a memory leak in udp_read_sock() Cong Wang
2021-05-17 16:22 ` Song Liu
2021-05-18 5:36 ` John Fastabend [this message]
2021-05-18 16:54 ` Cong Wang
2021-05-18 19:56 ` John Fastabend
2021-05-18 21:21 ` Cong Wang
2021-05-19 19:06 ` John Fastabend
2021-05-19 20:17 ` Cong Wang
2021-05-19 21:54 ` John Fastabend
2021-05-19 23:26 ` Cong Wang
2021-05-20 17:42 ` John Fastabend
2021-05-20 20:14 ` Cong Wang
2021-05-21 22:09 ` John Fastabend
2021-05-21 23:39 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60a3525d188d9_18a5f208f5@john-XPS-13-9370.notmuch \
--to=john.fastabend@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=cong.wang@bytedance.com \
--cc=daniel@iogearbox.net \
--cc=jakub@cloudflare.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).