[net] virtio-net: don't free skb immediately on kick failure
diff mbox series

Message ID 1395390601-13177-1-git-send-email-jasowang@redhat.com
State New, archived
Headers show
Series
  • [net] virtio-net: don't free skb immediately on kick failure
Related show

Commit Message

Jason Wang March 21, 2014, 8:30 a.m. UTC
We free the skb immediately on kick failure during xmit without detaching it
from the virtqueue. This may lead double free for the skb during
free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
let it to be freed through free_unused_bufs().

Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
("virtio_net: verify if virtqueue_kick() succeeded").

Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 drivers/net/virtio_net.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Michael S. Tsirkin March 23, 2014, 11:27 a.m. UTC | #1
On Fri, Mar 21, 2014 at 04:30:01PM +0800, Jason Wang wrote:
> We free the skb immediately on kick failure during xmit without detaching it
> from the virtqueue. This may lead double free for the skb during
> free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
> let it to be freed through free_unused_bufs().
> 
> Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
> ("virtio_net: verify if virtqueue_kick() succeeded").

It's not even obvious we want to increment fifo errors
counter.
So basically we want to ignore these errors.
In that case how about just reverting this chunk
of the patch?

Seems cleaner than adding more code.

The chunk filling in RX also seems inappropriate:
it will cause RX work to be requeued which isn't what
we wanted.

Also, what happens with virtnet_send_command?

Looks like that patch is completely wrong.

> 
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  drivers/net/virtio_net.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 5632a99..d833d38 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -882,8 +882,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
>  		if (net_ratelimit())
>  			dev_warn(&dev->dev,
>  				 "Unexpected TXQ (%d) queue failure: %d\n", qnum, err);
> -		dev->stats.tx_dropped++;
> -		kfree_skb(skb);
> +		if (err) {
> +			dev->stats.tx_dropped++;
> +			kfree_skb(skb);
> +		}
>  		return NETDEV_TX_OK;
>  	}
>  
> -- 
> 1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
Jason Wang March 24, 2014, 5:31 a.m. UTC | #2
On 03/23/2014 07:27 PM, Michael S. Tsirkin wrote:
> On Fri, Mar 21, 2014 at 04:30:01PM +0800, Jason Wang wrote:
>> We free the skb immediately on kick failure during xmit without detaching it
>> from the virtqueue. This may lead double free for the skb during
>> free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
>> let it to be freed through free_unused_bufs().
>>
>> Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
>> ("virtio_net: verify if virtqueue_kick() succeeded").
> It's not even obvious we want to increment fifo errors
> counter.
> So basically we want to ignore these errors.
> In that case how about just reverting this chunk
> of the patch?

Sure, I think it's safe to do this.
> Seems cleaner than adding more code.
>
> The chunk filling in RX also seems inappropriate:
> it will cause RX work to be requeued which isn't what
> we wanted.

True, we can also ignore the error here.
>
> Also, what happens with virtnet_send_command?

Looks ok, if vq is broken it will return error to the caller or jump out
of the busy loop.
> Looks like that patch is completely wrong.
>
>> Cc: Rusty Russell <rusty@rustcorp.com.au>
>> Cc: Michael S. Tsirkin <mst@redhat.com>
>> Cc: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>>  drivers/net/virtio_net.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
>> index 5632a99..d833d38 100644
>> --- a/drivers/net/virtio_net.c
>> +++ b/drivers/net/virtio_net.c
>> @@ -882,8 +882,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
>>  		if (net_ratelimit())
>>  			dev_warn(&dev->dev,
>>  				 "Unexpected TXQ (%d) queue failure: %d\n", qnum, err);
>> -		dev->stats.tx_dropped++;
>> -		kfree_skb(skb);
>> +		if (err) {
>> +			dev->stats.tx_dropped++;
>> +			kfree_skb(skb);
>> +		}
>>  		return NETDEV_TX_OK;
>>  	}
>>  
>> -- 
>> 1.8.3.2
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
Michael S. Tsirkin March 24, 2014, 6:27 a.m. UTC | #3
On Mon, Mar 24, 2014 at 01:31:57PM +0800, Jason Wang wrote:
> On 03/23/2014 07:27 PM, Michael S. Tsirkin wrote:
> > On Fri, Mar 21, 2014 at 04:30:01PM +0800, Jason Wang wrote:
> >> We free the skb immediately on kick failure during xmit without detaching it
> >> from the virtqueue. This may lead double free for the skb during
> >> free_unused_bufs(). This patch fixes this by not freeing it on kick failure and
> >> let it to be freed through free_unused_bufs().
> >>
> >> Fixes 67975901183799af8e93ec60e322f9e2a1940b9b
> >> ("virtio_net: verify if virtqueue_kick() succeeded").
> > It's not even obvious we want to increment fifo errors
> > counter.
> > So basically we want to ignore these errors.
> > In that case how about just reverting this chunk
> > of the patch?
> 
> Sure, I think it's safe to do this.
> > Seems cleaner than adding more code.
> >
> > The chunk filling in RX also seems inappropriate:
> > it will cause RX work to be requeued which isn't what
> > we wanted.
> 
> True, we can also ignore the error here.

So let's do that - just revert most of that commit
except the bit that breaks out of look when we submit commands.

> >
> > Also, what happens with virtnet_send_command?
> 
> Looks ok, if vq is broken it will return error to the caller or jump out
> of the busy loop.
> > Looks like that patch is completely wrong.
> >
> >> Cc: Rusty Russell <rusty@rustcorp.com.au>
> >> Cc: Michael S. Tsirkin <mst@redhat.com>
> >> Cc: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
> >> Signed-off-by: Jason Wang <jasowang@redhat.com>
> >> ---
> >>  drivers/net/virtio_net.c | 6 ++++--
> >>  1 file changed, 4 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> >> index 5632a99..d833d38 100644
> >> --- a/drivers/net/virtio_net.c
> >> +++ b/drivers/net/virtio_net.c
> >> @@ -882,8 +882,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
> >>  		if (net_ratelimit())
> >>  			dev_warn(&dev->dev,
> >>  				 "Unexpected TXQ (%d) queue failure: %d\n", qnum, err);
> >> -		dev->stats.tx_dropped++;
> >> -		kfree_skb(skb);
> >> +		if (err) {
> >> +			dev->stats.tx_dropped++;
> >> +			kfree_skb(skb);
> >> +		}
> >>  		return NETDEV_TX_OK;
> >>  	}
> >>  
> >> -- 
> >> 1.8.3.2
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Patch
diff mbox series

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 5632a99..d833d38 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -882,8 +882,10 @@  static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
 		if (net_ratelimit())
 			dev_warn(&dev->dev,
 				 "Unexpected TXQ (%d) queue failure: %d\n", qnum, err);
-		dev->stats.tx_dropped++;
-		kfree_skb(skb);
+		if (err) {
+			dev->stats.tx_dropped++;
+			kfree_skb(skb);
+		}
 		return NETDEV_TX_OK;
 	}