Re: [RFC ] netlink: limit large vmalloc() based skbs to NETLINK_NETFILTER

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Cc: Patrick McHardy <kaber@trash.net>,
	netdev@vger.kernel.org, Dave Jones <davej@redhat.com>
Subject: Re: [RFC ] netlink: limit large vmalloc() based skbs to NETLINK_NETFILTER
Date: Wed, 3 Jul 2013 01:11:05 +0200	[thread overview]
Message-ID: <20130702231105.GA8178@localhost> (raw)
In-Reply-To: <20130702215015.GA1979@breakpoint.cc>

On Tue, Jul 02, 2013 at 11:50:15PM +0200, Sebastian Andrzej Siewior wrote:
> Since commit c05cdb1b ("netlink: allow large data transfers from
> user-space") the large skbs are allocated via vmalloc(). Trinity
> triggered this in response:
> 
> | BUG: unable to handle kernel paging request at ffffc900001bf001
> | IP: [<ffffffff8135270a>] skb_clone+0x1a/0xa0
> | Call Trace:
> |  [<ffffffff813cb107>] nl_fib_input+0x37/0x230
> |  [<ffffffff8142c9b2>] ? _raw_read_unlock+0x22/0x40
> |  [<ffffffff81380b1a>] netlink_unicast+0x13a/0x1f0
> |  [<ffffffff81380ef7>] netlink_sendmsg+0x327/0x420
> 
> The problem is that the vmalloc() based skb ends exactly at size (where
> ->end is pointing) and skb_shinfo() starts past ->end where we have our
> guard page and hence we BUG().
> The question is should we fix this or forbid the skb_clone(). Fixing this
> behaviour is tricky because even after we add space for struct
> skb_shared_info we release the memory from the destructor so once the
> first skbs is gone, the memory in the clone is invalid.
> The other case where skb_clone() is used is when we have mutltiple
> destinations.
> Since I assume the initial target was to extend the size for
> NETLINK_NETFILTER this patch limits to this target only and with single
> destination.
> Is this okay?

Did you notice this patch?

3a36515 netlink: fix splat in skb_clone with large messages

Regards.

     prev parent reply	other threads:[~2013-07-02 23:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-02 21:50 [RFC ] netlink: limit large vmalloc() based skbs to NETLINK_NETFILTER Sebastian Andrzej Siewior
2013-07-02 22:07 ` Eric Dumazet
2013-07-03  6:59   ` Sebastian Andrzej Siewior
2013-07-02 23:11 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130702231105.GA8178@localhost \
    --to=pablo@netfilter.org \
    --cc=davej@redhat.com \
    --cc=kaber@trash.net \
    --cc=netdev@vger.kernel.org \
    --cc=sebastian@breakpoint.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.