From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Edward Cree <ecree@solarflare.com>
Cc: <netdev@vger.kernel.org>, brouer@redhat.com
Subject: Re: [net-next PATCH] net: ipv4: fix listify ip_rcv_finish in case of forwarding
Date: Wed, 11 Jul 2018 22:15:52 +0200 [thread overview]
Message-ID: <20180711221552.62f90976@redhat.com> (raw)
In-Reply-To: <539bb5cc-ceae-427d-5a74-f79d752184d9@solarflare.com>
On Wed, 11 Jul 2018 16:41:35 +0100
Edward Cree <ecree@solarflare.com> wrote:
> On 11/07/18 16:01, Jesper Dangaard Brouer wrote:
> > In commit 5fa12739a53d ("net: ipv4: listify ip_rcv_finish") calling
> > dst_input(skb) was split-out. The ip_sublist_rcv_finish() just calls
> > dst_input(skb) in a loop.
> >
> > The problem is that ip_sublist_rcv_finish() forgot to remove the SKB
> > from the list before invoking dst_input(). Further more we need to
> > clear skb->next as other parts of the network stack use another kind
> > of SKB lists for xmit_more (see dev_hard_start_xmit).
> >
> > A crash occurs if e.g. dst_input() invoke ip_forward(), which calls
> > dst_output()/ip_output() that eventually calls __dev_queue_xmit() +
> > sch_direct_xmit(), and a crash occurs in validate_xmit_skb_list().
> >
> > This patch only fixes the crash, but there is a huge potential for
> > a performance boost if we can pass an SKB-list through to ip_forward.
> >
> > Fixes: 5fa12739a53d ("net: ipv4: listify ip_rcv_finish")
> > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
> Acked-by: Edward Cree <ecree@solarflare.com>
>
> But it feels weird and asymmetric to only NULL skb->next (not ->prev), and
> to have to do this by hand rather than e.g. being able to use
> list_del_init(&skb->list). Hopefully this can be revisited once
> sch_direct_xmit() has been changed to use the list_head rather than SKB
> special lists.
I cannot use list_del_init(&skb->list) it would also break.
This is a fix, and this code should be revisited.
The reason I used the list_del() + skb->next=NULL, combo, is to keep as
much as possible of the list-poisoning, e.g. 'prev' will be LIST_POISON2.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2018-07-11 20:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-11 15:01 [net-next PATCH] net: ipv4: fix listify ip_rcv_finish in case of forwarding Jesper Dangaard Brouer
2018-07-11 15:41 ` Edward Cree
2018-07-11 20:15 ` Jesper Dangaard Brouer [this message]
2018-07-11 19:05 ` Saeed Mahameed
2018-07-11 20:06 ` Jesper Dangaard Brouer
2018-07-12 20:10 ` Or Gerlitz
2018-07-13 11:08 ` Jesper Dangaard Brouer
2018-07-13 14:19 ` Edward Cree
2018-07-13 16:04 ` Jesper Dangaard Brouer
2018-07-13 18:14 ` Eric Dumazet
2018-07-30 14:38 ` Or Gerlitz
2018-07-12 23:41 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180711221552.62f90976@redhat.com \
--to=brouer@redhat.com \
--cc=ecree@solarflare.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.