Re: [BUG bpf-next] bpf/net: Hitting gpf when running selftests

All of lore.kernel.org
 help / color / mirror / Atom feed

From: John Fastabend <john.fastabend@gmail.com>
To: Jiri Olsa <olsajiri@gmail.com>,  Xu Kuohai <xukuohai@huawei.com>
Cc: John Fastabend <john.fastabend@gmail.com>,
	 Jiri Olsa <olsajiri@gmail.com>,
	 Alexei Starovoitov <ast@kernel.org>,
	 Daniel Borkmann <daniel@iogearbox.net>,
	 Andrii Nakryiko <andrii@kernel.org>,
	 netdev@vger.kernel.org,  bpf@vger.kernel.org,
	 Martin KaFai Lau <kafai@fb.com>,
	 Song Liu <songliubraving@fb.com>,  Yonghong Song <yhs@fb.com>,
	 KP Singh <kpsingh@chromium.org>,
	 Stanislav Fomichev <sdf@google.com>,
	 Hao Luo <haoluo@google.com>,  Hou Tao <houtao1@huawei.com>,
	 Bobby Eshleman <bobby.eshleman@bytedance.com>
Subject: Re: [BUG bpf-next] bpf/net: Hitting gpf when running selftests
Date: Fri, 01 Sep 2023 13:22:24 -0700	[thread overview]
Message-ID: <64f2480035813_346b0208f5@john.notmuch> (raw)
In-Reply-To: <ZPGvqOQBwP7vPc+l@krava>

Jiri Olsa wrote:
> On Fri, Sep 01, 2023 at 05:10:43PM +0800, Xu Kuohai wrote:
> 
> SNIP
> 
> > > > Trying to come up with some nice fix now.
> > > 
> > > Something like this it fixes the splat, but need to think if it
> > > introduces anything or some better way to do this. Basic idea
> > > is to bump user->refcnt because we have two references to the
> > > skb and want to ensure we really only kfree_skb() the skb
> > > after both references are dropped.
> > > 
> > > diff --git a/net/core/skmsg.c b/net/core/skmsg.c
> > > index a0659fc29bcc..6c31eefbd777 100644
> > > --- a/net/core/skmsg.c
> > > +++ b/net/core/skmsg.c
> > > @@ -612,12 +612,18 @@ static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb
> > >   static int sk_psock_handle_skb(struct sk_psock *psock, struct sk_buff *skb,
> > >                                 u32 off, u32 len, bool ingress)
> > >   {
> > > +       int err = 0;
> > > +
> > >          if (!ingress) {
> > >                  if (!sock_writeable(psock->sk))
> > >                          return -EAGAIN;
> > >                  return skb_send_sock(psock->sk, skb, off, len);
> > >          }
> > > -       return sk_psock_skb_ingress(psock, skb, off, len);
> > > +       skb_get(skb);
> > > +       err = sk_psock_skb_ingress(psock, skb, off, len);
> > > +       if (err < 0)
> > > +               kfree_skb(skb);
> > > +       return err;
> > >   }
> > >   static void sk_psock_skb_state(struct sk_psock *psock,
> > > @@ -685,9 +691,7 @@ static void sk_psock_backlog(struct work_struct *work)
> > >                  } while (len);
> > >                  skb = skb_dequeue(&psock->ingress_skb);
> > > -               if (!ingress) {
> > > -                       kfree_skb(skb);
> > > -               }
> > > +               kfree_skb(skb);
> > >          }
> > >   end:
> > >          mutex_unlock(&psock->work_mutex);
> > > .
> > 
> > With this fix, the crash is gone.
> 
> +1, same on my setup
> 
> jirka

Sent a patch. Add tested-by and acks if you have time. Thanks!

next prev parent reply	other threads:[~2023-09-01 20:22 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-30 18:58 [BUG bpf-next] bpf/net: Hitting gpf when running selftests Jiri Olsa
2023-08-30 21:07 ` Jiri Olsa
2023-08-31  9:46   ` Xu Kuohai
2023-08-31 15:23     ` Xu Kuohai
2023-08-31 19:19       ` John Fastabend
2023-08-31 20:20         ` John Fastabend
2023-09-01  9:10           ` Xu Kuohai
2023-09-01  9:32             ` Jiri Olsa
2023-09-01 20:22               ` John Fastabend [this message]
2023-08-31 10:52   ` Eduard Zingerman
2023-08-31 15:03     ` Eduard Zingerman
2023-08-31 15:34       ` Xu Kuohai
2023-08-31 15:43         ` Eduard Zingerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=64f2480035813_346b0208f5@john.notmuch \
    --to=john.fastabend@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bobby.eshleman@bytedance.com \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=haoluo@google.com \
    --cc=houtao1@huawei.com \
    --cc=kafai@fb.com \
    --cc=kpsingh@chromium.org \
    --cc=netdev@vger.kernel.org \
    --cc=olsajiri@gmail.com \
    --cc=sdf@google.com \
    --cc=songliubraving@fb.com \
    --cc=xukuohai@huawei.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.