From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
To: Sabrina Dubroca <sd@queasysnail.net>
Cc: Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, Gal Pressman <gal@nvidia.com>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Radu Pirea <radu-nicolae.pirea@oss.nxp.com>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH net] Revert "net: macsec: use skb_ensure_writable_head_tail to expand the skb"
Date: Tue, 16 Jan 2024 12:45:46 -0800 [thread overview]
Message-ID: <878r4pov1b.fsf@nvidia.com> (raw)
In-Reply-To: <ZaaJ17btw2PtW-Sd@hog>
On Tue, 16 Jan, 2024 14:51:19 +0100 Sabrina Dubroca <sd@queasysnail.net> wrote:
> 2024-01-16, 11:39:35 +0100, Paolo Abeni wrote:
>> On Sun, 2024-01-14 at 09:42 -0800, Rahul Rameshbabu wrote:
>> > This reverts commit b34ab3527b9622ca4910df24ff5beed5aa66c6b5.
>> >
>> > Using skb_ensure_writable_head_tail without a call to skb_unshare causes
>> > the MACsec stack to operate on the original skb rather than a copy in the
>> > macsec_encrypt path. This causes the buffer to be exceeded in space, and
>> > leads to warnings generated by skb_put operations.
>>
>> This part of the changelog is confusing to me. It looks like the skb
>> should be uncloned under the same conditions before and after this
>> patch (and/or the reverted)??!
>
> I don't think so. The old code was doing unshare +
> expand. skb_ensure_writable_head_tail calls pskb_expand_head without
> unshare, which doesn't give us a fresh sk_buff, only takes care of the
> headroom/tailroom. Or do I need more coffee? :/
Sabrina's analysis is correct. We no longer get a fresh sk_buff with
this commit.
>
>> Possibly dev->needed_headroom/needed_tailroom values are incorrect?!?
>
> That's also possible following commit a73d8779d61a ("net: macsec:
> introduce mdo_insert_tx_tag"). Then this revert would only be hiding
> the issue.
Ah, I think that is an interesting point.
static void macsec_set_head_tail_room(struct net_device *dev)
{
struct macsec_dev *macsec = macsec_priv(dev);
struct net_device *real_dev = macsec->real_dev;
int needed_headroom, needed_tailroom;
const struct macsec_ops *ops;
ops = macsec_get_ops(macsec, NULL);
if (ops) {
This condition should really be ops && ops->mdo_insert_tx_tags. Let me
retest with this change and post back. That said, I am wondering if we
still need a fresh skb in the macsec stack or not as was done previously
with skb_unshare/skb_copy_expand or not.
needed_headroom = ops->needed_headroom;
needed_tailroom = ops->needed_tailroom;
} else {
needed_headroom = MACSEC_NEEDED_HEADROOM;
needed_tailroom = MACSEC_NEEDED_TAILROOM;
}
dev->needed_headroom = real_dev->needed_headroom + needed_headroom;
dev->needed_tailroom = real_dev->needed_tailroom + needed_tailroom;
}
--
Thanks,
Rahul Rameshbabu
next prev parent reply other threads:[~2024-01-16 20:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-14 17:42 [PATCH net] Revert "net: macsec: use skb_ensure_writable_head_tail to expand the skb" Rahul Rameshbabu
2024-01-16 10:39 ` Paolo Abeni
2024-01-16 13:51 ` Sabrina Dubroca
2024-01-16 20:45 ` Rahul Rameshbabu [this message]
2024-01-17 1:22 ` Rahul Rameshbabu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878r4pov1b.fsf@nvidia.com \
--to=rrameshbabu@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gal@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=radu-nicolae.pirea@oss.nxp.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.