From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Jamal Hadi Salim <jhs@mojatatu.com>,
Davide Caratti <dcaratti@redhat.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
Rajat Gupta <rajat.gupta@oss.qualcomm.com>,
netdev@vger.kernel.org, davem@davemloft.net, edumazet@google.com,
pabeni@redhat.com, horms@kernel.org, jiri@resnulli.us,
yimingqian591@gmail.com, keenanat2000@gmail.com,
2045gemini@gmail.com, rollkingzzc@gmail.com
Subject: Re: [PATCH net] net/sched: fix pedit partial COW leading to page cache corruption
Date: Fri, 22 May 2026 14:00:55 +0200 [thread overview]
Message-ID: <87tsrzodqg.fsf@toke.dk> (raw)
In-Reply-To: <CAM0EoMkANSFw7AxAX3opcnJhzd_qchosW8nFVfWV8wEkdL9R9Q@mail.gmail.com>
Jamal Hadi Salim <jhs@mojatatu.com> writes:
> On Thu, May 21, 2026 at 11:51 AM Davide Caratti <dcaratti@redhat.com> wrote:
>>
>> On Thu, May 21, 2026 at 4:59 PM Jakub Kicinski <kuba@kernel.org> wrote:
>> >
>> > On Thu, 21 May 2026 06:15:17 -0400 Jamal Hadi Salim wrote:
>> > > > This is the same claim as sashiko1 but sashiko2 gave a much more
>> > > > convincing description ;->
>> > > > skb_has_shared_frag() is only true if the frags are flagged as
>> > > > SKBFL_SHARED_FRAG (which is what the repro did); however, if we get
>> > > > frags from eg a driver on ingress and that skb gets cloned with frags
>> > > > we won't catch it.
>> > > > One approach is to do an if (skb_has_any_shared_frags(skb)) and then
>> > > > do a skb_linearize_cow() but that sounds like overkill.
>> > >
>> > > Yeah, this would be overkill - imagine running tcpdump 100% will be cloned
>> > >
>> > > > Another which will make the patch even uglier (but less expensive) is
>> > > > to add an extra check insde the patch's "if (write_offset < 0)"
>> > > > to do: if (write_offset + (int)sizeof(hdata) > 0) { skb_ensure_writable()}
>> > > >
>> > >
>> > > To be precise, something like attached (untested, uncompiled)
>>
>> hi Jamal,
>>
>> I tested Rajat's patch with your latest addition; it compiles and passes with the same subset of tests ran earlier by Toke.
>> Agree some follow-ups can be done (e.g. removing the hint, and maybe another smaller thing not yet detected by Sashiko) but AFAICT you can add my Reviewed-by: when sending v2.
>>
>
> Thanks Davide. And a Tested-by as well? I guess the same goes for
> Toke.
Applied your hunk on top Rajat's patch and re-ran the tests. So feel
free to apply my reviewed-by and tested-by to the combination on
resubmit :)
-Toke
next prev parent reply other threads:[~2026-05-22 12:00 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 1:30 [PATCH net] net/sched: fix pedit partial COW leading to page cache Rajat Gupta
2026-05-18 13:10 ` Han Guidong
2026-05-18 13:31 ` Jamal Hadi Salim
2026-05-19 3:39 ` [PATCH net] net/sched: fix pedit partial COW leading to page cache corruption Rajat Gupta
2026-05-19 11:18 ` Toke Høiland-Jørgensen
2026-05-19 15:10 ` Han Guidong
2026-05-20 9:12 ` Jamal Hadi Salim
2026-05-20 10:04 ` Han Guidong
2026-05-20 10:36 ` Han Guidong
2026-05-20 11:40 ` Jamal Hadi Salim
2026-05-20 9:23 ` Jamal Hadi Salim
2026-05-20 20:00 ` Jamal Hadi Salim
2026-05-21 9:53 ` Jamal Hadi Salim
2026-05-21 10:15 ` Jamal Hadi Salim
2026-05-21 14:35 ` Jakub Kicinski
2026-05-21 15:16 ` Jamal Hadi Salim
2026-05-21 15:46 ` Jakub Kicinski
2026-05-22 11:47 ` Jamal Hadi Salim
2026-05-22 15:46 ` Jakub Kicinski
2026-05-22 16:37 ` Jamal Hadi Salim
2026-05-22 17:01 ` Jamal Hadi Salim
2026-05-23 0:55 ` Jakub Kicinski
2026-05-23 12:07 ` Jamal Hadi Salim
2026-05-23 12:13 ` Jamal Hadi Salim
2026-05-23 16:46 ` Jakub Kicinski
2026-05-23 16:57 ` Jamal Hadi Salim
2026-05-25 15:39 ` Jakub Kicinski
2026-05-25 16:22 ` Jamal Hadi Salim
2026-05-25 17:34 ` Jakub Kicinski
2026-05-25 19:03 ` Jamal Hadi Salim
2026-05-26 2:06 ` Rajat Gupta
2026-05-26 9:48 ` David Laight
2026-05-26 11:57 ` Jamal Hadi Salim
2026-05-26 13:08 ` David Laight
2026-05-26 14:22 ` Jamal Hadi Salim
[not found] ` <CAKa-r6soz=iMBiYG0Grhhc12yhdw9vMNV+XjjEPCmtgKK6+rhA@mail.gmail.com>
2026-05-21 15:56 ` Jakub Kicinski
2026-05-22 11:49 ` Jamal Hadi Salim
2026-05-22 12:00 ` Toke Høiland-Jørgensen [this message]
2026-05-22 14:49 ` Davide Caratti
2026-05-22 7:49 ` Han Guidong
2026-05-26 9:53 ` David Laight
2026-05-26 12:01 ` Jamal Hadi Salim
2026-05-26 12:47 ` David Laight
2026-05-26 12:48 ` Jamal Hadi Salim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tsrzodqg.fsf@toke.dk \
--to=toke@toke.dk \
--cc=2045gemini@gmail.com \
--cc=davem@davemloft.net \
--cc=dcaratti@redhat.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=keenanat2000@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rajat.gupta@oss.qualcomm.com \
--cc=rollkingzzc@gmail.com \
--cc=yimingqian591@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.