Re: [PATCH net v2] xfrm: esp: avoid in-place decrypt on shared skb frags

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: Hyunwoo Kim <imv4bel@gmail.com>
Cc: HexRabbit <h3xrabbit@gmail.com>, <netdev@vger.kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Simon Horman <horms@kernel.org>,
	"David S . Miller" <davem@davemloft.net>,
	David Ahern <dsahern@kernel.org>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Ido Schimmel <idosch@nvidia.com>, <linux-kernel@vger.kernel.org>,
	<stable@vger.kernel.org>
Subject: Re: [PATCH net v2] xfrm: esp: avoid in-place decrypt on shared skb frags
Date: Mon, 4 May 2026 20:47:04 +0200	[thread overview]
Message-ID: <afjpqNXYFVfZjQl5@secunet.com> (raw)
In-Reply-To: <afje62FxYMuTUpSb@v4bel>

On Tue, May 05, 2026 at 03:01:15AM +0900, Hyunwoo Kim wrote:
> On Mon, May 04, 2026 at 11:27:12PM +0800, HexRabbit wrote:
> > From: Kuan-Ting Chen <h3xrabbit@gmail.com>
> > 
> > MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
> > marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),
> > so later paths that may modify packet data can first make a private
> > copy. The IPv4/IPv6 datagram append paths did not set this flag when
> > splicing pages into UDP skbs.
> > 
> > That leaves an ESP-in-UDP packet made from shared pipe pages looking
> > like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW
> > fast path for uncloned skbs without a frag_list and decrypts in place
> > over data that is not owned privately by the skb.
> > 
> > Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching
> > TCP. Also make ESP input fall back to skb_cow_data() when the flag is
> > present, so ESP does not decrypt externally backed frags in place.
> > Private nonlinear skb frags still use the existing fast path.
> > 
> > This intentionally does not change ESP output. In esp_output_head(),
> > the path that appends the ESP trailer to existing skb tailroom without
> > calling skb_cow_data() is not reachable for nonlinear skbs:
> > skb_tailroom() returns zero when skb->data_len is nonzero, while ESP
> > tailen is positive. Thus ESP output will either use the separate
> > destination-frag path or fall back to skb_cow_data().
> > 
> > Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
> > Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
> > Fixes: 7da0dde68486 ("ip, udp: Support MSG_SPLICE_PAGES")
> > Fixes: 6d8192bd69bb ("ip6, udp6: Support MSG_SPLICE_PAGES")
> > Reported-by: Hyunwoo Kim <imv4bel@gmail.com>
> > Reported-by: Kuan-Ting Chen <h3xrabbit@gmail.com>
> 
> I dynamically tested this patch and confirm it resolves the
> issue. Clean work.

Feel free to add a Tested-by: tag.

> One correction request before merge -- please drop the
> second Reported-by tag (your own) from the trailer.
> 
> The report and patch for this issue were already posted on
> the public netdev ML 6 days ago, i.e., the bug was already
> publicly reported:
> 
>   https://lore.kernel.org/all/afLDKSvAvMwGh7Fy@v4bel/
> 
> Credit for patch authorship is adequately covered by
> Signed-off-by alone. Setting aside that your work proceeded
> independently rather than as a review of my earlier
> submission, the trailer should conform to convention to
> avoid future misunderstanding.

The issue was reported independently, so both Reported-by tags
are valid. But indeed the Signed-off-by tag should cover the
second one. I've applied it to the testing branch of the ipsec
tree to make it available to our test systems. I can still fix
the tags on request, no need for a v3.

> No objections to the patch itself.

Thanks a lot for your effort!

next prev parent reply	other threads:[~2026-05-04 18:47 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-04 15:27 [PATCH net v2] xfrm: esp: avoid in-place decrypt on shared skb frags HexRabbit
2026-05-04 18:01 ` Hyunwoo Kim
2026-05-04 18:47   ` Steffen Klassert [this message]
2026-05-04 18:55     ` Hyunwoo Kim
2026-05-05  2:49       ` Hex Rabbit
2026-05-05  5:42         ` Steffen Klassert
2026-05-05 17:26           ` Hex Rabbit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=afjpqNXYFVfZjQl5@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=h3xrabbit@gmail.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horms@kernel.org \
    --cc=idosch@nvidia.com \
    --cc=imv4bel@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.