From: Vlad Buslov <vladbu@nvidia.com>
To: Florian Westphal <fw@strlen.de>
Cc: <davem@davemloft.net>, <kuba@kernel.org>, <pablo@netfilter.org>,
<mathew.j.martineau@linux.intel.com>,
<matthieu.baerts@tessares.net>, <steffen.klassert@secunet.com>,
<herbert@gondor.apana.org.au>, <saeedm@mellanox.com>,
<netdev@vger.kernel.org>
Subject: Re: [PATCH net] net: zero-initialize skb extensions on allocation
Date: Mon, 24 May 2021 14:23:56 +0300 [thread overview]
Message-ID: <ygnhy2c48jeb.fsf@nvidia.com> (raw)
In-Reply-To: <20210524100137.GA3194@breakpoint.cc>
On Mon 24 May 2021 at 13:01, Florian Westphal <fw@strlen.de> wrote:
> Vlad Buslov <vladbu@nvidia.com> wrote:
>> Function skb_ext_add() doesn't initialize created skb extension with any
>> value and leaves it up to the user.
>
> That was intentional.
>
> Its unlikely that all extensions are active at the same time on same skb.
>
> This is also the reason why the extension struct uses offset addressing
> to get the extension data rather than the simpler
>
> skb_ext {
> struct sec_path sp;
> struct nf_bridge_info nfbr;
> ...
> }
>
> So adding e.g. mptcp extension will only touch 1 cacheline instead of 3
> (or more if more extensions get added in the future).
>
> IOW, i would prefer if tc would add tc_skb_add_ext() or similar and
> zero whats needed there.
Got it. Thanks for the explanation!
>
>> Fix the issue by changing __skb_ext_alloc() function to request
>> zero-initialized memory from kmem cache. Note that skb extension allocation
>> in skb_ext_maybe_cow() is not changed because newly allocated memory is
>> immediately overwritten with content of old skb extension so there is no
>> need to pre-initialize it.
>>
>> Multiple users of skb extension API have already been manually setting
>> newly allocated skb extension memory to zero. Remove such code and rely on
>> skb extension API instead.
>
> Are you sure its safe?
Apparently it is not, since you found a problem with nf_bridge_alloc :)
>
>> static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
>> {
>> #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
>> - struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
>> -
>> - if (b)
>> - memset(b, 0, sizeof(*b));
>> -
>> - return b;
>> + return skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
>
> So in the (unlikely) case where skb_ext_add did not allocate a new
> extension, the memory is no longer cleared.
>
> If the skb had an nf_bridge_info extension previously that got
> discarded earlier via skb_ext_del() this now leaks the old content.
So what would you suggest: provide a dedicated wrapper for TC skb
extension that will memset resulting extension to zero or refactor my
patch to zero-initialize specific skb extension in skb_ext_add() (only
the extension requested and also when previously discarded extension is
reused)?
next prev parent reply other threads:[~2021-05-24 11:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-24 6:19 [PATCH net] net: zero-initialize skb extensions on allocation Vlad Buslov
2021-05-24 10:01 ` Florian Westphal
2021-05-24 11:23 ` Vlad Buslov [this message]
2021-05-24 17:13 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ygnhy2c48jeb.fsf@nvidia.com \
--to=vladbu@nvidia.com \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthieu.baerts@tessares.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=saeedm@mellanox.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.