From: Mina Almasry <almasrymina@google.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, kvm@vger.kernel.org,
virtualization@lists.linux.dev, linux-kselftest@vger.kernel.org,
"Donald Hunter" <donald.hunter@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Andrew Lunn" <andrew+netdev@lunn.ch>,
"Jeroen de Borst" <jeroendb@google.com>,
"Harshitha Ramamurthy" <hramamurthy@google.com>,
"Kuniyuki Iwashima" <kuniyu@amazon.com>,
"Willem de Bruijn" <willemb@google.com>,
"David Ahern" <dsahern@kernel.org>,
"Neal Cardwell" <ncardwell@google.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Xuan Zhuo" <xuanzhuo@linux.alibaba.com>,
"Eugenio Pérez" <eperezma@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Shuah Khan" <shuah@kernel.org>,
sdf@fomichev.me, asml.silence@gmail.com, dw@davidwei.uk,
"Jamal Hadi Salim" <jhs@mojatatu.com>,
"Victor Nogueira" <victor@mojatatu.com>,
"Pedro Tammela" <pctammela@mojatatu.com>,
"Samiullah Khawaja" <skhawaja@google.com>
Subject: Re: [PATCH net-next v6 7/8] net: check for driver support in netmem TX
Date: Mon, 3 Mar 2025 19:53:44 -0800 [thread overview]
Message-ID: <CAHS8izOJfSCM+qZ=npPOK3kwuA1pyGHrPo73brRq2VXg8G450g@mail.gmail.com> (raw)
In-Reply-To: <20250303162901.7fa57cd0@kernel.org>
On Mon, Mar 3, 2025 at 4:29 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Fri, 28 Feb 2025 17:53:24 -0800 Mina Almasry wrote:
> > On Fri, Feb 28, 2025 at 4:43 PM Jakub Kicinski <kuba@kernel.org> wrote:
> > > On Thu, 27 Feb 2025 04:12:08 +0000 Mina Almasry wrote:
> > > > + if (!skb_frags_readable(skb) && !dev->netmem_tx)
> > >
> > > How do you know it's for _this_ device tho?
> >
> > Maybe a noob question, but how do we end up here with an skb that is
> > not targeted for the 'dev' device? We are checking in
> > tcp_sendmsg_locked that we're targeting the appropriate device before
> > creating the skb. Is this about a packet arriving on a dmabuf bound to
> > a device and then being forwarded through another device that doesn't
> > own the mapping, bypassing the check?
>
> Forwarded or just redirected by nft/bpf/tc
>
> > > The driver doesn't seem to check the DMA mapping belongs to it either.
> > >
> > > Remind me, how do we prevent the unreadable skbs from getting into the
> > > Tx path today?
> >
> > I'm not sure if this is about forwarding, or if there is some other
> > way for unreadable skbs to end up in the XT path that you have in
> > mind. At some point in this thread[1] we had talked about preventing
> > MP bound devices from being lower devices at all to side step this
> > entirely but you mentioned that may not be enough, and we ended up
> > sidestepping only XDP entirely.
> >
> > [1] https://lore.kernel.org/bpf/20240821153049.7dc983db@kernel.org/
>
> Upper devices and BPF access is covered I think, by the skbuff checks.
> But I think we missed adding a check in validate_xmit_skb() to protect
> the xmit paths of HW|virt drivers. You can try to add a TC rule which
> forwards all traffic from your devmem flow back out to the device and
> see if it crashes on net-next ?
No crash, but by adding debug logs I'm detecting that we're passing
unreadable netmem dma-addresses to the dma_unmap_*() APIs, which is
known to be unsafe. I just can't reproduce an issue because my
platform has the IOMMU disabled.
I guess I do need to send the hunk from validate_xmit_skb() as a fix
to net and CC stable.
Another thing I'm worried about is ip_forward() inserting an
unreadable skb into the tx path somewhere higher up the stack which
calls more code that isn't expecting unreadable skbs? Specifically
worried about skb_frag_ref/unref. Does this sound like a concern as
well? Or is it a similar code path to tc?
--
Thanks,
Mina
next prev parent reply other threads:[~2025-03-04 3:53 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-27 4:12 [PATCH net-next v6 0/8] Device memory TCP TX Mina Almasry
2025-02-27 4:12 ` [PATCH net-next v6 1/8] net: add get_netmem/put_netmem support Mina Almasry
2025-03-01 0:38 ` Jakub Kicinski
2025-03-01 1:29 ` Mina Almasry
2025-03-04 0:20 ` Jakub Kicinski
2025-03-05 1:39 ` Mina Almasry
2025-03-06 21:40 ` Jakub Kicinski
2025-03-06 22:44 ` Mina Almasry
2025-03-06 23:02 ` Jakub Kicinski
2025-03-06 23:22 ` Willem de Bruijn
2025-02-27 4:12 ` [PATCH net-next v6 2/8] net: devmem: TCP tx netlink api Mina Almasry
2025-02-27 4:12 ` [PATCH net-next v6 3/8] net: devmem: Implement TX path Mina Almasry
2025-03-04 20:44 ` Pranjal Shrivastava
2025-02-27 4:12 ` [PATCH net-next v6 4/8] net: add devmem TCP TX documentation Mina Almasry
2025-02-27 7:59 ` Bagas Sanjaya
2025-02-27 4:12 ` [PATCH net-next v6 5/8] net: enable driver support for netmem TX Mina Almasry
2025-02-27 4:12 ` [PATCH net-next v6 6/8] gve: add netmem TX support to GVE DQO-RDA mode Mina Almasry
2025-02-27 4:12 ` [PATCH net-next v6 7/8] net: check for driver support in netmem TX Mina Almasry
2025-03-01 0:43 ` Jakub Kicinski
2025-03-01 1:53 ` Mina Almasry
2025-03-04 0:29 ` Jakub Kicinski
2025-03-04 3:53 ` Mina Almasry [this message]
2025-03-05 0:17 ` Jakub Kicinski
2025-02-27 4:12 ` [PATCH net-next v6 8/8] selftests: ncdevmem: Implement devmem TCP TX Mina Almasry
2025-02-28 14:25 ` [PATCH net-next v6 0/8] Device memory " Lei Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHS8izOJfSCM+qZ=npPOK3kwuA1pyGHrPo73brRq2VXg8G450g@mail.gmail.com' \
--to=almasrymina@google.com \
--cc=andrew+netdev@lunn.ch \
--cc=asml.silence@gmail.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=dsahern@kernel.org \
--cc=dw@davidwei.uk \
--cc=edumazet@google.com \
--cc=eperezma@redhat.com \
--cc=horms@kernel.org \
--cc=hramamurthy@google.com \
--cc=jasowang@redhat.com \
--cc=jeroendb@google.com \
--cc=jhs@mojatatu.com \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mst@redhat.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pctammela@mojatatu.com \
--cc=sdf@fomichev.me \
--cc=sgarzare@redhat.com \
--cc=shuah@kernel.org \
--cc=skhawaja@google.com \
--cc=stefanha@redhat.com \
--cc=victor@mojatatu.com \
--cc=virtualization@lists.linux.dev \
--cc=willemb@google.com \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).