From: Florian Westphal <fw@strlen.de>
To: Vlad Buslov <vladbu@nvidia.com>
Cc: davem@davemloft.net, kuba@kernel.org, pablo@netfilter.org,
mathew.j.martineau@linux.intel.com, matthieu.baerts@tessares.net,
steffen.klassert@secunet.com, herbert@gondor.apana.org.au,
saeedm@mellanox.com, fw@strlen.de, netdev@vger.kernel.org
Subject: Re: [PATCH net] net: zero-initialize skb extensions on allocation
Date: Mon, 24 May 2021 12:01:37 +0200 [thread overview]
Message-ID: <20210524100137.GA3194@breakpoint.cc> (raw)
In-Reply-To: <20210524061959.2349342-1-vladbu@nvidia.com>
Vlad Buslov <vladbu@nvidia.com> wrote:
> Function skb_ext_add() doesn't initialize created skb extension with any
> value and leaves it up to the user.
That was intentional.
Its unlikely that all extensions are active at the same time on same skb.
This is also the reason why the extension struct uses offset addressing
to get the extension data rather than the simpler
skb_ext {
struct sec_path sp;
struct nf_bridge_info nfbr;
...
}
So adding e.g. mptcp extension will only touch 1 cacheline instead of 3
(or more if more extensions get added in the future).
IOW, i would prefer if tc would add tc_skb_add_ext() or similar and
zero whats needed there.
> Fix the issue by changing __skb_ext_alloc() function to request
> zero-initialized memory from kmem cache. Note that skb extension allocation
> in skb_ext_maybe_cow() is not changed because newly allocated memory is
> immediately overwritten with content of old skb extension so there is no
> need to pre-initialize it.
>
> Multiple users of skb extension API have already been manually setting
> newly allocated skb extension memory to zero. Remove such code and rely on
> skb extension API instead.
Are you sure its safe?
> static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
> {
> #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
> - struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
> -
> - if (b)
> - memset(b, 0, sizeof(*b));
> -
> - return b;
> + return skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
So in the (unlikely) case where skb_ext_add did not allocate a new
extension, the memory is no longer cleared.
If the skb had an nf_bridge_info extension previously that got
discarded earlier via skb_ext_del() this now leaks the old content.
next prev parent reply other threads:[~2021-05-24 10:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-24 6:19 [PATCH net] net: zero-initialize skb extensions on allocation Vlad Buslov
2021-05-24 10:01 ` Florian Westphal [this message]
2021-05-24 11:23 ` Vlad Buslov
2021-05-24 17:13 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210524100137.GA3194@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthieu.baerts@tessares.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=saeedm@mellanox.com \
--cc=steffen.klassert@secunet.com \
--cc=vladbu@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).