From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AD6B37BE8D; Tue, 23 Jun 2026 13:33:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782221604; cv=none; b=Yvk9CxBD65q+1vm59KtawnaNptzyaxtJoo+FoCZqIEgrG1gEoWJHSse/QJQZ5rukQj9B60+rghem25bZHB0JBxFsr6yl3jkKMuJhyoKAxQEzu9YNa8X1XYjHLuj8nuTQzeg1RGu+DuhK+Wms1XZgzJmByTRhGJ1nnvkzOhAPzV4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782221604; c=relaxed/simple; bh=BEP6i1+sb2e+Mq9DAAqy4VeUpkPVFjndVv+9FSOcd0I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AbayinEGpSCu1T74+A7y23zGxBBmx80GbERufeFIk8UthMkoT4X7I8yQ5NEODEw9dwhW37pqJKbcJoM6s3D/vLpivnLOzXdYbWraGP2hQhvDBoCSMtycbJGMl+ND9VqdhLzHGkZBIBwSRf2rEs6IGjv7uXuhxdz66gnn6x9oiVE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=PKwdpxHf; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="PKwdpxHf" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1782221603; x=1813757603; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BEP6i1+sb2e+Mq9DAAqy4VeUpkPVFjndVv+9FSOcd0I=; b=PKwdpxHfPHrBBBqIaTfBjc3rlV51Sx82S0HUNJY5eMIbz462sIv8Luud P35zrwNmOw7PjRPQoQkeuVp4LAnyV3VNI+vxcxTGgQKfFWrVeWgkU2cwJ 2nyRjQ7/73xMRpVgnKHhnbefSiHLx0aT9g4QA1O4ZkOqBMU0cc75ckWYk /yoYnjJWNRpsGHSZYamvc3pSKkzXjrHnLezXkCO6DNaefAtDCjYZbnubX lD3RjHrjPJkBGw0F2YV3336+4vDIlnMa8TFXJsO+FQEVz+uGjC3ekEjaS YMu5G7caVaTfqzTWUrmjXS2SOZb9oPHEG7Rcw/8GbRVk0V/mv/k1g4R59 w==; X-CSE-ConnectionGUID: ayvLiaPsTg2IeYmntj2cLA== X-CSE-MsgGUID: mlJZ44+ASOaBsNMfroQ+6Q== X-IronPort-AV: E=McAfee;i="6800,10657,11826"; a="83153521" X-IronPort-AV: E=Sophos;i="6.24,220,1774335600"; d="scan'208";a="83153521" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2026 06:33:23 -0700 X-CSE-ConnectionGUID: axzn2afaThmhkVGs/+XD6Q== X-CSE-MsgGUID: x5qUmB7TRPi6HQm4rHhGPw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,220,1774335600"; d="scan'208";a="251447493" Received: from boxer.igk.intel.com ([10.102.20.173]) by fmviesa004.fm.intel.com with ESMTP; 23 Jun 2026 06:33:20 -0700 From: Maciej Fijalkowski To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, magnus.karlsson@intel.com, stfomichev@gmail.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org, kerneljasonxing@gmail.com, bjorn@kernel.org, Jason Xing , Maciej Fijalkowski Subject: [PATCH net 2/7] xsk: drain continuation descs after overflow in xsk_build_skb() Date: Tue, 23 Jun 2026 15:32:35 +0200 Message-Id: <20260623133240.1048434-3-maciej.fijalkowski@intel.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20260623133240.1048434-1-maciej.fijalkowski@intel.com> References: <20260623133240.1048434-1-maciej.fijalkowski@intel.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Jason Xing When a multi-buffer packet exceeds MAX_SKB_FRAGS and triggers -EOVERFLOW, only the current descriptor is released from the TX ring. The remaining continuation descriptors of the same packet stay in the ring. Since xs->skb is set to NULL after the drop, the TX loop picks up these leftover frags and misinterprets each one as the beginning of a new packet, corrupting the packet stream. Fix this by adding a drain_cont flag to xdp_sock. When overflow occurs and the dropped descriptor has XDP_PKT_CONTD set, the flag is raised, so we have a chance to examine and handle the potential remaining descs of this big overflow'ed skb. When the last fragment (without XDP_PKT_CONTD) is processed, the flag is cleared and the loop continues to process subsequent descriptors with the remaining budget. This behavior follows how previous xmit path treats overflow packets. Closes: https://lore.kernel.org/all/20260425041726.85FB3C2BCB2@smtp.kernel.org/ Fixes: cf24f5a5feea ("xsk: add support for AF_XDP multi-buffer on Tx path") Signed-off-by: Maciej Fijalkowski # wrapped cq addr submission onto routine Signed-off-by: Jason Xing --- include/net/xdp_sock.h | 1 + net/xdp/xsk.c | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/net/xdp_sock.h b/include/net/xdp_sock.h index ebac60a3d8a1..8b51876efbed 100644 --- a/include/net/xdp_sock.h +++ b/include/net/xdp_sock.h @@ -80,6 +80,7 @@ struct xdp_sock { * call of __xsk_generic_xmit(). */ struct sk_buff *skb; + bool drain_cont; struct list_head map_list; /* Protects map_list */ diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index a7a83dc4546a..e80c035a7af5 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -737,6 +737,19 @@ static void xsk_cq_submit_addr_locked(struct xsk_buff_pool *pool, spin_unlock_irqrestore(&pool->cq_prod_lock, flags); } +static void xsk_cq_submit_addr_single_locked(struct xsk_buff_pool *pool, + struct xdp_desc *desc) +{ + unsigned long flags; + u32 idx; + + spin_lock_irqsave(&pool->cq_prod_lock, flags); + idx = xskq_get_prod(pool->cq); + xskq_prod_write_addr(pool->cq, idx, desc->addr); + xskq_prod_submit_n(pool->cq, 1); + spin_unlock_irqrestore(&pool->cq_prod_lock, flags); +} + static void xsk_cq_cancel_locked(struct xsk_buff_pool *pool, u32 n) { spin_lock(&pool->cq->cq_cached_prod_lock); @@ -1063,11 +1076,22 @@ static int __xsk_generic_xmit(struct sock *sk) goto out; } + if (unlikely(xs->drain_cont)) { + xsk_cq_submit_addr_single_locked(xs->pool, &desc); + + xs->tx->invalid_descs++; + xskq_cons_release(xs->tx); + xs->drain_cont = xp_mb_desc(&desc); + continue; + } + skb = xsk_build_skb(xs, &desc); if (IS_ERR(skb)) { err = PTR_ERR(skb); if (err != -EOVERFLOW) goto out; + if (xp_mb_desc(&desc)) + xs->drain_cont = true; err = 0; continue; } -- 2.43.0