From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: Re: [PATCH net-next 3/3] udp: only use paged allocation with scatter-gather Date: Mon, 14 May 2018 16:45:46 -0700 Message-ID: <7557fc96-eb5a-56cb-28b5-a49abe8dae7c@gmail.com> References: <20180514230747.118875-1-willemdebruijn.kernel@gmail.com> <20180514230747.118875-4-willemdebruijn.kernel@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Network Development , David Miller , Willem de Bruijn To: Willem de Bruijn , Eric Dumazet Return-path: Received: from mail-pl0-f66.google.com ([209.85.160.66]:43857 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752304AbeENXps (ORCPT ); Mon, 14 May 2018 19:45:48 -0400 Received: by mail-pl0-f66.google.com with SMTP id c41-v6so3045987plj.10 for ; Mon, 14 May 2018 16:45:47 -0700 (PDT) In-Reply-To: Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 05/14/2018 04:30 PM, Willem de Bruijn wrote: > I don't quite follow. The reported crash happens in the protocol layer, > because of this check. With pagedlen we have not allocated > sufficient space for the skb_put. > > if (!(rt->dst.dev->features&NETIF_F_SG)) { > unsigned int off; > > off = skb->len; > if (getfrag(from, skb_put(skb, copy), > offset, copy, off, skb) < 0) { > __skb_trim(skb, off); > err = -EFAULT; > goto error; > } > } else { > int i = skb_shinfo(skb)->nr_frags; > > Are you referring to a separate potential issue in the gso layer? > If a bonding device advertises SG, but a slave does not, then > skb_segment on the slave should build linear segs? I have not > tested that. Given that the device attribute could change under us, we need to not crash, even if initially we thought NETIF_F_SG was available. Unless you want to hold RTNL in UDP xmit :) Ideally, GSO should be always on, as we did for TCP. Otherwise, I can guarantee syzkaller will hit again.