From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.toke.dk (mail.toke.dk [45.145.95.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 490CB36EAAB for ; Fri, 22 May 2026 12:00:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.145.95.4 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779451260; cv=none; b=ZwAX/dyHp2GJowwlJnwQcWcK3J7RbsUA08LuC0O/zrZQ+3OPasHpxB5z+ZB0S4Bz2Qroc2t6ndrFCTXhlROaktYOcnBhVthV3xeTFBFvysqBT9GlE6ckyfe5syh5kId4dblXBi0p8pKlFjmOl3CATrsbaNmzf7sxiN7wfh/ThTk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779451260; c=relaxed/simple; bh=/VL+cC9uB4nBLYJv72fsewmofAzMA0cQjn/ppSOQa+k=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=a2yYvf/0QwF6KheeJCD3M7gxxTMa9a5IuTwQeoo+WYEBpUw6fvXkCxWmbkZQE68fvAO0A6brcsXUrkQeqr7QrCh9O7krpGf/U0XwzYq1YKTQi86d6qx3Dxqt3YYCsEtSqHGH5q0CruSd+VxUINvYzekNUJgL6DmPSSn7sGWmjfE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=toke.dk; spf=pass smtp.mailfrom=toke.dk; arc=none smtp.client-ip=45.145.95.4 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=toke.dk Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=toke.dk From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= Authentication-Results: mail.toke.dk; dkim=none To: Jamal Hadi Salim , Davide Caratti Cc: Jakub Kicinski , Rajat Gupta , netdev@vger.kernel.org, davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, horms@kernel.org, jiri@resnulli.us, yimingqian591@gmail.com, keenanat2000@gmail.com, 2045gemini@gmail.com, rollkingzzc@gmail.com Subject: Re: [PATCH net] net/sched: fix pedit partial COW leading to page cache corruption In-Reply-To: References: <20260519033950.2037-1-rajat.gupta@oss.qualcomm.com> <20260521073526.793d30c3@kernel.org> Date: Fri, 22 May 2026 14:00:55 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87tsrzodqg.fsf@toke.dk> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Jamal Hadi Salim writes: > On Thu, May 21, 2026 at 11:51=E2=80=AFAM Davide Caratti wrote: >> >> On Thu, May 21, 2026 at 4:59=E2=80=AFPM Jakub Kicinski = wrote: >> > >> > On Thu, 21 May 2026 06:15:17 -0400 Jamal Hadi Salim wrote: >> > > > This is the same claim as sashiko1 but sashiko2 gave a much more >> > > > convincing description ;-> >> > > > skb_has_shared_frag() is only true if the frags are flagged as >> > > > SKBFL_SHARED_FRAG (which is what the repro did); however, if we get >> > > > frags from eg a driver on ingress and that skb gets cloned with fr= ags >> > > > we won't catch it. >> > > > One approach is to do an if (skb_has_any_shared_frags(skb)) and th= en >> > > > do a skb_linearize_cow() but that sounds like overkill. >> > > >> > > Yeah, this would be overkill - imagine running tcpdump 100% will be = cloned >> > > >> > > > Another which will make the patch even uglier (but less expensive)= is >> > > > to add an extra check insde the patch's "if (write_offset < 0)" >> > > > to do: if (write_offset + (int)sizeof(hdata) > 0) { skb_ensure_wr= itable()} >> > > > >> > > >> > > To be precise, something like attached (untested, uncompiled) >> >> hi Jamal, >> >> I tested Rajat's patch with your latest addition; it compiles and passes= with the same subset of tests ran earlier by Toke. >> Agree some follow-ups can be done (e.g. removing the hint, and maybe ano= ther smaller thing not yet detected by Sashiko) but AFAICT you can add my R= eviewed-by: when sending v2. >> > > Thanks Davide. And a Tested-by as well? I guess the same goes for > Toke. Applied your hunk on top Rajat's patch and re-ran the tests. So feel free to apply my reviewed-by and tested-by to the combination on resubmit :) -Toke