From: Eric Dumazet <eric.duma...@gmail.com> Date: Mon, 9 Nov 2020 20:29:03 +0100
> On 11/9/20 7:26 PM, Alexander Lobakin wrote: >> From: Eric Dumazet <eric.duma...@gmail.com> >> Date: Mon, 9 Nov 2020 18:37:36 +0100 >> >>> On 11/9/20 5:56 PM, Alexander Lobakin wrote: >>>> While testing UDP GSO fraglists forwarding through driver that uses >>>> Fast GRO (via napi_gro_frags()), I was observing lots of out-of-order >>>> iperf packets: >>>> >. >>>> >>>> Since v1 [1]: >>>> - added a NULL pointer check for "uh" as suggested by Willem. >>>> >>>> [1] >>>> https://lore.kernel.org/netdev/yazu6gezbdpyzmdmwjirxdx7b4sualpdg68adzy...@cp4-web-034.plabs.ch >>>> >>>> Fixes: e20cf8d3f1f7 ("udp: implement GRO for plain UDP sockets.") >>>> Signed-off-by: Alexander Lobakin <aloba...@pm.me> >>>> --- >>>> net/ipv4/udp_offload.c | 7 ++++++- >>>> 1 file changed, 6 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c >>>> index e67a66fbf27b..7f6bd221880a 100644 >>>> --- a/net/ipv4/udp_offload.c >>>> +++ b/net/ipv4/udp_offload.c >>>> @@ -366,13 +366,18 @@ static struct sk_buff *udp4_ufo_fragment(struct >>>> sk_buff *skb, >>>> static struct sk_buff *udp_gro_receive_segment(struct list_head *head, >>>> struct sk_buff *skb) >>>> { >>>> - struct udphdr *uh = udp_hdr(skb); >>>> + struct udphdr *uh = udp_gro_udphdr(skb); >>>> struct sk_buff *pp = NULL; >>>> struct udphdr *uh2; >>>> struct sk_buff *p; >>>> unsigned int ulen; >>>> int ret = 0; >>>> >>>> + if (unlikely(!uh)) { >>> >>> How uh could be NULL here ? >>> >>> My understanding is that udp_gro_receive() is called >>> only after udp4_gro_receive() or udp6_gro_receive() >>> validated that udp_gro_udphdr(skb) was not NULL. >> >> Right, but only after udp{4,6}_lib_lookup_skb() in certain cases. >> I don't know for sure if their logic can actually edit skb->data, >> so it's better to check from my point of view. > > Not really. This would send a wrong signal to readers of this code. > > I do not think these functions can mess with GRO internals. > > This would be a nightmare, GRO is already way too complex. > > In fact these functions should use a const qualifier > for their " struct sk_buff *skb" argument to prevent future bugs. Agree, you're right. Lack of const qualifiers gave me a doubt that these functions can't edit skbs. They really should use it if they really can't. I'll omit the check in v3. > I will test and submit this patch : That would be a very nice one, thanks. > diff --git a/include/net/ip.h b/include/net/ip.h > index > 2d6b985d11ccaa75827b3a15ac3f898d7a193242..e20874059f826eb0f9e899aed556bfbc9c9d71e8 > 100644 > --- a/include/net/ip.h > +++ b/include/net/ip.h > @@ -99,7 +99,7 @@ static inline void ipcm_init_sk(struct ipcm_cookie *ipcm, > #define PKTINFO_SKB_CB(skb) ((struct in_pktinfo *)((skb)->cb)) > > /* return enslaved device index if relevant */ > -static inline int inet_sdif(struct sk_buff *skb) > +static inline int inet_sdif(const struct sk_buff *skb) > { > #if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV) > if (skb && ipv4_l3mdev_skb(IPCB(skb)->flags)) > diff --git a/include/net/udp.h b/include/net/udp.h > index > 295d52a73598277dc5071536f777d1a87e7df1d1..877832bed4713a011a514a2f6f522728c8c89e20 > 100644 > --- a/include/net/udp.h > +++ b/include/net/udp.h > @@ -164,7 +164,7 @@ static inline void udp_csum_pull_header(struct sk_buff > *skb) > UDP_SKB_CB(skb)->cscov -= sizeof(struct udphdr); > } > > -typedef struct sock *(*udp_lookup_t)(struct sk_buff *skb, __be16 sport, > +typedef struct sock *(*udp_lookup_t)(const struct sk_buff *skb, __be16 sport, > __be16 dport); > > INDIRECT_CALLABLE_DECLARE(struct sk_buff *udp4_gro_receive(struct list_head > *, > @@ -313,7 +313,7 @@ struct sock *udp4_lib_lookup(struct net *net, __be32 > saddr, __be16 sport, > struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport, > __be32 daddr, __be16 dport, int dif, int sdif, > struct udp_table *tbl, struct sk_buff *skb); > -struct sock *udp4_lib_lookup_skb(struct sk_buff *skb, > +struct sock *udp4_lib_lookup_skb(const struct sk_buff *skb, > __be16 sport, __be16 dport); > struct sock *udp6_lib_lookup(struct net *net, > const struct in6_addr *saddr, __be16 sport, > @@ -324,7 +324,7 @@ struct sock *__udp6_lib_lookup(struct net *net, > const struct in6_addr *daddr, __be16 dport, > int dif, int sdif, struct udp_table *tbl, > struct sk_buff *skb); > -struct sock *udp6_lib_lookup_skb(struct sk_buff *skb, > +struct sock *udp6_lib_lookup_skb(const struct sk_buff *skb, > __be16 sport, __be16 dport); > > /* UDP uses skb->dev_scratch to cache as much information as possible and > avoid > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c > index > 09f0a23d1a01741d335ce45f25fe70a4e00698c7..8b8dadfea6c9854e6bfaa0fabcb774db39976da3 > 100644 > --- a/net/ipv4/udp.c > +++ b/net/ipv4/udp.c > @@ -541,7 +541,7 @@ static inline struct sock *__udp4_lib_lookup_skb(struct > sk_buff *skb, > inet_sdif(skb), udptable, skb); > } > > -struct sock *udp4_lib_lookup_skb(struct sk_buff *skb, > +struct sock *udp4_lib_lookup_skb(const struct sk_buff *skb, > __be16 sport, __be16 dport) > { > const struct iphdr *iph = ip_hdr(skb); > diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c > index > 29d9691359b9c49ccb56a11f79e3658b1a76700d..adfe9ca6f516612b5aad6d6c654c7da1dd56a50e > 100644 > --- a/net/ipv6/udp.c > +++ b/net/ipv6/udp.c > @@ -276,7 +276,7 @@ static struct sock *__udp6_lib_lookup_skb(struct sk_buff > *skb, > inet6_sdif(skb), udptable, skb); > } > > -struct sock *udp6_lib_lookup_skb(struct sk_buff *skb, > +struct sock *udp6_lib_lookup_skb(const struct sk_buff *skb, > __be16 sport, __be16 dport) > { > const struct ipv6hdr *iph = ipv6_hdr(skb); > Al
