在 2021/4/27 上午10:46, Xuan Zhuo 写道:
On Tue, 20 Apr 2021 10:41:03 +0800, Jason Wang wrote:
Btw, since the patch modifies a critical path of virtio-net I suggest to
test the following cases:
1) netperf TCP stream
2) netperf UDP with packet size from 64 to PAGE_SIZE
3) XDP_PASS with 1)
4)
On Thu, Apr 22, 2021 at 08:12:31PM +0800, Xuan Zhuo wrote:
> Thank you very much for reporting this problem. Can you try this patch? Of
> course, it also includes two patches from eric.
>
> af39c8f72301 virtio-net: fix use-after-free in page_to_skb()
> f5d7872a8b8a virtio-net: restrict
On Fri, Apr 16, 2021 at 05:16:15PM +0800, Xuan Zhuo wrote:
> In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
> can use build_skb to create skb directly. No need to alloc for
> additional space. And it can save a 'frags slot', which is very friendly
> to GRO.
>
> Here, if
在 2021/4/20 下午8:35, Xuan Zhuo 写道:
I realize this has been merged to net-next already, but I'm getting a
use-after-free with KASAN in page_to_skb() with this patch. Reverting this
change fixes the UAF. I've included the KASAN dump below, and a couple of
comments inline.
I think something went
On 4/16/21 11:16 AM, Xuan Zhuo wrote:
> In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
> can use build_skb to create skb directly. No need to alloc for
> additional space. And it can save a 'frags slot', which is very friendly
> to GRO.
>
> Here, if the payload of the
在 2021/4/20 上午12:48, David Ahern 写道:
On 4/16/21 2:16 AM, Xuan Zhuo wrote:
In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
can use build_skb to create skb directly. No need to alloc for
additional space. And it can save a 'frags slot', which is very friendly
to GRO.
在 2021/4/20 上午10:38, Jason Wang 写道:
:
+ /* hdr_valid means no XDP, so we can copy the vnet header */
+ if (hdr_valid) {
+ hdr = skb_vnet_hdr(skb);
+ memcpy(hdr, hdr_p, hdr_len);
and hdr_p is dereferenced here.
Right, I tend to recover the way to copy hdr and set meta
在 2021/4/20 上午7:29, Mat Martineau 写道:
On Fri, 16 Apr 2021, Xuan Zhuo wrote:
In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
can use build_skb to create skb directly. No need to alloc for
additional space. And it can save a 'frags slot', which is very friendly
to GRO.
On 4/16/21 2:16 AM, Xuan Zhuo wrote:
> In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
> can use build_skb to create skb directly. No need to alloc for
> additional space. And it can save a 'frags slot', which is very friendly
> to GRO.
>
> Here, if the payload of the
在 2021/4/16 下午5:16, Xuan Zhuo 写道:
In page_to_skb(), if we have enough tailroom to save skb_shared_info, we
can use build_skb to create skb directly. No need to alloc for
additional space. And it can save a 'frags slot', which is very friendly
to GRO.
Here, if the payload of the received
10 matches
Mail list logo
