[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] BUG in xennet_make_frags with paged skb data

To: netdev@xxxxxxxxxxxxxxx, "David S. Miller" <davem@xxxxxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Stefan Bader <stefan.bader@xxxxxxxxxxxxx>, Jay Vosburgh <jay.vosburgh@xxxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Zoltan Kiss <zoltan.kiss@xxxxxxxxxx>
Date: Fri, 07 Nov 2014 09:25:39 +0000
Delivery-date: Fri, 07 Nov 2014 09:26:14 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi,

AFAIK in this scenario your skb frag is wrong. The page pointer shouldpoint to the original compound page (not a member of it), and offsetshould be set accordingly.For example, if your compound page is 16K (4 page), then the pagepointer should point to the first page, and if the data starts at the3rd page, then offset should be >8K


Zoli

On 06/11/14 21:49, Seth Forshee wrote:

We've had several reports of hitting the following BUG_ON in
xennet_make_frags with 3.2 and 3.13 kernels (I'm currently awaiting
results of testing with 3.17):

         /* Grant backend access to each skb fragment page. */
         for (i = 0; i < frags; i++) {
                 skb_frag_t *frag = skb_shinfo(skb)->frags + i;
                 struct page *page = skb_frag_page(frag);

                 len = skb_frag_size(frag);
                 offset = frag->page_offset;

                 /* Data must not cross a page boundary. */
                 BUG_ON(len + offset > PAGE_SIZE<<compound_order(page));

When this happens the page in question is a "middle" page in a compound
page (i.e. it's a tail page but not the last tail page), and the data is
fully contained within the compound page. The data does however cross
the hardware page boundary, and since compound_order evaluates to 0 for
tail pages the check fails.

In going over this I've been unable to determine whether the BUG_ON in
xennet_make_frags is incorrect or the paged skb data is wrong. I can't
find that it's documented anywhere, and the networking code itself is a
bit ambiguous when it comes to compound pages. On the one hand
__skb_fill_page_desc specifically handles adding tail pages as paged
data, but on the other hand skb_copy_bits kmaps frag->page.p which could
fail with data that extends into another page.

Can anyone explain what the rules are here? My best guess based on
skb_copy_bits is that paged data should never cross the hardware page
boundary, but I'm not really sure how all of this works out when dealing
with compound pages.

Thanks,
Seth

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] BUG in xennet_make_frags with paged skb data
  - From: Eric Dumazet

References:
- [Xen-devel] BUG in xennet_make_frags with paged skb data
  - From: Seth Forshee

Prev by Date: Re: [Xen-devel] [PATCH RFC] x86, mm: use _PAGE_BIT_SOFTW2 as _PAGE_BIT_NUMA
Next by Date: Re: [Xen-devel] [xen-4.2-testing test] 31385: regressions - FAIL
Previous by thread: [Xen-devel] BUG in xennet_make_frags with paged skb data
Next by thread: Re: [Xen-devel] BUG in xennet_make_frags with paged skb data
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.