From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD386E77199 for ; Tue, 7 Jan 2025 12:55:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B1E56B00C4; Tue, 7 Jan 2025 07:55:01 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 43C1F6B00C7; Tue, 7 Jan 2025 07:55:01 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B37C6B00CA; Tue, 7 Jan 2025 07:55:01 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 09DAF6B00C4 for ; Tue, 7 Jan 2025 07:55:01 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id AD9BD80999 for ; Tue, 7 Jan 2025 12:54:45 +0000 (UTC) X-FDA: 82980650130.13.5E21B3A Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by imf21.hostedemail.com (Postfix) with ESMTP id 9017E1C0014 for ; Tue, 7 Jan 2025 12:54:42 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf21.hostedemail.com: domain of linyunsheng@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=linyunsheng@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736254484; a=rsa-sha256; cv=none; b=y+h34AnnKuPTKVWkIonP4F+dL6Zu480O9OQf0lbdqxsKpw8GI7ifpGAD40Qwokc9KfQh+L yknaDnKZA+JFo/iUP9MKsg6JlZvVGRqCCLixLx1kHBv7M8ADu/bLCpVnWO8The7EDsngQ8 W/FCy6+2465ybN01R832Sdc+5OpbNng= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf21.hostedemail.com: domain of linyunsheng@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=linyunsheng@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736254484; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WotX3OmVYtK9hOTlISzPgOeDnsvJ7SWrH06GSLHjh10=; b=EPfoXoogbtYfncyceC4QxgbC6H0oB0y0n0dOi6H4p2Z3pvBn0vcyPBu3QRIaP1pXsNJ+hS IBQbPG/Gs36dMDht6s94nkzvNXhpQHogvXorK8a3VL2bgnZ+TFAVcYjs8o1IznIPjemEOS +oWS9RSiRNlwhUjR7l1A7Tt47cy5iuY= Received: from mail.maildlp.com (unknown [172.19.88.194]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4YS9rx0bFCz1W338; Tue, 7 Jan 2025 20:50:57 +0800 (CST) Received: from dggpemf200006.china.huawei.com (unknown [7.185.36.61]) by mail.maildlp.com (Postfix) with ESMTPS id AF9FA140137; Tue, 7 Jan 2025 20:54:37 +0800 (CST) Received: from [10.67.120.129] (10.67.120.129) by dggpemf200006.china.huawei.com (7.185.36.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 7 Jan 2025 20:54:37 +0800 Message-ID: <561e07c0-98ba-44ee-abda-778b12438df6@huawei.com> Date: Tue, 7 Jan 2025 20:54:37 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH net-next v6 0/8] fix two bugs related to page_pool To: Jakub Kicinski CC: , , , , , Alexander Lobakin , Robin Murphy , Alexander Duyck , Andrew Morton , IOMMU , MM , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Matthias Brugger , AngeloGioacchino Del Regno , , , , , , References: <20250106130116.457938-1-linyunsheng@huawei.com> <20250106155154.7c349c67@kernel.org> Content-Language: en-US From: Yunsheng Lin In-Reply-To: <20250106155154.7c349c67@kernel.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.120.129] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggpemf200006.china.huawei.com (7.185.36.61) X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 9017E1C0014 X-Stat-Signature: onuioinxnxf4r5edpryfj8twzdf64wqa X-HE-Tag: 1736254482-542078 X-HE-Meta: U2FsdGVkX1+BpItLkOduEoomo2SA+gqOopCQeu00P4uvON17qsNllJZCkga5rHkWMmDRH3oS/7sCR9qRHlBIdo7kS3AYQF9ws1F/KZed39HKbF6ltRwq6UZ48onH344MkYjV9MshgxPQ8jydol8EES7yv9q7XqJ0+u9VGYRpSp1d8uxRSYy5UkxVO/VtKPSXvQKj323MxCs9QnvB1faNxU/m8D+cGEKQ2VRpMLbCIwC6wD8puaYFMv6dqxUxKLnvrvu2DJDBDzgxZc0kuflkqz3yIBdomNYSBql89tS5nNN2Ad+m16vSEgG3JpSurnSGTBcB5E7OFHAhGtnN7mCEhoKi3bMM54iL7fg3M5b0lbZIEMiRwF7zHJqBKhfsENcFqNKKxSIzXFSu2cEs+CVMtY0StMT35pT8kCNJjCyJ18v6rMvjhBsh+VxIjadWfmASgSoMana+Uc9kvY59LD0K5zJkee1GrujOFGCEL3Pgx1NAxMbvfp6B6ygBuuGnvczvACZdT06cJEpasELSilvb2rXsfuViTPEg1RrP4yH9Oi8a3lD/XRHNll2HFXJkK2VVrclPmKrgRb8+hlgeQin/VcQ8cXxRSb4EAsbtXx+1RX7OSf5RHhMu2KpovZmu06oDJfa9jxzq4b0xXB4WbGI+QyDLAmKrqZg/IEhHxVv4xXczKK78oeoGtvxAPpKpH8TQ/fbvbHtZOsONkgIfCS0RNvZMo0LIF6W0j3k/Kwpy5iw6OUwcjeayrluzUPGUkS2/KaQTYNhuptaLuhHgc1iZK8wiXwbB0ZWHUuMFyRhR2Rq0tSmI4jItHZUIw8GZ0a2Es41MLA6uecu4KegCWexkpgXHhDn9pl2HAFpj+PMEV/5yVyTTBqvRbXcnkrCGdhup58yrHoSxXRCz16uxin/wufnCuU+WUymeIhiVu4OMv28UWS/8V61tLi58qeMKkOkp3aRbZiqc3eUlVAv+5GK uehaOnPn m3E4n1NHv9yZ+hD6eVLLjwFWo6MH7iYmZgGebMhVxAUy50wa6L/bbtN+rqw+CIw1I+l74BsqKIfzvyqOABNBsk6N0DfOgmpS8Q4gf0Ia1VtHQ+1M7twhC+kXg6C5VMk9woWLi5TBF9h0sRaYVmULpjohWhH4gQ7SDa9BAY22LjcEbby6Qt7n8R8uWkwLfFQVLJ/fnpPzy9uwio/aUmpye0/EM4QXOu44/3Z6VG2vEn1zPwdJfBnw4h7ZSSsIWwf0leZlQ4fuxaow4kyFnOU90oFVRxqJ4vxvS7E0+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2025/1/7 7:51, Jakub Kicinski wrote: > On Mon, 6 Jan 2025 21:01:08 +0800 Yunsheng Lin wrote: >> This patchset fix a possible time window problem for page_pool and >> the dma API misuse problem as mentioned in [1], and try to avoid the >> overhead of the fixing using some optimization. >> >> From the below performance data, the overhead is not so obvious >> due to performance variations for time_bench_page_pool01_fast_path() >> and time_bench_page_pool02_ptr_ring, and there is about 20ns overhead >> for time_bench_page_pool03_slow() for fixing the bug. > > This appears to make the selftest from the drivers/net target implode. > > [ 20.227775][ T218] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130 > > Running the ping.py tests should be enough to repro. Thanks for reminding. Something like below seems to fix the use-after-free bug, will enable more DEBUG config when doing testing. --- a/net/core/page_pool.c +++ b/net/core/page_pool.c @@ -518,9 +518,13 @@ static void page_pool_items_unmap(struct page_pool *pool) static void page_pool_item_uninit(struct page_pool *pool) { - struct page_pool_item_block *block; + while (!list_empty(&pool->item_blocks)) { + struct page_pool_item_block *block; - list_for_each_entry(block, &pool->item_blocks, list) { + block = list_first_entry(&pool->item_blocks, + struct page_pool_item_block, + list); + list_del(&block->list); WARN_ON(refcount_read(&block->ref)); put_page(virt_to_page(block)); }