Hi, On Thu, 2019-03-21 at 23:05 -0400, Christoph Paasch wrote: > On Thu, Mar 21, 2019 at 12:43 PM Alexander Duyck > <alexander.duyck@xxxxxxxxx> wrote: > > On Thu, Mar 21, 2019 at 2:45 AM Paolo Abeni <pabeni@xxxxxxxxxx> wrote: > > > The following - completely untested - should avoid the unbounded loop, > > > but it's not a complete fix, I *think* we should also change > > > sk_busy_loop_end() in a similar way, but that is a little more complex > > > due to the additional indirections. > > > > As far as sk_busy_loop_end we could look at just forking sk_busy_loop > > and writing a separate implementation for datagram sockets that uses a > > different loop_end function. It shouldn't take much to change since > > all we would need to do is pass a structure containing the sk and last > > pointers instead of just passing the sk directly as the loop_end > > argument. > > > > > Could you please test it? > > > > > > Any feedback welcome! > > > > The change below looks good to me. > > I just tried it out. Worked for me! > > You can add my Tested-by if you do a formal patch-submission: > > Tested-by: Christoph Paasch <cpaasch@xxxxxxxxx> Thanks for testing! I'm trying to reproduce the issue locally, but I'm unable. I think that the current UDP implementation is not affected, as we always ensure sk_receive_queue is empty before busy polling. Unix sockets should not be affected, too, as busy polling should not have any effect there (sk_napi_id should be never >= MIN_NAPI_ID). Can you reproduce the issue on an unpatched, recent, upstream kernel? Can you please provide the syzkaller repro? Thanks, Paolo
