On Fri, Mar 22, 2019 at 3:33 AM Paolo Abeni <pabeni@xxxxxxxxxx> wrote: > > Hi, > > On Thu, 2019-03-21 at 23:05 -0400, Christoph Paasch wrote: > > On Thu, Mar 21, 2019 at 12:43 PM Alexander Duyck > > <alexander.duyck@xxxxxxxxx> wrote: > > > On Thu, Mar 21, 2019 at 2:45 AM Paolo Abeni <pabeni@xxxxxxxxxx> wrote: > > > > The following - completely untested - should avoid the unbounded loop, > > > > but it's not a complete fix, I *think* we should also change > > > > sk_busy_loop_end() in a similar way, but that is a little more complex > > > > due to the additional indirections. > > > > > > As far as sk_busy_loop_end we could look at just forking sk_busy_loop > > > and writing a separate implementation for datagram sockets that uses a > > > different loop_end function. It shouldn't take much to change since > > > all we would need to do is pass a structure containing the sk and last > > > pointers instead of just passing the sk directly as the loop_end > > > argument. > > > > > > > Could you please test it? > > > > > > > > Any feedback welcome! > > > > > > The change below looks good to me. > > > > I just tried it out. Worked for me! > > > > You can add my Tested-by if you do a formal patch-submission: > > > > Tested-by: Christoph Paasch <cpaasch@xxxxxxxxx> > > Thanks for testing! > > I'm trying to reproduce the issue locally, but I'm unable. I think that > the current UDP implementation is not affected, as we always ensure > sk_receive_queue is empty before busy polling. But right after check is done we release the queue lock, so a packet might come right after the test has been done. > Unix sockets should not > be affected, too, as busy polling should not have any effect there > (sk_napi_id should be never >= MIN_NAPI_ID). Can you reproduce the > issue on an unpatched, recent, upstream kernel? > > Can you please provide the syzkaller repro? > > Thanks, > > Paolo > > > > >
