Re: [PATCH net v3] net: esp: fix bad handling of pages from page_pool

Steffen Klassert <steffen.klassert@xxxxxxxxxxx> · Tue, 19 Mar 2024 08:07:39 +0100

On Fri, Mar 08, 2024 at 05:26:00PM +0200, Dragos Tatulea wrote:
> When the skb is reorganized during esp_output (!esp->inline), the pages
> coming from the original skb fragments are supposed to be released back
> to the system through put_page. But if the skb fragment pages are
> originating from a page_pool, calling put_page on them will trigger a
> page_pool leak which will eventually result in a crash.
> 
> This leak can be easily observed when using CONFIG_DEBUG_VM and doing
> ipsec + gre (non offloaded) forwarding:

...

> The suggested fix is to introduce a new wrapper (skb_page_unref) that
> covers page refcounting for page_pool pages as well.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling")
> Reported-and-tested-by: Anatoli N.Chechelnickiy <Anatoli.Chechelnickiy@xxxxxxxxxxxxxxx>
> Reported-by: Ian Kumlien <ian.kumlien@xxxxxxxxx>
> Link: https://lore.kernel.org/netdev/CAA85sZvvHtrpTQRqdaOx6gd55zPAVsqMYk_Lwh4Md5knTq7AyA@xxxxxxxxxxxxxx
> Signed-off-by: Dragos Tatulea <dtatulea@xxxxxxxxxx>
> Reviewed-by: Mina Almasry <almasrymina@xxxxxxxxxx>
> Reviewed-by: Jakub Kicinski <kuba@xxxxxxxxxx>

Applied to the ipsec tree, thanks a lot!