Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp721205pxb; Tue, 2 Feb 2021 16:40:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJwSZZaCiIB8Imsu/kLpMpNCYP6YdzW3vNbXhFX30Yy3zp8WHGrSZq0UNxMZgtzQ9Wk2Nc1M X-Received: by 2002:aa7:d754:: with SMTP id a20mr600165eds.265.1612312829102; Tue, 02 Feb 2021 16:40:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612312829; cv=none; d=google.com; s=arc-20160816; b=tAqCREd1B0tE7U+uHIR1cOABfAij7vrmKA5Tm29HAoPmTYbhg1KDHEjxZCjFei8iOH arN73qpmyaRu7bWpnOgPKNXwpoaOun7sXZA+xSiRkXYTQCyIpM1JpvOcNAzmtHqdxm6X pcy/z8D2A298tlHkihIROdS7X4/ynZfv+eALbXp3Zl9hJv6gqdIQDS4VPWXPquAuLI3T J/6C90cz1rBVOcfX3uYkMsA8SfCSQKonfrqlMK4eyUdZ/lYizUPoGsZYP3vpIW/9/qur Ynn4fuqo++V95N0+okd7N3xMpyLQCXZGOpdQGwJ2q3vdObI2Znas/8mgCm6sDa2/Q9Ft /zyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RaNsjOwqUcbpXCG99ecSA5gio3yAqiFYFr3g6/024ao=; b=qrf3DBNJ9SEJnl+jbA9HSTsH/wzruvYQWwsvBUU6Y3dy6H/x5htcHbCp+MSdlhakI/ ka38elUn76rv0g02uRxB786fdzs8ixmvEhauHOXo5djjhyUf9fBfgkzPeHVeSs3wNArn RkEkDU7ns5Y8tgtWLwKFPVvg4dVZR2dbfWdKZcFesDkZfqoA2arqhQ4dMbxCepQjr93A CnkR4IDy83BWJo4eNZYphEAA6H+BH/zPgkLvA4kUPTjPrW3LnlwcmHXSlVDczCIJDtjF GgzX8xvCyB0Kw3xp+FyMq2ViTbzNHoNhstTgkSBVcTgh9wSKDwe6UuosI8DJoT8+m4nK w8cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oU66NOBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w1si284849ejn.628.2021.02.02.16.40.04; Tue, 02 Feb 2021 16:40:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oU66NOBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238634AbhBBShj (ORCPT + 99 others); Tue, 2 Feb 2021 13:37:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52426 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238680AbhBBSgK (ORCPT ); Tue, 2 Feb 2021 13:36:10 -0500 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34120C06178C for ; Tue, 2 Feb 2021 10:35:01 -0800 (PST) Received: by mail-oi1-x22d.google.com with SMTP id h6so23839907oie.5 for ; Tue, 02 Feb 2021 10:35:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RaNsjOwqUcbpXCG99ecSA5gio3yAqiFYFr3g6/024ao=; b=oU66NOBWuilQ3IJJTCRak0wCivqFBHRtpLV8KyFJ9E2jCjo+KEP2b/2d/NpGkZaG04 CaPMsaXPPv2M3NJ211eq5XyrnYTBS2SIx70J8Qd4YhJ4+g0E/qqG7CNCVC3djn1zNKrf IISxX9belPhDUzdpETpU9xE9au4GbyP7BKNpB3CCOVViPJTITLShhP5p2DaZ+RHKGHym 5YIQEQcdGbbsphdOBhC9pQJ7lKfwUJPwWsXz7w4S9yInIgEI3OT6X4m55SFWaw2CWdDl Lnp3KmG6GdMTemmN6wOzLN2xvaHCsJ3L2usFL2yxRP9dO778m4y4a8gqq72zLWGe6i4r XJcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RaNsjOwqUcbpXCG99ecSA5gio3yAqiFYFr3g6/024ao=; b=uW/ymPvJi0jCHya0jcGAnaS3YoYjQPPFHGBNzg/sxR96us0BO7Gyu29Z9Y9GIiy+22 aq13VGUMpx93H9ASY3uFHZ9Olb8OzT58d9jTtvXcTEMZlC66dGG2NqKbJa8jD04CE01Y D1AVavwFA1ku6Dk/N00nE5OXK8Ac9sQk8UNulE/W4VC/yO/mguZQhLt6Pl8Z+aAdA2GL jXyeQATwxCve4rnUt3lUlJee1VqRDyh/nNSdPUaNgGXi2TXa6rXrHh4C7Lyz+TRBNGU+ to9spW9oVYloiDi02OqFfVQFPSOVma9P0Xsx6Vt91YdMAGroeaSKkGGQCJHZr6ZrEIFd BWSQ== X-Gm-Message-State: AOAM531faC/K8Ro+7/rJK/7U1YtiTgkXgZ8v8FlGwCwP/wk9lqEk7CJo OJasiqSmzS4aZ2ehsYrrWkpFg2Gcj5tIEgf4j+j58LQLngE= X-Received: by 2002:aca:cf50:: with SMTP id f77mr3686942oig.172.1612290900367; Tue, 02 Feb 2021 10:35:00 -0800 (PST) MIME-Version: 1.0 References: <20210201160420.2826895-1-elver@google.com> In-Reply-To: From: Marco Elver Date: Tue, 2 Feb 2021 19:34:48 +0100 Message-ID: Subject: Re: [PATCH net-next] net: fix up truesize of cloned skb in skb_prepare_for_shift() To: Eric Dumazet Cc: LKML , kasan-dev , David Miller , Jakub Kicinski , Jonathan Lemon , Willem de Bruijn , linmiaohe , Guillaume Nault , Dongseok Yi , Yadu Kishore , Al Viro , netdev , Alexander Potapenko , syzbot Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2 Feb 2021 at 18:59, Eric Dumazet wrote: > > On Mon, Feb 1, 2021 at 5:04 PM Marco Elver wrote: > > > > Avoid the assumption that ksize(kmalloc(S)) == ksize(kmalloc(S)): when > > cloning an skb, save and restore truesize after pskb_expand_head(). This > > can occur if the allocator decides to service an allocation of the same > > size differently (e.g. use a different size class, or pass the > > allocation on to KFENCE). > > > > Because truesize is used for bookkeeping (such as sk_wmem_queued), a > > modified truesize of a cloned skb may result in corrupt bookkeeping and > > relevant warnings (such as in sk_stream_kill_queues()). > > > > Link: https://lkml.kernel.org/r/X9JR/J6dMMOy1obu@elver.google.com > > Reported-by: syzbot+7b99aafdcc2eedea6178@syzkaller.appspotmail.com > > Suggested-by: Eric Dumazet > > Signed-off-by: Marco Elver > > Signed-off-by: Eric Dumazet Thank you!