Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp883901pxb;
        Wed, 27 Oct 2021 14:26:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJysSGudjcqT2/mCHj5I4fUzOKtJ4RZ6aEhCQSneNe6L8wsf6x6mbrSIs7talV8hzSRzAuEL
X-Received: by 2002:a50:c30a:: with SMTP id a10mr508840edb.206.1635369964660;
        Wed, 27 Oct 2021 14:26:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635369964; cv=none;
        d=google.com; s=arc-20160816;
        b=0DMVsoT7vnjckiQ2kA8bMrdo9+PxcHq8JROWXHXQmg/y58p6MgiTlHEKQkKJfeus6W
         i/+bcTVL/TcuILaj07UFHZjH7qaYkp3sFNSLtgvRrl1PtXGVuHPUwSWz7buyApesZ/Ex
         isEaIuwTTyOmd7VgU1nxQpCUb0PYdNkKzBY0jXlH2PNw3dT20ylzzH5uTRv4ZSw6py25
         IZZPnUZAqXCXSM1WBgjVzqJmiyYKygE52W9vf0b3gNgG2lcEorGDXkD0k2G7hpOTHqub
         p1RexALmbsLGuqTsMnARaSBBfg1MYNmEOXyOYz5tgyWpmUXOkpwSmm0nX7wBzB25kaxa
         cz3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=Z566xtslsdKvnk7VTs1tMW12Kr9UG7GMYYnNeUlwOBU=;
        b=RRlSCNVGYd5seDfgEcahG+BzfHOZbN0SrhDFTyxOFqYgguLB47keegVACvOVuBjNg2
         RRWeAWE9OgGb21bn1tbF1L0kMz5rMqmditxmOqXL7B6d3DWAGkjiHBXvfpyOMPra64N1
         NlLliPXanJuEVySRrkxvIQyKtkjaFM31ibcZpEBHR7WFAa7mEm2hXlXbxKkR+84dOAGe
         YZXTRlxPyJZD8l3wZQhi4M0zVSxVvKd7r9TWsmlaOLdU7F9DZH249cWEQSA2B0aXADM4
         aZcSek7yHyLnZG9dCemv+6lon4dn8xnNdXn4DrW0huJI710eM6uvoEI20l1RVio+X8fE
         O3NQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id qb38si1733710ejc.64.2021.10.27.14.25.41;
        Wed, 27 Oct 2021 14:26:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241958AbhJ0MnK (ORCPT <rfc822;luming.yu@gmail.com> + 97 others);
        Wed, 27 Oct 2021 08:43:10 -0400
Received: from szxga02-in.huawei.com ([45.249.212.188]:25317 "EHLO
        szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236267AbhJ0MnJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Oct 2021 08:43:09 -0400
Received: from dggemv711-chm.china.huawei.com (unknown [172.30.72.56])
        by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4HfSpp48y9zbhMX;
        Wed, 27 Oct 2021 20:36:02 +0800 (CST)
Received: from dggpemm500005.china.huawei.com (7.185.36.74) by
 dggemv711-chm.china.huawei.com (10.1.198.66) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.15; Wed, 27 Oct 2021 20:40:41 +0800
Received: from [10.69.30.204] (10.69.30.204) by dggpemm500005.china.huawei.com
 (7.185.36.74) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.15; Wed, 27 Oct
 2021 20:40:41 +0800
Subject: Re: [PATCH net] net: gro: set the last skb->next to NULL when it get
 merged
To:     Jason Xing <kerneljasonxing@gmail.com>,
        David Miller <davem@davemloft.net>, <kuba@kernel.org>,
        <alobakin@pm.me>, <jonathan.lemon@gmail.com>,
        Willem de Bruijn <willemb@google.com>, <pabeni@redhat.com>,
        <vvs@virtuozzo.com>, <cong.wang@bytedance.com>
CC:     netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Jason Xing <xingwanli@kuaishou.com>
References: <20211026131859.59114-1-kerneljasonxing@gmail.com>
 <CAL+tcoC487AF=HAiNVhKO6kA0yhjT+hmp5DQSdaGBnJEtGgqPA@mail.gmail.com>
 <CAL+tcoAD+iiEFbvMnaHjg_-42_r7ukxDt8CveYW7pE4arcdKsg@mail.gmail.com>
 <CAL+tcoAUwEx3ZJ5ysu_+-1eYfuL82JoV0fk7305dSOSo6J80-w@mail.gmail.com>
From:   Yunsheng Lin <linyunsheng@huawei.com>
Message-ID: <31e181c7-7268-877a-f061-cdea06c0459e@huawei.com>
Date:   Wed, 27 Oct 2021 20:40:35 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <CAL+tcoAUwEx3ZJ5ysu_+-1eYfuL82JoV0fk7305dSOSo6J80-w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.69.30.204]
X-ClientProxiedBy: dggeme713-chm.china.huawei.com (10.1.199.109) To
 dggpemm500005.china.huawei.com (7.185.36.74)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2021/10/27 16:56, Jason Xing wrote:
> On Wed, Oct 27, 2021 at 4:07 PM Jason Xing <kerneljasonxing@gmail.com> wrote:
>>
>> On Wed, Oct 27, 2021 at 3:23 PM Jason Xing <kerneljasonxing@gmail.com> wrote:
>>>
>>> On Tue, Oct 26, 2021 at 9:19 PM <kerneljasonxing@gmail.com> wrote:
>>>>
>>>> From: Jason Xing <xingwanli@kuaishou.com>
>>>>
>>>> Setting the @next of the last skb to NULL to prevent the panic in future
>>>> when someone does something to the last of the gro list but its @next is
>>>> invalid.
>>>>
>>>> For example, without the fix (commit: ece23711dd95), a panic could happen
>>>> with the clsact loaded when skb is redirected and then validated in
>>>> validate_xmit_skb_list() which could access the error addr of the @next
>>>> of the last skb. Thus, "general protection fault" would appear after that.
>>>>
>>>> Signed-off-by: Jason Xing <xingwanli@kuaishou.com>
>>>> ---
>>>>  net/core/skbuff.c | 1 +
>>>>  1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
>>>> index 2170bea..7b248f1 100644
>>>> --- a/net/core/skbuff.c
>>>> +++ b/net/core/skbuff.c
>>>> @@ -4396,6 +4396,7 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb)
>>>>                 skb_shinfo(p)->frag_list = skb;
>>>>         else
>>>>                 NAPI_GRO_CB(p)->last->next = skb;
>>>> +       skb->next = NULL;
>>>>         NAPI_GRO_CB(p)->last = skb;
>>>
>>> Besides, I'm a little bit confused that this operation inserts the
>>> newest skb into the tail of the flow, so the tail of flow is the
>>> newest, head oldest. The patch (commit: 600adc18) introduces the flush
>>> of the oldest when the flow is full to lower the latency, but actually
>>> it fetches the tail of the flow. Do I get something wrong here? I feel
>>
>> I have to update this part. The commit 600adc18 evicts and flushes the
>> oldest flow. But for the current kernel, when
>> "napi->gro_hash[hash].count >= MAX_GRO_SKBS" happens, the
>> gro_flush_oldest() flushes the oldest skb of one certain flow,
>> actually it is the newest skb because it is at the end of the list.

it seems the below is more matched with the gro_flush_oldest() instead
of the above code block:
https://elixir.bootlin.com/linux/v5.15-rc3/source/net/core/dev.c#L6118

> 
> I just submitted another patch to explain how it happens, please help
> me review both patches.
> 
> Link: https://lore.kernel.org/lkml/20211027084944.4508-1-kerneljasonxing@gmail.com/
> 
> Thanks again,
> Jason
> 
>>
>>> it is really odd.
>>>
>>> Thanks,
>>> Jason
>>>
>>>>         __skb_header_release(skb);
>>>>         lp = p;
>>>> --
>>>> 1.8.3.1
>>>>
> .
>