Re: [RFC PATCH v3 02/20] tcp: don't allow non-devmem originated ppiov

[RFC PATCH v3 00/20] Zero copy Rx using io_uring · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 01/20] net: page_pool: add ppiov mangling helper · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 01/20] net: page_pool: add ppiov mangling helper · Mina Almasry <hidden> · 2023-12-19
Re: [RFC PATCH v3 01/20] net: page_pool: add ppiov mangling helper · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
[RFC PATCH v3 02/20] tcp: don't allow non-devmem originated ppiov · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 02/20] tcp: don't allow non-devmem originated ppiov · Mina Almasry <hidden> · 2023-12-19
Re: [RFC PATCH v3 02/20] tcp: don't allow non-devmem originated ppiov · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
Re: [RFC PATCH v3 02/20] tcp: don't allow non-devmem originated ppiov · Mina Almasry <hidden> · 2024-01-02
[RFC PATCH v3 03/20] net: page pool: rework ppiov life cycle · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 03/20] net: page pool: rework ppiov life cycle · Mina Almasry <hidden> · 2023-12-19
Re: [RFC PATCH v3 03/20] net: page pool: rework ppiov life cycle · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
[RFC PATCH v3 04/20] net: enable napi_pp_put_page for ppiov · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 05/20] net: page_pool: add ->scrub mem provider callback · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 06/20] io_uring: separate header for exported net bits · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 06/20] io_uring: separate header for exported net bits · Jens Axboe <axboe@kernel.dk> · 2023-12-20
[RFC PATCH v3 07/20] io_uring: add interface queue · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · Jens Axboe <axboe@kernel.dk> · 2023-12-20
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · David Wei <hidden> · 2023-12-21
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2023-12-21
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-30
Re: [RFC PATCH v3 07/20] io_uring: add interface queue · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2023-12-31
[RFC PATCH v3 08/20] io_uring: add mmap support for shared ifq ringbuffers · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 08/20] io_uring: add mmap support for shared ifq ringbuffers · Jens Axboe <axboe@kernel.dk> · 2023-12-20
[RFC PATCH v3 10/20] io_uring: setup ZC for an Rx queue when registering an ifq · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 10/20] io_uring: setup ZC for an Rx queue when registering an ifq · Jens Axboe <axboe@kernel.dk> · 2023-12-20
Re: [RFC PATCH v3 10/20] io_uring: setup ZC for an Rx queue when registering an ifq · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
[RFC PATCH v3 09/20] netdev: add XDP_SETUP_ZC_RX command · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 11/20] io_uring/zcrx: implement socket registration · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 12/20] io_uring: add ZC buf and pool · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 13/20] io_uring: implement pp memory provider for zc rx · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 13/20] io_uring: implement pp memory provider for zc rx · Mina Almasry <hidden> · 2023-12-19
Re: [RFC PATCH v3 13/20] io_uring: implement pp memory provider for zc rx · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
Re: [RFC PATCH v3 13/20] io_uring: implement pp memory provider for zc rx · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-21
[RFC PATCH v3 14/20] net: page pool: add io_uring memory provider · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 14/20] net: page pool: add io_uring memory provider · Mina Almasry <hidden> · 2023-12-19
Re: [RFC PATCH v3 14/20] net: page pool: add io_uring memory provider · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
[RFC PATCH v3 15/20] io_uring: add io_recvzc request · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Jens Axboe <axboe@kernel.dk> · 2023-12-20
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-20
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Jens Axboe <axboe@kernel.dk> · 2023-12-20
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-21
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Jens Axboe <axboe@kernel.dk> · 2023-12-21
Re: [RFC PATCH v3 15/20] io_uring: add io_recvzc request · Pavel Begunkov <asml.silence@gmail.com> · 2023-12-30
[RFC PATCH v3 16/20] net: execute custom callback from napi · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 17/20] io_uring/zcrx: add copy fallback · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 18/20] veth: add support for io_uring zc rx · David Wei <hidden> · 2023-12-19
[RFC PATCH v3 19/20] net: page pool: generalise ppiov dma address get · David Wei <hidden> · 2023-12-19
Re: [RFC PATCH v3 19/20] net: page pool: generalise ppiov dma address get · Mina Almasry <hidden> · 2023-12-21
[RFC PATCH v3 20/20] bnxt: enable io_uring zc page pool · David Wei <hidden> · 2023-12-19

From: Pavel Begunkov <asml.silence@gmail.com>
Date: 2023-12-20 01:34:20
Also in: io-uring

On 12/19/23 23:24, Mina Almasry wrote:

On Tue, Dec 19, 2023 at 1:04 PM David Wei [off-list ref] wrote:

quoted

From: Pavel Begunkov <asml.silence@gmail.com>

NOT FOR UPSTREAM

There will be more users of struct page_pool_iov, and ppiovs from one
subsystem must not be used by another. That should never happen for any
sane application, but we need to enforce it in case of bufs and/or
malicious users.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: David Wei <redacted>
---
  net/ipv4/tcp.c | 7 +++++++
  1 file changed, 7 insertions(+)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 33a8bb63fbf5..9c6b18eebb5b 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c

@@ -2384,6 +2384,13 @@ static int tcp_recvmsg_devmem(const struct sock *sk, const struct sk_buff *skb,
                         }

                         ppiov = skb_frag_page_pool_iov(frag);
+
+                       /* Disallow non devmem owned buffers */
+                       if (ppiov->pp->p.memory_provider != PP_MP_DMABUF_DEVMEM) {
+                               err = -ENODEV;
+                               goto out;
+                       }
+

Instead of this, I maybe recommend modifying the skb->dmabuf flag? My
mental model is that flag means all the frags in the skb are

That's a good point, we need to separate them, and I have it in my
todo list.

specifically dmabuf, not general ppiovs or net_iovs. Is it possible to
add skb->io_uring or something?

->io_uring flag is not feasible, converting ->devmem into a type
{page,devmem,iouring} is better but not great either.

If that bloats the skb headers, then maybe we need another place to
put this flag. Maybe the [page_pool|net]_iov should declare whether
it's dmabuf or otherwise, and we can check frag[0] and assume all

ppiov->pp should be enough, either not mixing buffers from different
pools or comparing pp->ops or some pp->type.

frags are the same as frag0.

I think I like this one the most. I think David Ahern mentioned
before, but would be nice having it on per frag basis and kill
->devmem flag. That would still stop collapsing if frags are
from different pools or so.

But IMO the page pool internals should not leak into the
implementation of generic tcp stack functions.

-- 
Pavel Begunkov

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help