Re: [PATCH] virtio_net: fix use after free

2014-10-31 Thread Jason Wang
On 10/31/2014 11:36 AM, Eric Dumazet wrote: On Wed, 2014-10-15 at 16:23 +0300, Michael S. Tsirkin wrote: commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb-xmit_more after the skb has been put

Re: [PATCH] virtio_net: fix use after free

2014-10-31 Thread Eric Dumazet
On Fri, 2014-10-31 at 14:07 +0800, Jason Wang wrote: Since they are called before the possible free_old_xmit_skbs(), skb won't get freed at this time. Oh right, I forgot there is no completion handler yet, timer based or whatever. Thanks. ___

Re: [PATCH] virtio_net: fix use after free

2014-10-30 Thread Eric Dumazet
On Wed, 2014-10-15 at 16:23 +0300, Michael S. Tsirkin wrote: commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb-xmit_more after the skb has been put in TX VQ. Since some paths process the ring

Re: [PATCH] virtio_net: fix use after free

2014-10-17 Thread Michael S. Tsirkin
On Wed, Oct 15, 2014 at 04:47:27PM -0400, David Miller wrote: From: Michael S. Tsirkin m...@redhat.com Date: Wed, 15 Oct 2014 16:23:28 +0300 You used __netif_subqueue_stopped but that seems to use a slightly more expensive test_bit internally. More expensive in what sense? It should be

[PATCH] virtio_net: fix use after free

2014-10-15 Thread Michael S. Tsirkin
commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb-xmit_more after the skb has been put in TX VQ. Since some paths process the ring and free the skb immediately, this can cause use after free. Fix

RE: [PATCH] virtio_net: fix use after free

2014-10-15 Thread David Laight
From: Michael S. Tsirkin commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb-xmit_more after the skb has been put in TX VQ. Since some paths process the ring and free the skb immediately, this

Re: [PATCH] virtio_net: fix use after free

2014-10-15 Thread Michael S. Tsirkin
On Wed, Oct 15, 2014 at 01:24:57PM +, David Laight wrote: From: Michael S. Tsirkin commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb-xmit_more after the skb has been put in TX VQ.

Re: [PATCH] virtio_net: fix use after free

2014-10-15 Thread David Miller
From: Michael S. Tsirkin m...@redhat.com Date: Wed, 15 Oct 2014 16:23:28 +0300 You used __netif_subqueue_stopped but that seems to use a slightly more expensive test_bit internally. More expensive in what sense? It should be roughly the same as x y sans the volatile. Anyways I'm ambivalent