net: fix rte_vlan_insert with shared mbuf

Message ID 20190326191516.20675-1-stephen@networkplumber.org
State Superseded, archived
Delegated to: Ferruh Yigit
Headers show
Series
  • net: fix rte_vlan_insert with shared mbuf
Related show

Checks

Context Check Description
ci/mellanox-Performance-Testing fail Performance Testing issues
ci/intel-Performance-Testing success Performance Testing PASS
ci/Intel-compilation success Compilation OK
ci/checkpatch warning coding style issues

Commit Message

Stephen Hemminger March 26, 2019, 7:15 p.m.
If mbuf refcnt was > 1 then rte_vlan_insert() would incorrectly
modify the original copy. Original code was expecting clone to make
a copy (it doesn't). Better to let the caller deal with making
a copy or setting up mbuf chain to allow for header to be added.

Also fix docbook comment about parameters (function takes
pointer to mbuf).

Fixes: c974021a5949 ("ether: add soft vlan encap/decap")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
---
 lib/librte_net/rte_ether.h | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

Comments

Chas Williams March 26, 2019, 10:38 p.m. | #1
On 3/26/19 3:15 PM, Stephen Hemminger wrote:
> If mbuf refcnt was > 1 then rte_vlan_insert() would incorrectly
> modify the original copy. Original code was expecting clone to make
> a copy (it doesn't). Better to let the caller deal with making
> a copy or setting up mbuf chain to allow for header to be added.
> 
> Also fix docbook comment about parameters (function takes
> pointer to mbuf).
> 
> Fixes: c974021a5949 ("ether: add soft vlan encap/decap")
> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
> ---
>   lib/librte_net/rte_ether.h | 15 ++++-----------
>   1 file changed, 4 insertions(+), 11 deletions(-)
> 
> diff --git a/lib/librte_net/rte_ether.h b/lib/librte_net/rte_ether.h
> index c2c5e249ffe9..bab2b198fa79 100644
> --- a/lib/librte_net/rte_ether.h
> +++ b/lib/librte_net/rte_ether.h
> @@ -374,7 +374,7 @@ static inline int rte_vlan_strip(struct rte_mbuf *m)
>    * Software version of VLAN unstripping
>    *
>    * @param m
> - *   The packet mbuf.
> + *   Pointer to the packet mbuf.
>    * @return
>    *   - 0: On success
>    *   -EPERM: mbuf is is shared overwriting would be unsafe
> @@ -385,16 +385,9 @@ static inline int rte_vlan_insert(struct rte_mbuf **m)
>   	struct ether_hdr *oh, *nh;
>   	struct vlan_hdr *vh;
>   
> -	/* Can't insert header if mbuf is shared */
> -	if (rte_mbuf_refcnt_read(*m) > 1) {
> -		struct rte_mbuf *copy;
> -
> -		copy = rte_pktmbuf_clone(*m, (*m)->pool);
> -		if (unlikely(copy == NULL))
> -			return -ENOMEM;
> -		rte_pktmbuf_free(*m);
> -		*m = copy;
> -	}
> +	/* Can't directly insert header if mbuf is shared */
> +	if (rte_mbuf_refcnt_read(*m) > 1)

This check probably isn't sufficient. You need something more like:

         if (rte_mbuf_refcnt_read(mbuf) > 1 ||
             (RTE_MBUF_INDIRECT(mbuf) &&
              rte_mbuf_refcnt_read(rte_mbuf_from_indirect(mbuf)) > 1)) {

If this is a cloned packet, the refcnt will be 1. So you need to examine 
the parent mbuf to see if other clones exist.

> +		return -EPERM;
>   
>   	oh = rte_pktmbuf_mtod(*m, struct ether_hdr *);
>   	nh = (struct ether_hdr *)
>
Stephen Hemminger March 27, 2019, 3:18 p.m. | #2
On Tue, 26 Mar 2019 18:38:57 -0400
Chas Williams <3chas3@gmail.com> wrote:

> On 3/26/19 3:15 PM, Stephen Hemminger wrote:
> > If mbuf refcnt was > 1 then rte_vlan_insert() would incorrectly
> > modify the original copy. Original code was expecting clone to make
> > a copy (it doesn't). Better to let the caller deal with making
> > a copy or setting up mbuf chain to allow for header to be added.
> > 
> > Also fix docbook comment about parameters (function takes
> > pointer to mbuf).
> > 
> > Fixes: c974021a5949 ("ether: add soft vlan encap/decap")
> > Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
> > ---
> >   lib/librte_net/rte_ether.h | 15 ++++-----------
> >   1 file changed, 4 insertions(+), 11 deletions(-)
> > 
> > diff --git a/lib/librte_net/rte_ether.h b/lib/librte_net/rte_ether.h
> > index c2c5e249ffe9..bab2b198fa79 100644
> > --- a/lib/librte_net/rte_ether.h
> > +++ b/lib/librte_net/rte_ether.h
> > @@ -374,7 +374,7 @@ static inline int rte_vlan_strip(struct rte_mbuf *m)
> >    * Software version of VLAN unstripping
> >    *
> >    * @param m
> > - *   The packet mbuf.
> > + *   Pointer to the packet mbuf.
> >    * @return
> >    *   - 0: On success
> >    *   -EPERM: mbuf is is shared overwriting would be unsafe
> > @@ -385,16 +385,9 @@ static inline int rte_vlan_insert(struct rte_mbuf **m)
> >   	struct ether_hdr *oh, *nh;
> >   	struct vlan_hdr *vh;
> >   
> > -	/* Can't insert header if mbuf is shared */
> > -	if (rte_mbuf_refcnt_read(*m) > 1) {
> > -		struct rte_mbuf *copy;
> > -
> > -		copy = rte_pktmbuf_clone(*m, (*m)->pool);
> > -		if (unlikely(copy == NULL))
> > -			return -ENOMEM;
> > -		rte_pktmbuf_free(*m);
> > -		*m = copy;
> > -	}
> > +	/* Can't directly insert header if mbuf is shared */
> > +	if (rte_mbuf_refcnt_read(*m) > 1)  
> 
> This check probably isn't sufficient. You need something more like:
> 
>          if (rte_mbuf_refcnt_read(mbuf) > 1 ||
>              (RTE_MBUF_INDIRECT(mbuf) &&
>               rte_mbuf_refcnt_read(rte_mbuf_from_indirect(mbuf)) > 1)) {
> 
> If this is a cloned packet, the refcnt will be 1. So you need to examine 
> the parent mbuf to see if other clones exist.
> 

The problem is that indirect buffers probably can't be overwritten
because of lack of headroom.

Actually, why not push the problem into the pktmbuf_headroom logic?
Chas Williams March 27, 2019, 3:31 p.m. | #3
On 3/27/19 11:18 AM, Stephen Hemminger wrote:
> On Tue, 26 Mar 2019 18:38:57 -0400
> Chas Williams <3chas3@gmail.com> wrote:
> 
>> On 3/26/19 3:15 PM, Stephen Hemminger wrote:
>>> If mbuf refcnt was > 1 then rte_vlan_insert() would incorrectly
>>> modify the original copy. Original code was expecting clone to make
>>> a copy (it doesn't). Better to let the caller deal with making
>>> a copy or setting up mbuf chain to allow for header to be added.
>>>
>>> Also fix docbook comment about parameters (function takes
>>> pointer to mbuf).
>>>
>>> Fixes: c974021a5949 ("ether: add soft vlan encap/decap")
>>> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
>>> ---
>>>    lib/librte_net/rte_ether.h | 15 ++++-----------
>>>    1 file changed, 4 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/lib/librte_net/rte_ether.h b/lib/librte_net/rte_ether.h
>>> index c2c5e249ffe9..bab2b198fa79 100644
>>> --- a/lib/librte_net/rte_ether.h
>>> +++ b/lib/librte_net/rte_ether.h
>>> @@ -374,7 +374,7 @@ static inline int rte_vlan_strip(struct rte_mbuf *m)
>>>     * Software version of VLAN unstripping
>>>     *
>>>     * @param m
>>> - *   The packet mbuf.
>>> + *   Pointer to the packet mbuf.
>>>     * @return
>>>     *   - 0: On success
>>>     *   -EPERM: mbuf is is shared overwriting would be unsafe
>>> @@ -385,16 +385,9 @@ static inline int rte_vlan_insert(struct rte_mbuf **m)
>>>    	struct ether_hdr *oh, *nh;
>>>    	struct vlan_hdr *vh;
>>>    
>>> -	/* Can't insert header if mbuf is shared */
>>> -	if (rte_mbuf_refcnt_read(*m) > 1) {
>>> -		struct rte_mbuf *copy;
>>> -
>>> -		copy = rte_pktmbuf_clone(*m, (*m)->pool);
>>> -		if (unlikely(copy == NULL))
>>> -			return -ENOMEM;
>>> -		rte_pktmbuf_free(*m);
>>> -		*m = copy;
>>> -	}
>>> +	/* Can't directly insert header if mbuf is shared */
>>> +	if (rte_mbuf_refcnt_read(*m) > 1)
>>
>> This check probably isn't sufficient. You need something more like:
>>
>>           if (rte_mbuf_refcnt_read(mbuf) > 1 ||
>>               (RTE_MBUF_INDIRECT(mbuf) &&
>>                rte_mbuf_refcnt_read(rte_mbuf_from_indirect(mbuf)) > 1)) {
>>
>> If this is a cloned packet, the refcnt will be 1. So you need to examine
>> the parent mbuf to see if other clones exist.
>>
> 
> The problem is that indirect buffers probably can't be overwritten
> because of lack of headroom.
> 
> Actually, why not push the problem into the pktmbuf_headroom logic?

That's not what the original code is checking and why it is checking. You
should not modify the data of a packet that has other users. To check
all the possible users, you need to check your refcnt and if a clone,
check the parent to see if any other clones exist.  If they do, you
can't safely modify these packets. Yes, we have run into this bug.  Yes,
it was hard to find.

Someone local write a slightly different version of rte_vlan_insert
that clones the packet and prepends an mbuf so you can safely insert
the VLAN information. I will see about getting it submitted.
Ferruh Yigit March 28, 2019, 2:04 p.m. | #4
On 3/27/2019 3:31 PM, Chas Williams wrote:
> 
> 
> On 3/27/19 11:18 AM, Stephen Hemminger wrote:
>> On Tue, 26 Mar 2019 18:38:57 -0400
>> Chas Williams <3chas3@gmail.com> wrote:
>>
>>> On 3/26/19 3:15 PM, Stephen Hemminger wrote:
>>>> If mbuf refcnt was > 1 then rte_vlan_insert() would incorrectly
>>>> modify the original copy. Original code was expecting clone to make
>>>> a copy (it doesn't). Better to let the caller deal with making
>>>> a copy or setting up mbuf chain to allow for header to be added.
>>>>
>>>> Also fix docbook comment about parameters (function takes
>>>> pointer to mbuf).
>>>>
>>>> Fixes: c974021a5949 ("ether: add soft vlan encap/decap")
>>>> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
>>>> ---
>>>>    lib/librte_net/rte_ether.h | 15 ++++-----------
>>>>    1 file changed, 4 insertions(+), 11 deletions(-)
>>>>
>>>> diff --git a/lib/librte_net/rte_ether.h b/lib/librte_net/rte_ether.h
>>>> index c2c5e249ffe9..bab2b198fa79 100644
>>>> --- a/lib/librte_net/rte_ether.h
>>>> +++ b/lib/librte_net/rte_ether.h
>>>> @@ -374,7 +374,7 @@ static inline int rte_vlan_strip(struct rte_mbuf *m)
>>>>     * Software version of VLAN unstripping
>>>>     *
>>>>     * @param m
>>>> - *   The packet mbuf.
>>>> + *   Pointer to the packet mbuf.
>>>>     * @return
>>>>     *   - 0: On success
>>>>     *   -EPERM: mbuf is is shared overwriting would be unsafe
>>>> @@ -385,16 +385,9 @@ static inline int rte_vlan_insert(struct rte_mbuf **m)
>>>>    	struct ether_hdr *oh, *nh;
>>>>    	struct vlan_hdr *vh;
>>>>    
>>>> -	/* Can't insert header if mbuf is shared */
>>>> -	if (rte_mbuf_refcnt_read(*m) > 1) {
>>>> -		struct rte_mbuf *copy;
>>>> -
>>>> -		copy = rte_pktmbuf_clone(*m, (*m)->pool);
>>>> -		if (unlikely(copy == NULL))
>>>> -			return -ENOMEM;
>>>> -		rte_pktmbuf_free(*m);
>>>> -		*m = copy;
>>>> -	}
>>>> +	/* Can't directly insert header if mbuf is shared */
>>>> +	if (rte_mbuf_refcnt_read(*m) > 1)
>>>
>>> This check probably isn't sufficient. You need something more like:
>>>
>>>           if (rte_mbuf_refcnt_read(mbuf) > 1 ||
>>>               (RTE_MBUF_INDIRECT(mbuf) &&
>>>                rte_mbuf_refcnt_read(rte_mbuf_from_indirect(mbuf)) > 1)) {
>>>
>>> If this is a cloned packet, the refcnt will be 1. So you need to examine
>>> the parent mbuf to see if other clones exist.
>>>
>>
>> The problem is that indirect buffers probably can't be overwritten
>> because of lack of headroom.
>>
>> Actually, why not push the problem into the pktmbuf_headroom logic?
> 
> That's not what the original code is checking and why it is checking. You
> should not modify the data of a packet that has other users. 

+1, commit log mentions from the same problem I think.

> To check
> all the possible users, you need to check your refcnt and if a clone,
> check the parent to see if any other clones exist.  If they do, you
> can't safely modify these packets. Yes, we have run into this bug.  Yes,
> it was hard to find.
> 
> Someone local write a slightly different version of rte_vlan_insert
> that clones the packet and prepends an mbuf so you can safely insert
> the VLAN information. I will see about getting it submitted.

Thanks for it, it looks like duplicating the mbuf was the original intention of
the code.
But if we can't get updated 'rte_vlan_insert' timely, I suggest getting this
patch with extended checks that you suggested. So can it be possible to make new
version of this patch in any case?

Patch

diff --git a/lib/librte_net/rte_ether.h b/lib/librte_net/rte_ether.h
index c2c5e249ffe9..bab2b198fa79 100644
--- a/lib/librte_net/rte_ether.h
+++ b/lib/librte_net/rte_ether.h
@@ -374,7 +374,7 @@  static inline int rte_vlan_strip(struct rte_mbuf *m)
  * Software version of VLAN unstripping
  *
  * @param m
- *   The packet mbuf.
+ *   Pointer to the packet mbuf.
  * @return
  *   - 0: On success
  *   -EPERM: mbuf is is shared overwriting would be unsafe
@@ -385,16 +385,9 @@  static inline int rte_vlan_insert(struct rte_mbuf **m)
 	struct ether_hdr *oh, *nh;
 	struct vlan_hdr *vh;
 
-	/* Can't insert header if mbuf is shared */
-	if (rte_mbuf_refcnt_read(*m) > 1) {
-		struct rte_mbuf *copy;
-
-		copy = rte_pktmbuf_clone(*m, (*m)->pool);
-		if (unlikely(copy == NULL))
-			return -ENOMEM;
-		rte_pktmbuf_free(*m);
-		*m = copy;
-	}
+	/* Can't directly insert header if mbuf is shared */
+	if (rte_mbuf_refcnt_read(*m) > 1)
+		return -EPERM;
 
 	oh = rte_pktmbuf_mtod(*m, struct ether_hdr *);
 	nh = (struct ether_hdr *)