[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [3.15-rc3] Bisected: xen-netback mangles packets between two guests on a bridge since merge of "TX grant mapping with SKBTX_DEV_ZEROCOPY instead of copy" series.

On 02/05/14 16:21, Eric Dumazet wrote:
On Fri, 2014-05-02 at 15:47 +0100, Zoltan Kiss wrote:

Sorry, I was misleading and wrong. Can you try out this scenario with
the attached patch?

Guys, I already told you skb->truesize 'mismatch' could not explain
packet corruptions. This comes from an expert in this matter, you can
trust me.

What could happens here is that TCP stack merges skbs (TCP coalescing)
These packets shouldn't reach Dom0's TCP stack at all, bridge/openvswitch grabs them before. And in the sending/receiving guest these skbs don't have this flag. However generally it is possible that a guest talks directly to Dom0, in which case your proposed fix could be valid.

Problem is that SKBTX_DEV_ZEROCOPY addition did not take care of this.

We have to forbid these merges from happening, because one skb has a
single destructor_arg.

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 1b62343f5837..85995a14aafc 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3838,7 +3839,10 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff 
                return true;

-       if (skb_has_frag_list(to) || skb_has_frag_list(from))
+       if (skb_has_frag_list(to) ||
+           skb_has_frag_list(from) ||
+           (skb_shinfo(to)->tx_flags & SKBTX_DEV_ZEROCOPY) ||
+           (skb_shinfo(from)->tx_flags & SKBTX_DEV_ZEROCOPY))
                return false;

        if (skb_headlen(from) != 0) {

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.