[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH net-next v2] xen-netfront: clean up code in xennet_release_rx_bufs
On 2014/1/17 14:25, annie li wrote: On 2014/1/16 19:10, David Vrabel wrote:On 15/01/14 23:57, Annie Li wrote:I don't think replacing a resource leak with a security bug is a good idea.This patch implements two things:* release grant reference and skb for rx path, this fixex resource leaking. * clean up grant transfer code kept from old netfront(2.6.18) which grants pages for access/map and transfer. But grant transfer is deprecated in currentnetfront, so remove corresponding release code for transfer.gnttab_end_foreign_access_ref may fail when the grant entry is currently used for reading or writing. But this patch does not cover this and improvement forthis failure may be implemented in a separate patch.If you would prefer not to fix the gnttab_end_foreign_access() call, I think you can fix this in netfront by taking a reference to the page before calling gnttab_end_foreign_access(). This will ensure the page isn't freed until the subsequent kfree_skb(), or the gref is released by the foreign domain (whichever is later).Taking a reference to the page before calling gnttab_end_foreign_access() delays the free work until kfree_skb(). Simply adding put_page before kfree_skb() does not make things different from gnttab_end_foreign_access_ref(), and the pages will be freed by kfree_skb(), problem will be hit in gnttab_handle_deferred() when freeing pages which already be freed.So put_page is required in gnttab_end_foreign_access(), this will ensure either free is taken by kfree_skb or gnttab_handle_deferred. This involves changes in blkfront/pcifront/tpmfront(just like your patch), this way ensure page is released when ref is end.Another solution I am thinking is calling gnttab_end_foreign_access() with page parameter as NULL, then gnttab_end_foreign_access will only do ending grant reference work and releasing page work is done by kfree_skb(). Not NULL above, it should be 0UL. Thanks Annie _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |