On Thu, Mar 07, 2024 at 08:28:58PM +0200, Dragos Tatulea wrote:
When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. But if the skb fragment pages are originating from a page_pool, calling put_page on them will trigger a page_pool leak which will eventually result in a crash.
This leak can be easily observed when using CONFIG_DEBUG_VM and doing ipsec + gre (non offloaded) forwarding:
...
The suggested fix is to introduce a new wrapper (skb_page_unref) that covers page refcounting for page_pool pages as well.
Cc: stable@vger.kernel.org Fixes: 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling") Reported-and-tested-by: Anatoli N.Chechelnickiy Anatoli.Chechelnickiy@m.interpipe.biz Reported-by: Ian Kumlien ian.kumlien@gmail.com Link: https://lore.kernel.org/netdev/CAA85sZvvHtrpTQRqdaOx6gd55zPAVsqMYk_Lwh4Md5kn... Signed-off-by: Dragos Tatulea dtatulea@nvidia.com Reviewed-by: Mina Almasry almasrymina@google.com Reviewed-by: Jakub Kicinski kuba@kernel.org
This patch does not apply to the ipsec tree. Can you please rebase onto:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git
Thanks!