On Fri, Mar 08, 2024 at 05:26:00PM +0200, Dragos Tatulea wrote:
When the skb is reorganized during esp_output (!esp->inline), the pages coming from the original skb fragments are supposed to be released back to the system through put_page. But if the skb fragment pages are originating from a page_pool, calling put_page on them will trigger a page_pool leak which will eventually result in a crash.
This leak can be easily observed when using CONFIG_DEBUG_VM and doing ipsec + gre (non offloaded) forwarding:
...
The suggested fix is to introduce a new wrapper (skb_page_unref) that covers page refcounting for page_pool pages as well.
Cc: stable@vger.kernel.org Fixes: 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling") Reported-and-tested-by: Anatoli N.Chechelnickiy Anatoli.Chechelnickiy@m.interpipe.biz Reported-by: Ian Kumlien ian.kumlien@gmail.com Link: https://lore.kernel.org/netdev/CAA85sZvvHtrpTQRqdaOx6gd55zPAVsqMYk_Lwh4Md5kn... Signed-off-by: Dragos Tatulea dtatulea@nvidia.com Reviewed-by: Mina Almasry almasrymina@google.com Reviewed-by: Jakub Kicinski kuba@kernel.org
Applied to the ipsec tree, thanks a lot!