[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1318905032.2571.35.camel@edumazet-laptop>
Date: Tue, 18 Oct 2011 04:30:32 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Elmar Vonlanthen <evonlanthen@...il.com>
Cc: linux-kernel@...r.kernel.org, netdev <netdev@...r.kernel.org>,
Timo Teräs <timo.teras@....fi>,
Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga) causes
kernel oops
Le lundi 17 octobre 2011 à 09:16 +0200, Elmar Vonlanthen a écrit :
> 2011/10/14 Eric Dumazet <eric.dumazet@...il.com>:
> > Please try following patch :
> >
> > [PATCH] ip_gre: dont increase dev->needed_headroom on a live device
> >
> > It seems ip_gre is able to change dev->needed_headroom on the fly.
> >
> > Its is not legal unfortunately and triggers a BUG in raw_sendmsg()
> >
> > skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev)
> >
> > < another cpu change dev->needed_headromm (making it bigger)
> >
> > ...
> > skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));
> >
> > We end with LL_RESERVED_SPACE() being bigger than LL_ALLOCATED_SPACE()
> > -> we crash later because skb head is exhausted.
> >
> > Bug introduced in commit 243aad83 in 2.6.34 (ip_gre: include route
> > header_len in max_headroom calculation)
> >
> > Reported-by: Elmar Vonlanthen <evonlanthen@...il.com>
> > Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
> > CC: Timo Teräs <timo.teras@....fi>
> > CC: Herbert Xu <herbert@...dor.apana.org.au>
> > ---
> > diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
> > index 8871067..1505dcf 100644
> > --- a/net/ipv4/ip_gre.c
> > +++ b/net/ipv4/ip_gre.c
> > @@ -835,8 +835,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
> > if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
> > (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
> > struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
> > - if (max_headroom > dev->needed_headroom)
> > - dev->needed_headroom = max_headroom;
> > if (!new_skb) {
> > ip_rt_put(rt);
> > dev->stats.tx_dropped++;
>
> Hello
>
> I tried this patch and I was not able anymore to reproduce the kernel
> oops. So the patch solved the bug.
> Thank you very much!
>
> Would it be possible to add the patch to the long term kernel 2.6.35
> as well? Because this is the one I use at the moment in production.
>
Thanks for testing.
If David/Herbert/Timo agree, then patch should find its way into current
kernel, then to stable trees as well.
Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists