lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <60A73B7A161A82449A7DB7B382BFD1553712F837@SZXEMA504-MBS.china.huawei.com>
Date:	Thu, 30 Jul 2015 05:56:40 +0000
From:	"Zhangjie (HZ)" <zhangjie14@...wei.com>
To:	Eric Dumazet <eric.dumazet@...il.com>,
	Jason Wang <jasowang@...hat.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"mst@...hat.com" <mst@...hat.com>,
	Qinchuanyu <qinchuanyu@...wei.com>, Yewudi <yewudi@...wei.com>,
	liuyongan 00175866 <l00175866@...esmail.huawei.com.cn>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [Question]Why a skb with frag_list causes BUG_ON in function
 skb_segment

Get it.
Eric, thanks for your explaination. :-)

Jason, thank you! I will remember cc netdev@...r.kernel.org next time.

-----Original Message-----
From: Eric Dumazet [mailto:eric.dumazet@...il.com] 
Sent: Thursday, July 30, 2015 1:01 PM
To: Jason Wang
Cc: Zhangjie (HZ); linux-kernel@...r.kernel.org; mst@...hat.com; Qinchuanyu; Yewudi; liuyongan 00175866; netdev@...r.kernel.org
Subject: Re: [Question]Why a skb with frag_list causes BUG_ON in function skb_segment

On Thu, 2015-07-30 at 12:26 +0800, Jason Wang wrote:
> cc netdev for more experts
> 
> On 07/28/2015 04:53 PM, Zhangjie (HZ) wrote:
> >
> > Hi,
> >
> > I generate a skb as follows:
> >
> > It has a linear data region, 17 frags and the last fragment is in 
> > skb_shinfo(skb)->frag_list.
> >
> > Before this skb is sent to driver, dev_hard_start_xmit() will 
> > segment it first(skb has frag_list,
> >
> > so we get true from netif_needs_gso()), then the skb is passed to 
> > function skb_segment().
> >
> > Then, BUG_ON() happened.
> >
> > while (pos < offset + len) {
> >
> >         if (i >= nfrags) {
> >
> >                 BUG_ON(skb_headlen(list_skb));    (skbuff.c:3120)
> >
> >                 …
> >
> >         }
> >
> >         …
> >
> > }
> >
> > A skb that has no frags but frag_list also causes BUG_ON().
> >
> > I wonder if skb like follows is legal? Could skb in frag_list have 
> > linear data region?

The answer is : skb_segment() is very complex but does not handle all possible cases.

skb found in skb_shinfo(skb)->frag_list must not have anything in their
skb->head. This would require very expensive logic and memory
allocations and copies.

Make sure you follow this rule in your driver, or even better leave this work to GRO engine.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ