Re: [PATCH] gainfar.c : skb_over_panic (kernel-2.6.32.15)

[Eran Liberty]

David Miller wrote:
> From: Eran Liberty <liberty@xxxxxxxxxxxx>
> Date: Thu, 24 Jun 2010 12:53:23 +0300
>
>   
> > Fix possible skb_over_panic event in Freescale's "gianfar" driver. 
> >
> > The skb_over_panic occurs due to calling skb_put() within
> > gfar_clean_rx_ring(). This happens if (and only if) shortly prior to
> > the event and a few lined above the skb_put(), an skb was queued back
> > to the priv->rx_recycle queue due to RXBD_LAST or RXBD_ERR status.
> > The skb is queued without properly re-setting its state.
> >
> > The patch properly reset the skb state.
> >
> > I have tested this patch on MPC8548 based product and asserted it
> > avoided the skb_over_panic event.
> >
> > Signed-off-by: Eran Liberty <liberty@xxxxxxxxxxxx>
> >     
>
> Eran, this seems to be fixed already.  The code in the current
> tree now reads:
>
> 				/*
> 				 * We need to un-reserve() the skb to what it
> 				 * was before gfar_new_skb() re-aligned
> 				 * it to an RXBUF_ALIGNMENT boundary
> 				 * before we put the skb back on the
> 				 * recycle list.
> 				 */
> 				skb_reserve(skb, -GFAR_CB(skb)->alignamount);
> 				__skb_queue_head(&priv->rx_recycle, skb);
>
>
>   
This code has proved to be insufficient and produce skb_over_panic. The 
proposed patch fix this.

-- Liberty

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/