Re: oops in tcp_xmit_retransmit_queue() w/ v2.6.32.15
From: Lennart Schulte
Date: Mon Jul 19 2010 - 04:06:19 EST
I ran tests for about 2 hours with this patch and I got no output from
the debug patch. This seems to have solved at least my problem :)
Thanks!
[PATCH] tcp: fix crash in tcp_xmit_retransmit_queue
It can happen that there are no packets in queue while calling
tcp_xmit_retransmit_queue(). tcp_write_queue_head() then returns
NULL and that gets deref'ed to get sacked into a local var.
There is no work to do if no packets are outstanding so we just
exit early.
There may still be another bug affecting this same function.
Signed-off-by: Ilpo Järvinen<ilpo.jarvinen@xxxxxxxxxxx>
Reported-by: Lennart Schulte<lennart.schulte@xxxxxxxxxxxxxxxxxxx>
---
net/ipv4/tcp_output.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index b4ed957..7ed9dc1 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2208,6 +2208,9 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
int mib_idx;
int fwd_rexmitting = 0;
+ if (!tp->packets_out)
+ return;
+
if (!tp->lost_out)
tp->retransmit_high = tp->snd_una;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/