Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga) causeskernel oops
From: Eric Dumazet
Date: Tue Oct 18 2011 - 07:37:42 EST
Le mardi 18 octobre 2011 Ã 12:45 +0200, Herbert Xu a Ãcrit :
> On Tue, Oct 18, 2011 at 12:23:43PM +0200, Eric Dumazet wrote:
> >
> > You're right, if reallocations are OK in all paths.
>
> If it wasn't OK then making needed_headroom constant won't work
> anyway.
>
> > We'll need to change LL_RESERVED_SPACE() / LL_RESERVED_SPACE_EXTRA() /
> > LL_ALLOCATED_SPACE() macros and provide the [read once] values, instead
> > of a [read once] pointer to values.
>
> I'm not sure what you mean here. I don't see any need to change
> these macros. All we need is to save the value in a local variable:
>
> hh_len = LL_RESERVED_SPACE(dev);
>
> skb = alloc_skb(hh_len + len);
> skb_reserve(skb, hh_len);
>
Not really Herbert. Please read again my patch changelog.
In the bug we try to fix, we have :
skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev)
... < increase of dev->needed_headroom by another cpu/task >
skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));
skb_put() -> crash because we reserved too much space
So we really want LL_ALLOCATED_SPACE() and LL_RESERVED_SPACE() use the
same needed_headroom, or else you can have LL_RESERVED_SPACE() >
LL_ALLOCATED_SPACE().
There are several way to fix this, but this kind of code assumed the
dev->needed... values were consistent for the whole block.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/