diff for duplicates of <20080501.024320.212547875.davem@davemloft.net> diff --git a/a/1.txt b/N1/1.txt index 06e0779..a1329d3 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,33 +1,51 @@ -RnJvbTogSm9oYW5uZXMgQmVyZyA8am9oYW5uZXNAc2lwc29sdXRpb25zLm5ldD4NCkRhdGU6IFRo -dSwgMDEgTWF5IDIwMDggMTE6MzI6MjkgKzAyMDANCg0KPiBPbiBUaHUsIDIwMDgtMDUtMDEgYXQg -MDI6MjAgLTA3MDAsIERhdmlkIE1pbGxlciB3cm90ZToNCj4gPiBGcm9tOiBKb2hhbm5lcyBCZXJn -IDxqb2hhbm5lc0BzaXBzb2x1dGlvbnMubmV0Pg0KPiA+IERhdGU6IFRodSwgMDEgTWF5IDIwMDgg -MTE6MDg6MDYgKzAyMDANCj4gPiANCj4gPiA+ID4gU2VlbXMgdGhlIHNrYi0+ZGVzdHJ1Y3RvciBt -ZXNzZXMgaXQgdXAuDQo+ID4gPiANCj4gPiA+IEFjdHVhbGx5LCBpdCBzZWVtcyB0byBiZSBvdXRz -aWRlIG9mIG1hYzgwMjExLCBJIHB1dCBpbiBhIFdBUk5fT04oKSBhbmQNCj4gPiA+IGdvdCB0aGlz -Og0KPiA+IA0KPiA+IFlvdSdyZSBqdXN0IHNlZWluZyB3aG8gZnJlZWQgaXQgbGFzdCBoZXJlLg0K -PiA+IA0KPiA+IEl0IGNvdWxkIGhhdmUgaGFkIGl0J3MgLT50cnVlc2l6ZSBwdXQgaW50byBhbiBp -bGxlZ2FsIHN0YXRlDQo+ID4gZWxzZXdoZXJlLg0KPiANCj4gWWVzLCBJIGtub3csIGJ1dCBpdCBk -b2Vzbid0IGNvbWUgZnJvbSBteSBza2Jfb3JwaGFuKCkgY2FsbC4gSGVuY2UsIEkNCj4ganVzdCDv -u79uZXRpZl9yeCgpIHRoZSBwYWNrZXQgd2hpY2ggbWFrZXMgaXQgZ28gb250byB0aGUgaW5wdXRf -cGt0X3F1ZXVlDQo+IGFuZCB0aGVuIHRvIG5ldGlmX3JlY2VpdmVfc2tiKCkgd2hpY2ggZ2l2ZXMg -aXQgdG8gYWZfcGFja2V0IGFuZCBhbGwNCj4gb3RoZXJzIHNob3VsZCBpZ25vcmUgaXQgc2luY2Ug -SSBzZXQg77u/UEFDS0VUX09USEVSSE9TVC4NCg0KSSBsb29rZWQgYXQgdGhlIG1hYzgwMjExIGNv -ZGUsIHRoZSBwcm9ibGVtIGlzIHRoZSBza2JfcHVzaCgpIHlvdQ0KZ3V5cyBkbyBpbiB0aGlzIHNp -dHVhdGlvbi4NCg0KVGhpbmdzIGxpa2UgbG9vcGJhY2ssIHdoaWNoIGFsc28gb3JwaGFuIHRoZW4g -cmVpbmplY3QsIGRvbid0IHRyaWdnZXINCnRoaXMgcHJvYmxlbSBiZWNhdXNlIHRoZSByZS1pbnB1 -dCBwYXRoIHRyaW1zIHRoaW5ncywgbmV2ZXIgYWRkcy4NCg0KVGhlIGdvb2QgbmV3cyBpcyB0aGF0 -IHRoaXMgaXMgZWFzeSB0byBmaXguDQoNClNpbmNlIHlvdSd2ZSBvcnBoYW5lZCB0aGUgU0tCLCBz -aW1wbHkgYWRqdXN0IHNrYi0+dHJ1ZXNpemUgYXMgeW91DQpkbyBwdXNoZXMuICBMaWtlIHRoaXM6 -DQoNCm1hYzgwMjExOiBBZGp1c3QgdHJ1ZXNpemUgaW4gaWVlZTgwMjExX3R4X3N0YXR1cygpIHdo -ZW4gcmVpbmplY3RpbmcuDQoNClNpZ25lZC1vZmYtYnk6IERhdmlkIFMuIE1pbGxlciA8ZGF2ZW1A -ZGF2ZW1sb2Z0Lm5ldD4NCg0KZGlmZiAtLWdpdCBhL25ldC9tYWM4MDIxMS9tYWluLmMgYi9uZXQv -bWFjODAyMTEvbWFpbi5jDQppbmRleCA5YWQ0ZTM2Li5kZTJlOTA0IDEwMDY0NA0KLS0tIGEvbmV0 -L21hYzgwMjExL21haW4uYw0KKysrIGIvbmV0L21hYzgwMjExL21haW4uYw0KQEAgLTE0ODUsNiAr -MTQ4NSw5IEBAIHZvaWQgaWVlZTgwMjExX3R4X3N0YXR1cyhzdHJ1Y3QgaWVlZTgwMjExX2h3ICpo -dywgc3RydWN0IHNrX2J1ZmYgKnNrYiwNCiAJcnRoZHIgPSAoc3RydWN0IGllZWU4MDIxMV90eF9z -dGF0dXNfcnRhcF9oZHIqKQ0KIAkJCQlza2JfcHVzaChza2IsIHNpemVvZigqcnRoZHIpKTsNCiAN -CisJLyogVGhpcyBpcyBzYWZlIGJlY2F1c2UgdGhlIGJ1ZmZlciBoYXMgYmVlbiBvcnBoYW5lZC4g -ICovDQorCXNrYi0+dHJ1ZXNpemUgKz0gc2l6ZW9mKCpydGhkcik7DQorDQogCW1lbXNldChydGhk -ciwgMCwgc2l6ZW9mKCpydGhkcikpOw0KIAlydGhkci0+aGRyLml0X2xlbiA9IGNwdV90b19sZTE2 -KHNpemVvZigqcnRoZHIpKTsNCiAJcnRoZHItPmhkci5pdF9wcmVzZW50ID0NCg== +From: Johannes Berg <johannes@sipsolutions.net> +Date: Thu, 01 May 2008 11:32:29 +0200 + +> On Thu, 2008-05-01 at 02:20 -0700, David Miller wrote: +> > From: Johannes Berg <johannes@sipsolutions.net> +> > Date: Thu, 01 May 2008 11:08:06 +0200 +> > +> > > > Seems the skb->destructor messes it up. +> > > +> > > Actually, it seems to be outside of mac80211, I put in a WARN_ON() and +> > > got this: +> > +> > You're just seeing who freed it last here. +> > +> > It could have had it's ->truesize put into an illegal state +> > elsewhere. +> +> Yes, I know, but it doesn't come from my skb_orphan() call. Hence, I +> just netif_rx() the packet which makes it go onto the input_pkt_queue +> and then to netif_receive_skb() which gives it to af_packet and all +> others should ignore it since I set PACKET_OTHERHOST. + +I looked at the mac80211 code, the problem is the skb_push() you +guys do in this situation. + +Things like loopback, which also orphan then reinject, don't trigger +this problem because the re-input path trims things, never adds. + +The good news is that this is easy to fix. + +Since you've orphaned the SKB, simply adjust skb->truesize as you +do pushes. Like this: + +mac80211: Adjust truesize in ieee80211_tx_status() when reinjecting. + +Signed-off-by: David S. Miller <davem@davemloft.net> + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index 9ad4e36..de2e904 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -1485,6 +1485,9 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb, + rthdr = (struct ieee80211_tx_status_rtap_hdr*) + skb_push(skb, sizeof(*rthdr)); + ++ /* This is safe because the buffer has been orphaned. */ ++ skb->truesize += sizeof(*rthdr); ++ + memset(rthdr, 0, sizeof(*rthdr)); + rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr)); + rthdr->hdr.it_present = diff --git a/a/content_digest b/N1/content_digest index 26e53de..4a2e9af 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -10,38 +10,56 @@ " linux-wireless@vger.kernel.org\0" "\00:1\0" "b\0" - "RnJvbTogSm9oYW5uZXMgQmVyZyA8am9oYW5uZXNAc2lwc29sdXRpb25zLm5ldD4NCkRhdGU6IFRo\n" - "dSwgMDEgTWF5IDIwMDggMTE6MzI6MjkgKzAyMDANCg0KPiBPbiBUaHUsIDIwMDgtMDUtMDEgYXQg\n" - "MDI6MjAgLTA3MDAsIERhdmlkIE1pbGxlciB3cm90ZToNCj4gPiBGcm9tOiBKb2hhbm5lcyBCZXJn\n" - "IDxqb2hhbm5lc0BzaXBzb2x1dGlvbnMubmV0Pg0KPiA+IERhdGU6IFRodSwgMDEgTWF5IDIwMDgg\n" - "MTE6MDg6MDYgKzAyMDANCj4gPiANCj4gPiA+ID4gU2VlbXMgdGhlIHNrYi0+ZGVzdHJ1Y3RvciBt\n" - "ZXNzZXMgaXQgdXAuDQo+ID4gPiANCj4gPiA+IEFjdHVhbGx5LCBpdCBzZWVtcyB0byBiZSBvdXRz\n" - "aWRlIG9mIG1hYzgwMjExLCBJIHB1dCBpbiBhIFdBUk5fT04oKSBhbmQNCj4gPiA+IGdvdCB0aGlz\n" - "Og0KPiA+IA0KPiA+IFlvdSdyZSBqdXN0IHNlZWluZyB3aG8gZnJlZWQgaXQgbGFzdCBoZXJlLg0K\n" - "PiA+IA0KPiA+IEl0IGNvdWxkIGhhdmUgaGFkIGl0J3MgLT50cnVlc2l6ZSBwdXQgaW50byBhbiBp\n" - "bGxlZ2FsIHN0YXRlDQo+ID4gZWxzZXdoZXJlLg0KPiANCj4gWWVzLCBJIGtub3csIGJ1dCBpdCBk\n" - "b2Vzbid0IGNvbWUgZnJvbSBteSBza2Jfb3JwaGFuKCkgY2FsbC4gSGVuY2UsIEkNCj4ganVzdCDv\n" - "u79uZXRpZl9yeCgpIHRoZSBwYWNrZXQgd2hpY2ggbWFrZXMgaXQgZ28gb250byB0aGUgaW5wdXRf\n" - "cGt0X3F1ZXVlDQo+IGFuZCB0aGVuIHRvIG5ldGlmX3JlY2VpdmVfc2tiKCkgd2hpY2ggZ2l2ZXMg\n" - "aXQgdG8gYWZfcGFja2V0IGFuZCBhbGwNCj4gb3RoZXJzIHNob3VsZCBpZ25vcmUgaXQgc2luY2Ug\n" - "SSBzZXQg77u/UEFDS0VUX09USEVSSE9TVC4NCg0KSSBsb29rZWQgYXQgdGhlIG1hYzgwMjExIGNv\n" - "ZGUsIHRoZSBwcm9ibGVtIGlzIHRoZSBza2JfcHVzaCgpIHlvdQ0KZ3V5cyBkbyBpbiB0aGlzIHNp\n" - "dHVhdGlvbi4NCg0KVGhpbmdzIGxpa2UgbG9vcGJhY2ssIHdoaWNoIGFsc28gb3JwaGFuIHRoZW4g\n" - "cmVpbmplY3QsIGRvbid0IHRyaWdnZXINCnRoaXMgcHJvYmxlbSBiZWNhdXNlIHRoZSByZS1pbnB1\n" - "dCBwYXRoIHRyaW1zIHRoaW5ncywgbmV2ZXIgYWRkcy4NCg0KVGhlIGdvb2QgbmV3cyBpcyB0aGF0\n" - "IHRoaXMgaXMgZWFzeSB0byBmaXguDQoNClNpbmNlIHlvdSd2ZSBvcnBoYW5lZCB0aGUgU0tCLCBz\n" - "aW1wbHkgYWRqdXN0IHNrYi0+dHJ1ZXNpemUgYXMgeW91DQpkbyBwdXNoZXMuICBMaWtlIHRoaXM6\n" - "DQoNCm1hYzgwMjExOiBBZGp1c3QgdHJ1ZXNpemUgaW4gaWVlZTgwMjExX3R4X3N0YXR1cygpIHdo\n" - "ZW4gcmVpbmplY3RpbmcuDQoNClNpZ25lZC1vZmYtYnk6IERhdmlkIFMuIE1pbGxlciA8ZGF2ZW1A\n" - "ZGF2ZW1sb2Z0Lm5ldD4NCg0KZGlmZiAtLWdpdCBhL25ldC9tYWM4MDIxMS9tYWluLmMgYi9uZXQv\n" - "bWFjODAyMTEvbWFpbi5jDQppbmRleCA5YWQ0ZTM2Li5kZTJlOTA0IDEwMDY0NA0KLS0tIGEvbmV0\n" - "L21hYzgwMjExL21haW4uYw0KKysrIGIvbmV0L21hYzgwMjExL21haW4uYw0KQEAgLTE0ODUsNiAr\n" - "MTQ4NSw5IEBAIHZvaWQgaWVlZTgwMjExX3R4X3N0YXR1cyhzdHJ1Y3QgaWVlZTgwMjExX2h3ICpo\n" - "dywgc3RydWN0IHNrX2J1ZmYgKnNrYiwNCiAJcnRoZHIgPSAoc3RydWN0IGllZWU4MDIxMV90eF9z\n" - "dGF0dXNfcnRhcF9oZHIqKQ0KIAkJCQlza2JfcHVzaChza2IsIHNpemVvZigqcnRoZHIpKTsNCiAN\n" - "CisJLyogVGhpcyBpcyBzYWZlIGJlY2F1c2UgdGhlIGJ1ZmZlciBoYXMgYmVlbiBvcnBoYW5lZC4g\n" - "ICovDQorCXNrYi0+dHJ1ZXNpemUgKz0gc2l6ZW9mKCpydGhkcik7DQorDQogCW1lbXNldChydGhk\n" - "ciwgMCwgc2l6ZW9mKCpydGhkcikpOw0KIAlydGhkci0+aGRyLml0X2xlbiA9IGNwdV90b19sZTE2\n" - KHNpemVvZigqcnRoZHIpKTsNCiAJcnRoZHItPmhkci5pdF9wcmVzZW50ID0NCg== + "From: Johannes Berg <johannes@sipsolutions.net>\n" + "Date: Thu, 01 May 2008 11:32:29 +0200\n" + "\n" + "> On Thu, 2008-05-01 at 02:20 -0700, David Miller wrote:\n" + "> > From: Johannes Berg <johannes@sipsolutions.net>\n" + "> > Date: Thu, 01 May 2008 11:08:06 +0200\n" + "> > \n" + "> > > > Seems the skb->destructor messes it up.\n" + "> > > \n" + "> > > Actually, it seems to be outside of mac80211, I put in a WARN_ON() and\n" + "> > > got this:\n" + "> > \n" + "> > You're just seeing who freed it last here.\n" + "> > \n" + "> > It could have had it's ->truesize put into an illegal state\n" + "> > elsewhere.\n" + "> \n" + "> Yes, I know, but it doesn't come from my skb_orphan() call. Hence, I\n" + "> just \357\273\277netif_rx() the packet which makes it go onto the input_pkt_queue\n" + "> and then to netif_receive_skb() which gives it to af_packet and all\n" + "> others should ignore it since I set \357\273\277PACKET_OTHERHOST.\n" + "\n" + "I looked at the mac80211 code, the problem is the skb_push() you\n" + "guys do in this situation.\n" + "\n" + "Things like loopback, which also orphan then reinject, don't trigger\n" + "this problem because the re-input path trims things, never adds.\n" + "\n" + "The good news is that this is easy to fix.\n" + "\n" + "Since you've orphaned the SKB, simply adjust skb->truesize as you\n" + "do pushes. Like this:\n" + "\n" + "mac80211: Adjust truesize in ieee80211_tx_status() when reinjecting.\n" + "\n" + "Signed-off-by: David S. Miller <davem@davemloft.net>\n" + "\n" + "diff --git a/net/mac80211/main.c b/net/mac80211/main.c\n" + "index 9ad4e36..de2e904 100644\n" + "--- a/net/mac80211/main.c\n" + "+++ b/net/mac80211/main.c\n" + "@@ -1485,6 +1485,9 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,\n" + " \trthdr = (struct ieee80211_tx_status_rtap_hdr*)\n" + " \t\t\t\tskb_push(skb, sizeof(*rthdr));\n" + " \n" + "+\t/* This is safe because the buffer has been orphaned. */\n" + "+\tskb->truesize += sizeof(*rthdr);\n" + "+\n" + " \tmemset(rthdr, 0, sizeof(*rthdr));\n" + " \trthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));\n" + " \trthdr->hdr.it_present =" -5b3325a0b2146270966a06d78a0a7eaa0286505cfd260cd3cc5309a1aba7269e +0a8b6f238123d12e1a0d150c2a724792de8482b31885b9cd21f71e0f8611a748
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.