Re: [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Helmut Schaa <helmut.schaa@googlemail.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org,
	Johannes Berg <johannes@sipsolutions.net>
Subject: Re: [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs
Date: Tue, 7 Dec 2010 21:39:48 +0100	[thread overview]
Message-ID: <201012072139.48659.helmut.schaa@googlemail.com> (raw)
In-Reply-To: <20101207194920.GH2700@tuxdriver.com>

Am Dienstag, 7. Dezember 2010 schrieb John W. Linville:
> On Thu, Dec 02, 2010 at 06:44:09PM +0100, Helmut Schaa wrote:
> > mac80211 doesn't handle shared skbs correctly at the moment. As a result
> > a possible resize can trigger a BUG in pskb_expand_head.
> > 
> > [  676.030000] Kernel bug detected[#1]:
> > [  676.030000] Cpu 0
> > [  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
> > [  676.030000] $ 4   : 81966200 00000020 00000000 00000020
> > [  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
> > [  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
> > [  676.030000] $16   : 80ea2000 00000000 00000000 00000000
> > [  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
> > [  676.030000] $24   : 00000002 800ace5c                  
> > [  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
> > [  676.030000] Hi    : 0000026e
> > [  676.030000] Lo    : 0000757e
> > [  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
> > [  676.030000]     Not tainted
> > [  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
> > [  676.030000] Status: 1000a403    KERNEL EXL IE 
> > [  676.030000] Cause : 10800024
> > [  676.030000] PrId  : 0001964c (MIPS 24Kc)
> > [  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
> > [  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
> > [  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
> > [  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
> > [  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
> > [  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
> > [  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
> > [  676.030000]         ...
> > [  676.030000] Call Trace:
> > [  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
> > [  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
> > [  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
> > [  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
> > [  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
> > [  676.030000] [<8002ebe8>] kthread+0x7c/0x88
> > [  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
> > [  676.030000] 
> > [  676.030000] 
> > [  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021 
> > 
> > Fix this by making a local copy of shared skbs prior to mangeling them.
> > To avoid copying the skb unnecessarily move the skb_copy call below the
> > checks that don't need write access to the skb.
> > 
> > Also, move the assignment of nh_pos and h_pos below the skb_copy to point
> > to the correct skb.
> > 
> > It would be possible to avoid another resize of the copied skb by using
> > skb_copy_expand instead of skb_copy but that would make the patch more
> > complex. Also, shared skbs are a corner case right now, so the resize
> > shouldn't matter much.
> > 
> > Cc: Johannes Berg <johannes@sipsolutions.net>
> > Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
> 
> Is this intended for 2.6.37?  It looks like it would apply there.

Fine with me, however, the patch is based on wireless-testing.

Thanks,
Helmut

     prev parent reply	other threads:[~2010-12-07 20:41 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-02 17:44 [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs Helmut Schaa
2010-12-02 17:46 ` Johannes Berg
2010-12-02 17:58   ` Helmut Schaa
2010-12-07 19:49 ` John W. Linville
2010-12-07 20:04   ` Johannes Berg
2010-12-07 20:39   ` Helmut Schaa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201012072139.48659.helmut.schaa@googlemail.com \
    --to=helmut.schaa@googlemail.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.