From: Sowmini Varadhan <sowmini.varadhan@oracle.com>
To: netdev@vger.kernel.org, xen-devel@lists.xenproject.org
Subject: xennet_start_xmit assumptions
Date: Wed, 18 Jan 2017 10:31:32 -0500 [thread overview]
Message-ID: <20170118153132.GB9258@oracle.com> (raw)
As I was playing around with pf_packet, I accidentally wrote
a buggy application program that bzero'ed the msghdr, then set
up the msg_name, msg_namelen correctly, and then did a sendmsg
on the pf_packet/SOCK_RAW fd.
This causes packet_snd to set up an skb with a lot of issues,
e.g., skb->len = 0, skb_headlen(skb) is 0, etc. I think we can/should
drop the packet in packet_snd if the skb->len is 0, but there
may be other driver bugs going on:
Turns out that ixgbe and sunvnet handle this problematic
skb correctly (they drop it and system remains stable),
but it creates a panic in xen_netfront (xennet_start_xmit()
hits a null pointer deref when xennet_make_first_txreq() returns
NULL)
I'm new to the xen driver code, so I'm hoping that
the experts can comment here: reading the code in xennet_start_xmit,
it seems like it mandatorily requires the skb_headlen() to be
non-zero in order to create the first_tx? That may not always be
true, how does the code recover for purely non-linear skbs?
--Sowmini
next reply other threads:[~2017-01-18 15:31 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 15:31 Sowmini Varadhan [this message]
2017-01-18 19:25 ` xennet_start_xmit assumptions Konrad Rzeszutek Wilk
2017-01-18 19:25 ` [Xen-devel] " Konrad Rzeszutek Wilk
2017-01-19 9:36 ` Paul Durrant
2017-01-19 11:14 ` Sowmini Varadhan
2017-01-19 11:14 ` [Xen-devel] " Sowmini Varadhan
2017-01-19 11:31 ` Paul Durrant
2017-01-19 11:37 ` Sowmini Varadhan
2017-01-19 11:37 ` [Xen-devel] " Sowmini Varadhan
2017-01-19 16:37 ` David Miller
2017-01-19 18:47 ` Sowmini Varadhan
2017-01-19 22:41 ` Sowmini Varadhan
2017-01-19 22:41 ` [Xen-devel] " Sowmini Varadhan
2017-01-20 19:30 ` David Miller
2017-01-20 20:03 ` Sowmini Varadhan
2017-01-20 20:03 ` [Xen-devel] " Sowmini Varadhan
2017-01-20 19:30 ` David Miller
2017-01-25 15:06 ` Paul Durrant
2017-01-25 15:06 ` [Xen-devel] " Paul Durrant
2017-01-25 15:45 ` Sowmini Varadhan
2017-01-25 15:45 ` [Xen-devel] " Sowmini Varadhan
-- strict thread matches above, loose matches on Subject: below --
2017-01-18 15:31 Sowmini Varadhan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170118153132.GB9258@oracle.com \
--to=sowmini.varadhan@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.