From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Pravin B Shelar <pshelar@ovn.org>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 06/16] net: Fix zero-copy head len calculation.
Date: Fri, 6 Aug 2021 10:14:57 +0200 [thread overview]
Message-ID: <20210806081111.349183528@linuxfoundation.org> (raw)
In-Reply-To: <20210806081111.144943357@linuxfoundation.org>
From: Pravin B Shelar <pshelar@ovn.org>
[ Upstream commit a17ad0961706244dce48ec941f7e476a38c0e727 ]
In some cases skb head could be locked and entire header
data is pulled from skb. When skb_zerocopy() called in such cases,
following BUG is triggered. This patch fixes it by copying entire
skb in such cases.
This could be optimized incase this is performance bottleneck.
---8<---
kernel BUG at net/core/skbuff.c:2961!
invalid opcode: 0000 [#1] SMP PTI
CPU: 2 PID: 0 Comm: swapper/2 Tainted: G OE 5.4.0-77-generic #86-Ubuntu
Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:skb_zerocopy+0x37a/0x3a0
RSP: 0018:ffffbcc70013ca38 EFLAGS: 00010246
Call Trace:
<IRQ>
queue_userspace_packet+0x2af/0x5e0 [openvswitch]
ovs_dp_upcall+0x3d/0x60 [openvswitch]
ovs_dp_process_packet+0x125/0x150 [openvswitch]
ovs_vport_receive+0x77/0xd0 [openvswitch]
netdev_port_receive+0x87/0x130 [openvswitch]
netdev_frame_hook+0x4b/0x60 [openvswitch]
__netif_receive_skb_core+0x2b4/0xc90
__netif_receive_skb_one_core+0x3f/0xa0
__netif_receive_skb+0x18/0x60
process_backlog+0xa9/0x160
net_rx_action+0x142/0x390
__do_softirq+0xe1/0x2d6
irq_exit+0xae/0xb0
do_IRQ+0x5a/0xf0
common_interrupt+0xf/0xf
Code that triggered BUG:
int
skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen)
{
int i, j = 0;
int plen = 0; /* length of skb->head fragment */
int ret;
struct page *page;
unsigned int offset;
BUG_ON(!from->head_frag && !hlen);
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/skbuff.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index ea9684bcc2e8..e1daab49b0eb 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2705,8 +2705,11 @@ skb_zerocopy_headlen(const struct sk_buff *from)
if (!from->head_frag ||
skb_headlen(from) < L1_CACHE_BYTES ||
- skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
+ skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS) {
hlen = skb_headlen(from);
+ if (!hlen)
+ hlen = from->len;
+ }
if (skb_has_frag_list(from))
hlen = from->len;
--
2.30.2
next prev parent reply other threads:[~2021-08-06 8:19 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 8:14 [PATCH 4.19 00/16] 4.19.202-rc1 review Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 01/16] btrfs: mark compressed range uptodate only if all bio succeed Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 02/16] regulator: rt5033: Fix n_voltages settings for BUCK and LDO Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 03/16] ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 04/16] r8152: Fix potential PM refcount imbalance Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 05/16] qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() Greg Kroah-Hartman
2021-08-06 8:14 ` Greg Kroah-Hartman [this message]
2021-08-06 8:14 ` [PATCH 4.19 07/16] bdi: move bdi_dev_name out of line Greg Kroah-Hartman
2021-08-06 8:14 ` [PATCH 4.19 08/16] bdi: use bdi_dev_name() to get device name Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 09/16] bdi: add a ->dev_name field to struct backing_dev_info Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 10/16] Revert "spi: mediatek: fix fifo rx mode" Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 11/16] Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 12/16] drm/i915: Ensure intel_engine_init_execlist() builds with Clang Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 13/16] firmware: arm_scmi: Ensure drivers provide a probe function Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 14/16] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 15/16] padata: validate cpumask without removed CPU during offline Greg Kroah-Hartman
2021-08-06 8:15 ` [PATCH 4.19 16/16] padata: add separate cpuhp node for CPUHP_PADATA_DEAD Greg Kroah-Hartman
2021-08-06 12:31 ` [PATCH 4.19 00/16] 4.19.202-rc1 review Pavel Machek
2021-08-06 14:33 ` Jon Hunter
2021-08-06 18:58 ` Guenter Roeck
2021-08-07 10:42 ` Sudip Mukherjee
2021-08-07 18:44 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806081111.349183528@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=pshelar@ovn.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.