Re: unaligned ip header due to ip_route_me_harder()->pskb_expand_head()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Guo <ggang@tilera.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: <netfilter-devel@vger.kernel.org>
Subject: Re: unaligned ip header due to ip_route_me_harder()->pskb_expand_head()
Date: Wed, 9 Nov 2011 17:33:39 +0800	[thread overview]
Message-ID: <4EBA48F3.8040906@tilera.com> (raw)
In-Reply-To: <1320771494.3444.8.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>




> Le mardi 08 novembre 2011 à 23:02 +0800, Paul Guo a écrit :
>> Hi,
>>
>> Recently on our chip (arch/tile), a panic caused by unaligned data access was observed. The stack looks like this:
>>
>>   frame 0: 0xfd247ef0 ipt_do_table+0x240/0x850 (sp 0xf6a6fb40)
>>   frame 1: 0xfd4a44a8 nf_iterate+0xe8/0x188 (sp 0xf6a6fbd0)
>>   frame 2: 0xfd4ab850 nf_hook_slow+0xa0/0x180 (sp 0xf6a6fbf8)
>>   frame 3: 0xfd0c02a8 ip_local_out+0x28/0x88 (sp 0xf6a6fc30)
>>   frame 4: 0xfd25b778 ip_push_pending_frames+0x4f8/0x798 (sp 0xf6a6fc40)
>>   frame 5: 0xfd272298 icmp_send+0x670/0x700 (sp 0xf6a6fc60)
>>   frame 6: 0xfd593d28 ipv4_link_failure+0x28/0xa8 (sp 0xf6a6fd50)
>>   frame 7: 0xfd5aae90 arp_error_report+0x70/0x90 (sp 0xf6a6fd60)
>>   frame 8: 0xfd483f28 neigh_invalidate+0x128/0x1b0 (sp 0xf6a6fd70)
>>   frame 9: 0xfd3b5410 neigh_timer_handler.cold+0x2a0/0x2e0 (sp 0xf6a6fd98)
>>   frame 10: 0xfd028cd8 run_timer_softirq+0x2d8/0x4a8 (sp 0xf6a6fdb0)
>>   frame 11: 0xfd02bfe0 __do_softirq+0x1e0/0x330 (sp 0xf6a6fe08)
>>   frame 12: 0xfd034808 do_softirq+0xc8/0x160 (sp 0xf6a6fe50)
>>   frame 13: 0xfd034658 irq_exit+0x98/0x130 (sp 0xf6a6fe60)
>>   frame 14: 0xfd031cc0 do_timer_interrupt+0xc0/0xf8 (sp 0xf6a6fe68)
>>   frame 15: 0xfd3b1da8 handle_interrupt+0x2d8/0x2e0 (sp 0xf6a6fe80)
>>   <interrupt 25 while in kernel mode>
>>   frame 16: 0xfd5cb350 _cpu_idle_nap+0x0/0x10 (sp 0xf6a6ffd0)
>>   frame 17: 0xfd06b020 cpu_idle+0x1a0/0x3b8 (sp 0xf6a6ffd0)
>>
>> int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
>> {
>>         ......
>> 	/* Change in oif may mean change in hh_len. */
>> 	hh_len = skb_dst(skb)->dev->hard_header_len;
>> 	if (skb_headroom(skb) < hh_len &&
>> 	    pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
>> 		return -1;
>> }
>>
>> During testing, our chip acts as NAT. the interface for internal hosts are configured with vlan. When we try to ping a unknown external host from internal hosts, it panic immediately due to unaligned data access. In this case, hh_len is equal to 18 (vlan mac header length), headroom (skb_headroom(skb)) for this packet is 16 so after calling pskb_expand_head() the ip header becomes to be unaligned.  This seems to be a bug in netfilter. Modifying pskb_expand_head() like this can resolve this issue.
>>
>> + pskb_expand_head(skb, LL_RESERVED_SPACE(skb_dst(skb)->dev)  - skb_headroom(skb), 0, GFP_ATOMIC))
>> - pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
>>
> 
> or 
> 
> pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), 0, GFP_ATOMIC))

Thanks. This looks better.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2011-11-09  9:33 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-08 15:02 unaligned ip header due to ip_route_me_harder()->pskb_expand_head() Paul Guo
2011-11-08 16:58 ` Eric Dumazet
2011-11-09  9:33   ` Paul Guo [this message]
2011-11-09  9:48     ` Eric Dumazet
2011-11-10  7:33       ` Paul Guo
2011-11-13 17:02         ` Pablo Neira Ayuso
2011-11-14  8:33           ` [PATCH] possible unaligned packet header caused by ip_route_me_harder()->pskb_expand_head() Paul Guo
2011-11-14  9:46             ` Eric Dumazet
2011-11-14 11:00               ` Paul Guo
2011-11-21 17:47                 ` Pablo Neira Ayuso
2011-11-16 16:54               ` Pablo Neira Ayuso
2011-11-21 10:30                 ` Eric Dumazet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EBA48F3.8040906@tilera.com \
    --to=ggang@tilera.com \
    --cc=eric.dumazet@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.