From: Michael Buesch <mb@bu3sch.de>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: netdev <netdev@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: mac80211 truesize bugs
Date: Thu, 1 May 2008 10:58:39 +0200 [thread overview]
Message-ID: <200805011058.40197.mb@bu3sch.de> (raw)
In-Reply-To: <1209607368.7173.20.camel@johannes.berg>
On Thursday 01 May 2008 04:02:48 Johannes Berg wrote:
> Hi,
>
> Whenever you run a monitor interface in mac80211, you can see lots of
> truesize bugs:
>
> SKB BUG: Invalid truesize (464) len=307, sizeof(sk_buff)=176
>
> It appears to be caused by mac80211's re-injection of the transmitted
> frame. For those not familiar, here's what happens:
>
> When a frame comes in on say wlan0's hard_start_xmit(), it is prepared
> for transmission by the code there (802.11 headers added etc.) and then
> scheduled to the master interface. Once it arrives on the master
> (wmaster0) interface's hard_start_xmit(), it is modified again and
> finally handed to the driver.
>
> When the driver has transmitted the frame (successfully or not) it
> reports the status of the transmission to mac80211 including the skb the
> driver was given. At that point, things go different depending on
> circumstances.
>
> If no monitor interfaces are present, mac80211 simply orphans the skb
> and destroys it. If there are monitor interfaces, it pushes some data
> into the skb (the radiotap transmit status) and hands clones of the skb
> to netif_rx() for each monitor interface, or the skb itself for the last
> interface in the list.
Hm, unrelated to this...
But I am wondering what happens if the driver adds a device header to the skb.
Is that header then also passed up netif_rx()?
This doesn't happen for b43, as we use the DMA fragmentation to transmit the header,
but it might happen for zd1211rw and others.
> All this is in net/mac80211/main.c:ieee80211_tx_status.
>
> Now, the thing is that the skb truesize bug ONLY occurs when the last
> part here is done when a radiotap monitor interface is present, if you
> add
>
> dev_kfree_skb(skb);
> return;
>
> in that function somewhere before the skb_orphan() call it never
> happens. Hence, I'm confused. Since I only have a single monitor
> interface when this happens, it can't be due to af_packet either,
> afaict.
>
> Can anyone help me diagnose this?
Seems the skb->destructor messes it up.
--
Greetings Michael.
next prev parent reply other threads:[~2008-05-01 8:59 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-01 2:02 mac80211 truesize bugs Johannes Berg
2008-05-01 8:58 ` Michael Buesch [this message]
2008-05-01 9:08 ` Johannes Berg
2008-05-01 9:20 ` David Miller
2008-05-01 9:32 ` Johannes Berg
2008-05-01 9:43 ` David Miller
2008-05-01 9:48 ` Johannes Berg
2008-05-01 9:56 ` David Miller
2008-05-01 10:08 ` Johannes Berg
2008-05-01 10:32 ` David Miller
2008-05-01 10:45 ` Johannes Berg
2008-05-01 10:36 ` Herbert Xu
2008-05-01 10:49 ` David Miller
2008-05-01 10:53 ` David Miller
2008-05-01 10:58 ` Johannes Berg
2008-05-01 11:03 ` Herbert Xu
2008-05-02 20:38 ` Johannes Berg
2008-05-02 23:33 ` David Miller
2008-05-03 9:37 ` Johannes Berg
2008-05-03 14:25 ` Johannes Berg
2008-05-13 3:17 ` David Miller
2008-05-13 20:39 ` John W. Linville
2008-05-13 20:59 ` Johannes Berg
2008-05-13 21:12 ` Tomas Winkler
2008-05-13 21:37 ` Johannes Berg
2008-05-13 22:09 ` David Miller
2008-05-03 11:52 ` Johannes Berg
2008-05-04 1:03 ` David Miller
2008-05-04 1:42 ` Johannes Berg
2008-05-04 2:02 ` Herbert Xu
2008-05-04 2:08 ` Johannes Berg
2008-05-04 2:12 ` Herbert Xu
2008-05-04 2:22 ` Johannes Berg
2008-05-04 3:16 ` Herbert Xu
2008-05-04 8:47 ` Johannes Berg
2008-05-04 9:14 ` Johannes Berg
2008-05-04 9:44 ` Herbert Xu
2008-05-04 9:52 ` Johannes Berg
2008-05-04 11:25 ` Johannes Berg
2008-05-04 12:28 ` Johannes Berg
2008-05-04 12:45 ` Herbert Xu
2008-05-04 12:48 ` Johannes Berg
2008-05-04 12:52 ` Johannes Berg
2008-05-04 12:56 ` Herbert Xu
2008-05-04 13:00 ` Johannes Berg
2008-05-04 14:06 ` Johannes Berg
2008-05-04 16:03 ` Johannes Berg
2008-05-04 17:47 ` Johannes Berg
2008-05-04 22:45 ` David Miller
2008-05-04 22:48 ` Johannes Berg
2008-05-04 22:38 ` David Miller
2008-05-04 2:09 ` Johannes Berg
2008-05-03 12:38 ` Johannes Berg
2008-05-03 12:59 ` Herbert Xu
2008-05-03 16:03 ` Johannes Berg
2008-05-03 22:56 ` Johannes Berg
2008-05-03 23:07 ` David Miller
2008-05-03 23:15 ` Johannes Berg
2008-05-01 11:02 ` Herbert Xu
2008-05-01 11:38 ` Johannes Berg
2008-05-03 23:24 ` Johannes Berg
2008-05-03 23:32 ` David Miller
2008-05-03 23:43 ` Johannes Berg
2008-05-01 11:49 ` Johannes Berg
2008-05-01 12:05 ` Johannes Berg
2008-05-01 9:32 ` Michael Buesch
2008-05-01 9:34 ` Johannes Berg
2008-05-04 1:55 ` frame status API? (was: mac80211 truesize bugs) Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200805011058.40197.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox