From: Michael Buesch <mb@bu3sch.de>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: netdev <netdev@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: mac80211 truesize bugs
Date: Thu, 1 May 2008 11:32:24 +0200 [thread overview]
Message-ID: <200805011132.24399.mb@bu3sch.de> (raw)
In-Reply-To: <1209632886.4008.8.camel@johannes.berg>
On Thursday 01 May 2008 11:08:06 Johannes Berg wrote:
>
> > Hm, unrelated to this...
> > But I am wondering what happens if the driver adds a device header to the skb.
> > Is that header then also passed up netif_rx()?
> > This doesn't happen for b43, as we use the DMA fragmentation to transmit the header,
> > but it might happen for zd1211rw and others.
>
> Hmm. I thought we said that it was supposed to be removed again by the
> hardware before TX status reporting. That's what most drivers seem to do
> anyway.
Ok. I was not aware of that. Is that documented somewhere? I guess we can't WARN_ON()?
> > Seems the skb->destructor messes it up.
>
> Actually, it seems to be outside of mac80211, I put in a WARN_ON() and
> got this:
Yeah looks like the destructor messes with the data/sizes and disagrees
with the way mac80211 handles stuff, in some way.
> Badness at include/linux/skbuff.h:392
> NIP: c026ea14 LR: c0273d54 CTR: c026e9e4
> REGS: edfc7c00 TRAP: 0700 Not tainted (2.6.25-wl-06841-g6b3d5c6-dirty)
> MSR: 00029032 <EE,ME,IR,DR> CR: 82022444 XER: 00000000
> TASK = edf50e20[3453] 'tcpdump' THREAD: edfc6000
> GPR00: 00000001 edfc7cb0 edf50e20 edfd7700 edfd7700 00000002 edfc7e75 03230306
> GPR08: 02000100 00000168 4dff0200 00000150 22022442 100a6290 100783f8 10078e18
> GPR16: 10078e14 10078e10 100a0000 00000000 00000000 bfe2c9d2 1004d320 bfe2c4b0
> GPR24: 10165070 edfd7724 00000060 00000020 ed8157f0 edfd7700 ed8157f0 edfd7700
> NIP [c026ea14] sock_rfree+0x30/0x94
> LR [c0273d54] skb_release_all+0x98/0x128
> Call Trace:
> [edfc7cb0] [10078e10] 0x10078e10 (unreliable)
> [edfc7cc0] [c0273d54] skb_release_all+0x98/0x128
> [edfc7cd0] [c0273034] __kfree_skb+0x18/0xc8
> [edfc7ce0] [c02760d0] skb_free_datagram+0x1c/0x54
> [edfc7cf0] [f264d068] packet_recvmsg+0x170/0x1e8 [af_packet]
> [edfc7d40] [c026b69c] sock_recvmsg+0xb8/0xf0
> [edfc7e30] [c026b9d0] sys_recvfrom+0x94/0x100
> [edfc7f00] [c026ca08] sys_socketcall+0x114/0x1dc
> [edfc7f40] [c00124cc] ret_from_syscall+0x0/0x38
>
> johannes
>
--
Greetings Michael.
next prev parent reply other threads:[~2008-05-01 9:32 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-01 2:02 mac80211 truesize bugs Johannes Berg
2008-05-01 8:58 ` Michael Buesch
2008-05-01 9:08 ` Johannes Berg
2008-05-01 9:20 ` David Miller
2008-05-01 9:32 ` Johannes Berg
2008-05-01 9:43 ` David Miller
2008-05-01 9:48 ` Johannes Berg
2008-05-01 9:56 ` David Miller
2008-05-01 10:08 ` Johannes Berg
2008-05-01 10:32 ` David Miller
2008-05-01 10:45 ` Johannes Berg
2008-05-01 10:36 ` Herbert Xu
2008-05-01 10:49 ` David Miller
2008-05-01 10:53 ` David Miller
2008-05-01 10:58 ` Johannes Berg
2008-05-01 11:03 ` Herbert Xu
2008-05-02 20:38 ` Johannes Berg
2008-05-02 23:33 ` David Miller
2008-05-03 9:37 ` Johannes Berg
2008-05-03 14:25 ` Johannes Berg
2008-05-13 3:17 ` David Miller
2008-05-13 20:39 ` John W. Linville
2008-05-13 20:59 ` Johannes Berg
2008-05-13 21:12 ` Tomas Winkler
2008-05-13 21:37 ` Johannes Berg
2008-05-13 22:09 ` David Miller
2008-05-03 11:52 ` Johannes Berg
2008-05-04 1:03 ` David Miller
2008-05-04 1:42 ` Johannes Berg
2008-05-04 2:02 ` Herbert Xu
2008-05-04 2:08 ` Johannes Berg
2008-05-04 2:12 ` Herbert Xu
2008-05-04 2:22 ` Johannes Berg
2008-05-04 3:16 ` Herbert Xu
2008-05-04 8:47 ` Johannes Berg
2008-05-04 9:14 ` Johannes Berg
2008-05-04 9:44 ` Herbert Xu
2008-05-04 9:52 ` Johannes Berg
2008-05-04 11:25 ` Johannes Berg
2008-05-04 12:28 ` Johannes Berg
2008-05-04 12:45 ` Herbert Xu
2008-05-04 12:48 ` Johannes Berg
2008-05-04 12:52 ` Johannes Berg
2008-05-04 12:56 ` Herbert Xu
2008-05-04 13:00 ` Johannes Berg
2008-05-04 14:06 ` Johannes Berg
2008-05-04 16:03 ` Johannes Berg
2008-05-04 17:47 ` Johannes Berg
2008-05-04 22:45 ` David Miller
2008-05-04 22:48 ` Johannes Berg
2008-05-04 22:38 ` David Miller
2008-05-04 2:09 ` Johannes Berg
2008-05-03 12:38 ` Johannes Berg
2008-05-03 12:59 ` Herbert Xu
2008-05-03 16:03 ` Johannes Berg
2008-05-03 22:56 ` Johannes Berg
2008-05-03 23:07 ` David Miller
2008-05-03 23:15 ` Johannes Berg
2008-05-01 11:02 ` Herbert Xu
2008-05-01 11:38 ` Johannes Berg
2008-05-03 23:24 ` Johannes Berg
2008-05-03 23:32 ` David Miller
2008-05-03 23:43 ` Johannes Berg
2008-05-01 11:49 ` Johannes Berg
2008-05-01 12:05 ` Johannes Berg
2008-05-01 9:32 ` Michael Buesch [this message]
2008-05-01 9:34 ` Johannes Berg
2008-05-04 1:55 ` frame status API? (was: mac80211 truesize bugs) Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200805011132.24399.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox