Re: [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Helmut Schaa <helmut.schaa@googlemail.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org,
	Johannes Berg <johannes@sipsolutions.net>
Subject: Re: [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs
Date: Tue, 7 Dec 2010 21:39:48 +0100	[thread overview]
Message-ID: <201012072139.48659.helmut.schaa@googlemail.com> (raw)
In-Reply-To: <20101207194920.GH2700@tuxdriver.com>

Am Dienstag, 7. Dezember 2010 schrieb John W. Linville:
> On Thu, Dec 02, 2010 at 06:44:09PM +0100, Helmut Schaa wrote:
> > mac80211 doesn't handle shared skbs correctly at the moment. As a result
> > a possible resize can trigger a BUG in pskb_expand_head.
> > 
> > [  676.030000] Kernel bug detected[#1]:
> > [  676.030000] Cpu 0
> > [  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
> > [  676.030000] $ 4   : 81966200 00000020 00000000 00000020
> > [  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
> > [  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
> > [  676.030000] $16   : 80ea2000 00000000 00000000 00000000
> > [  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
> > [  676.030000] $24   : 00000002 800ace5c                  
> > [  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
> > [  676.030000] Hi    : 0000026e
> > [  676.030000] Lo    : 0000757e
> > [  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
> > [  676.030000]     Not tainted
> > [  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
> > [  676.030000] Status: 1000a403    KERNEL EXL IE 
> > [  676.030000] Cause : 10800024
> > [  676.030000] PrId  : 0001964c (MIPS 24Kc)
> > [  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
> > [  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
> > [  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
> > [  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
> > [  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
> > [  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
> > [  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
> > [  676.030000]         ...
> > [  676.030000] Call Trace:
> > [  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
> > [  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
> > [  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
> > [  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
> > [  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
> > [  676.030000] [<8002ebe8>] kthread+0x7c/0x88
> > [  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
> > [  676.030000] 
> > [  676.030000] 
> > [  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021 
> > 
> > Fix this by making a local copy of shared skbs prior to mangeling them.
> > To avoid copying the skb unnecessarily move the skb_copy call below the
> > checks that don't need write access to the skb.
> > 
> > Also, move the assignment of nh_pos and h_pos below the skb_copy to point
> > to the correct skb.
> > 
> > It would be possible to avoid another resize of the copied skb by using
> > skb_copy_expand instead of skb_copy but that would make the patch more
> > complex. Also, shared skbs are a corner case right now, so the resize
> > shouldn't matter much.
> > 
> > Cc: Johannes Berg <johannes@sipsolutions.net>
> > Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
> 
> Is this intended for 2.6.37?  It looks like it would apply there.

Fine with me, however, the patch is based on wireless-testing.

Thanks,
Helmut

     prev parent reply	other threads:[~2010-12-07 20:41 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-02 17:44 [PATCH] mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs Helmut Schaa
2010-12-02 17:46 ` Johannes Berg
2010-12-02 17:58   ` Helmut Schaa
2010-12-07 19:49 ` John W. Linville
2010-12-07 20:04   ` Johannes Berg
2010-12-07 20:39   ` Helmut Schaa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201012072139.48659.helmut.schaa@googlemail.com \
    --to=helmut.schaa@googlemail.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).