From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: Re: =?UTF-8?Q?=E7=AD=94=E5=A4=8D=3A?= [PATCH] net: clean the sk_frag.page of new cloned socket Date: Thu, 25 Jan 2018 19:14:09 -0800 Message-ID: <1516936449.3715.56.camel@gmail.com> References: <1516882089-28575-1-git-send-email-lirongqing@baidu.com> <1516884245.3715.48.camel@gmail.com> <2AD939572F25A448A3AE3CAEA61328C23694645C@BC-MAIL-MBX12.internal.baidu.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: "edumazet@google.com" To: "Li,Rongqing" , "netdev@vger.kernel.org" Return-path: Received: from mail-pf0-f196.google.com ([209.85.192.196]:35763 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751174AbeAZDOL (ORCPT ); Thu, 25 Jan 2018 22:14:11 -0500 Received: by mail-pf0-f196.google.com with SMTP id t12so7328994pfg.2 for ; Thu, 25 Jan 2018 19:14:11 -0800 (PST) In-Reply-To: <2AD939572F25A448A3AE3CAEA61328C23694645C@BC-MAIL-MBX12.internal.baidu.com> Sender: netdev-owner@vger.kernel.org List-ID: On Fri, 2018-01-26 at 02:09 +0000, Li,Rongqing wrote: > > crash> bt 8683 > PID: 8683 TASK: ffff881faa088000 CPU: 10 COMMAND: "mynode" > #0 [ffff881fff145e78] crash_nmi_callback at ffffffff81031712 > #1 [ffff881fff145e88] nmi_handle at ffffffff816cafe9 > #2 [ffff881fff145ec8] do_nmi at ffffffff816cb0f0 > #3 [ffff881fff145ef0] end_repeat_nmi at ffffffff816ca4a1 > [exception RIP: _raw_spin_lock_irqsave+62] > RIP: ffffffff816c9a9e RSP: ffff881fa992b990 RFLAGS: 00000002 > RAX: 0000000000004358 RBX: ffff88207ffd7e80 RCX: 0000000000004358 > RDX: 0000000000004356 RSI: 0000000000000246 RDI: ffff88207ffd7ee8 > RBP: ffff881fa992b990 R8: 0000000000000000 R9: 00000000019a16e6 > R10: 0000000000004d24 R11: 0000000000004000 R12: 0000000000000242 > R13: 0000000000004d24 R14: 0000000000000001 R15: 0000000000000000 > ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 > --- --- > #4 [ffff881fa992b990] _raw_spin_lock_irqsave at ffffffff816c9a9e > #5 [ffff881fa992b998] get_page_from_freelist at ffffffff8113ce5f > #6 [ffff881fa992ba70] __alloc_pages_nodemask at ffffffff8113d15f > #7 [ffff881fa992bba0] alloc_pages_current at ffffffff8117ab29 > #8 [ffff881fa992bbe8] sk_page_frag_refill at ffffffff815dd310 > #9 [ffff881fa992bc18] tcp_sendmsg at ffffffff8163e4f3 > #10 [ffff881fa992bcd8] inet_sendmsg at ffffffff81668434 > #11 [ffff881fa992bd08] sock_sendmsg at ffffffff815d9719 > #12 [ffff881fa992be58] SYSC_sendto at ffffffff815d9c81 > #13 [ffff881fa992bf70] sys_sendto at ffffffff815da6ae > #14 [ffff881fa992bf80] system_call_fastpath at ffffffff816d2189 > Note that tcp_sendmsg() does not use sk->sk_frag, but the per task page. Unless something changes sk->sk_allocation, which a user application can not do. Are you using a pristine upstream kernel ?