* skb->truesize assertion checking for TCP
@ 2006-04-20 4:55 David S. Miller
2006-04-20 5:04 ` Herbert Xu
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2006-04-20 4:55 UTC (permalink / raw)
To: netdev; +Cc: herbert
Herbert what do you think of this?
I know it might be better to check this right where we
make the manipulations, but this catch-all trap at the
end points seems to make sense and will catch other kinds
of errors.
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index c4619a4..60a7c5a 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -344,6 +344,13 @@ extern void skb_over_panic(struct
void *here);
extern void skb_under_panic(struct sk_buff *skb, int len,
void *here);
+extern void skb_truesize_bug(struct sk_buff *skb);
+
+static inline void skb_truesize_check(struct sk_buff *skb)
+{
+ if (unlikely((int)skb->truesize < sizeof(struct sk_buff)))
+ skb_truesize_bug(skb);
+}
extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
int getfrag(void *from, char *to, int offset,
diff --git a/include/net/sock.h b/include/net/sock.h
index af2b054..ff8b0da 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -454,6 +454,7 @@ static inline void sk_stream_set_owner_r
static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb)
{
+ skb_truesize_check(skb);
sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
sk->sk_wmem_queued -= skb->truesize;
sk->sk_forward_alloc += skb->truesize;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 09464fa..f2b4238 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -112,6 +112,12 @@ void skb_under_panic(struct sk_buff *skb
BUG();
}
+void skb_truesize_bug(struct sk_buff *skb)
+{
+ printk("SKB BUG: Invalid truesize (%u) sizeof(sk_buff)=%Zd\n",
+ skb->truesize, sizeof(struct sk_buff));
+}
+
/* Allocate a new skbuff. We do this ourselves so we can fill in a few
* 'private' fields and also do memory statistics to find all the
* [BEEP] leaks.
diff --git a/net/core/stream.c b/net/core/stream.c
index 35e2525..e948969 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb
{
struct sock *sk = skb->sk;
+ skb_truesize_check(skb);
atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
sk->sk_forward_alloc += skb->truesize;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: skb->truesize assertion checking for TCP
2006-04-20 4:55 skb->truesize assertion checking for TCP David S. Miller
@ 2006-04-20 5:04 ` Herbert Xu
2006-04-20 6:17 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Herbert Xu @ 2006-04-20 5:04 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
Hi David:
On Wed, Apr 19, 2006 at 09:55:13PM -0700, David S. Miller wrote:
>
> Herbert what do you think of this?
>
> I know it might be better to check this right where we
> make the manipulations, but this catch-all trap at the
> end points seems to make sense and will catch other kinds
> of errors.
Yes that should do the trick.
> +static inline void skb_truesize_check(struct sk_buff *skb)
> +{
> + if (unlikely((int)skb->truesize < sizeof(struct sk_buff)))
> + skb_truesize_bug(skb);
> +}
I think we can go for the stronger test:
skb->truesize < sizeof(struct sk_buff) + skb->len
> +void skb_truesize_bug(struct sk_buff *skb)
> +{
> + printk("SKB BUG: Invalid truesize (%u) sizeof(sk_buff)=%Zd\n",
> + skb->truesize, sizeof(struct sk_buff));
> +}
Printing out skb->len would be good too if we changed the test.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: skb->truesize assertion checking for TCP
2006-04-20 5:04 ` Herbert Xu
@ 2006-04-20 6:17 ` David S. Miller
2006-04-25 16:49 ` Jesse Brandeburg
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2006-04-20 6:17 UTC (permalink / raw)
To: herbert; +Cc: netdev
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Thu, 20 Apr 2006 15:04:06 +1000
> On Wed, Apr 19, 2006 at 09:55:13PM -0700, David S. Miller wrote:
> > +static inline void skb_truesize_check(struct sk_buff *skb)
> > +{
> > + if (unlikely((int)skb->truesize < sizeof(struct sk_buff)))
> > + skb_truesize_bug(skb);
> > +}
>
> I think we can go for the stronger test:
>
> skb->truesize < sizeof(struct sk_buff) + skb->len
Agreed, let me see if that triggers on my machine before
I commit this :-)
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: skb->truesize assertion checking for TCP
2006-04-20 6:17 ` David S. Miller
@ 2006-04-25 16:49 ` Jesse Brandeburg
0 siblings, 0 replies; 4+ messages in thread
From: Jesse Brandeburg @ 2006-04-25 16:49 UTC (permalink / raw)
To: David S. Miller; +Cc: herbert, netdev
On 4/19/06, David S. Miller <davem@davemloft.net> wrote:
> From: Herbert Xu <herbert@gondor.apana.org.au>
> Date: Thu, 20 Apr 2006 15:04:06 +1000
>
> > On Wed, Apr 19, 2006 at 09:55:13PM -0700, David S. Miller wrote:
> > > +static inline void skb_truesize_check(struct sk_buff *skb)
> > > +{
> > > + if (unlikely((int)skb->truesize < sizeof(struct sk_buff)))
> > > + skb_truesize_bug(skb);
> > > +}
> >
> > I think we can go for the stronger test:
> >
> > skb->truesize < sizeof(struct sk_buff) + skb->len
>
> Agreed, let me see if that triggers on my machine before
> I commit this :-)
Um, I get a log full of these now with the 7.0.33 driver in the
kernel. BTW, it seems like it is missing a WARN_ON or
printk(__function__) - or whatever prints the function name of a
caller in the debug output.
Apr 24 15:48:36 lindenhurst-2 kernel: e1000: eth1:
e1000_watchdog_task: NIC Link is Up 100 Mbps Half Duplex
Apr 24 15:48:36 lindenhurst-2 kernel: e1000: eth1:
e1000_watchdog_task: 10/100 speed: disabling TSO
Apr 24 15:49:21 lindenhurst-2 kernel: SKB BUG: Invalid truesize (616)
len=1448, sizeof(sk_buff)=232
Apr 24 15:49:21 lindenhurst-2 last message repeated 13 times
Apr 24 15:49:21 lindenhurst-2 kernel: SKB BUG: Invalid truesize (616)
len=1408, sizeof(sk_buff)=232
Apr 24 15:49:21 lindenhurst-2 kernel: SKB BUG: Invalid truesize (616)
len=1448, sizeof(sk_buff)=232
Apr 24 15:49:21 lindenhurst-2 last message repeated 15 times
Apr 24 15:49:21 lindenhurst-2 kernel: SKB BUG: Invalid truesize (616)
len=1408, sizeof(sk_buff)=232
Apr 24 15:49:21 lindenhurst-2 kernel: SKB BUG: Invalid truesize (616)
len=1448, sizeof(sk_buff)=232
Apr 24 15:49:21 lindenhurst-2 last message repeated 97 times
I have the latest version of net/core/skbuff.c in git.
I've verified that the below patch fixes the message appearing but I
still think the message could be refined a little bit. We're working
on seperate patches for this for 17-rc and 16 stable.
Jesse
PS this is just for reference, this patch is mangled due to cut/paste
drivers/net/e1000/e1000_main.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c
index add8dc4..c99e878 100644
--- a/drivers/net/e1000/e1000_main.c
+++ b/drivers/net/e1000/e1000_main.c
@@ -3768,6 +3768,7 @@ e1000_clean_rx_irq_ps(struct e1000_adapt
ps_page->ps_page[j] = NULL;
skb->len += length;
skb->data_len += length;
+ skb->truesize += length;
}
copydone:
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-04-25 16:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-20 4:55 skb->truesize assertion checking for TCP David S. Miller
2006-04-20 5:04 ` Herbert Xu
2006-04-20 6:17 ` David S. Miller
2006-04-25 16:49 ` Jesse Brandeburg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox