* IP fragmentation bug from NFS
@ 2006-09-22 20:35 Stephen Hemminger
2006-09-22 20:50 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2006-09-22 20:35 UTC (permalink / raw)
To: netdev
http://bugzilla.kernel.org/show_bug.cgi?id=7018
Looking at this, it seems that when NFS hands UDP a fragmented (non-linear skb),
it traps because it tries to trim bytes off a non-linear skb. Not sure if skb_trim
needs fixing, or IP is broken..
---
ssize_t ip_append_page(struct sock *sk, struct page *page,
int offset, size_t size, int flags)
{
struct inet_sock *inet = inet_sk(sk);
struct sk_buff *skb;
struct rtable *rt;
struct ip_options *opt = NULL;
int hh_len;
int mtu;
int len;
int err;
unsigned int maxfraglen, fragheaderlen, fraggap;
if (inet->hdrincl)
return -EPERM;
if (flags&MSG_PROBE)
return 0;
if (skb_queue_empty(&sk->sk_write_queue))
return -EINVAL;
rt = inet->cork.rt;
if (inet->cork.flags & IPCORK_OPT)
opt = inet->cork.opt;
if (!(rt->u.dst.dev->features&NETIF_F_SG))
return -EOPNOTSUPP;
hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
mtu = inet->cork.fragsize;
fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
if (inet->cork.length + size > 0xFFFF - fragheaderlen) {
ip_local_error(sk, EMSGSIZE, rt->rt_dst, inet->dport, mtu);
return -EMSGSIZE;
}
if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
return -EINVAL;
inet->cork.length += size;
if ((sk->sk_protocol == IPPROTO_UDP) &&
(rt->u.dst.dev->features & NETIF_F_UFO)) {
skb_shinfo(skb)->gso_size = mtu - fragheaderlen;
skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
}
while (size > 0) {
int i;
if (skb_is_gso(skb))
len = size;
else {
/* Check if the remaining data fits into current packet. */
len = mtu - skb->len;
if (len < size)
len = maxfraglen - skb->len;
}
if (len <= 0) {
struct sk_buff *skb_prev;
char *data;
struct iphdr *iph;
int alloclen;
skb_prev = skb;
fraggap = skb_prev->len - maxfraglen;
alloclen = fragheaderlen + hh_len + fraggap + 15;
skb = sock_wmalloc(sk, alloclen, 1, sk->sk_allocation);
if (unlikely(!skb)) {
err = -ENOBUFS;
goto error;
}
/*
* Fill in the control structures
*/
skb->ip_summed = CHECKSUM_NONE;
skb->csum = 0;
skb_reserve(skb, hh_len);
/*
* Find where to start putting bytes.
*/
data = skb_put(skb, fragheaderlen + fraggap);
skb->nh.iph = iph = (struct iphdr *)data;
data += fragheaderlen;
skb->h.raw = data;
if (fraggap) {
skb->csum = skb_copy_and_csum_bits(
skb_prev, maxfraglen,
data, fraggap, 0);
skb_prev->csum = csum_sub(skb_prev->csum,
skb->csum);
-----> pskb_trim_unique(skb_prev, maxfraglen);
--
Stephen Hemminger <shemminger@osdl.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: IP fragmentation bug from NFS
2006-09-22 20:35 IP fragmentation bug from NFS Stephen Hemminger
@ 2006-09-22 20:50 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2006-09-22 20:50 UTC (permalink / raw)
To: shemminger; +Cc: netdev
From: Stephen Hemminger <shemminger@osdl.org>
Date: Fri, 22 Sep 2006 13:35:12 -0700
> http://bugzilla.kernel.org/show_bug.cgi?id=7018
>
> Looking at this, it seems that when NFS hands UDP a fragmented
> (non-linear skb), it traps because it tries to trim bytes off a
> non-linear skb. Not sure if skb_trim needs fixing, or IP is broken..
Should be fixed by: e9fa4f7bd291c29a785666e2fa5a9cf3241ee6c3
[INET]: Use pskb_trim_unique when trimming paged unique skbs
The IPv4/IPv6 datagram output path was using skb_trim to trim paged
packets because they know that the packet has not been cloned yet
(since the packet hasn't been given to anything else in the system).
This broke because skb_trim no longer allows paged packets to be
trimmed. Paged packets must be given to one of the pskb_trim functions
instead.
This patch adds a new pskb_trim_unique function to cover the IPv4/IPv6
datagram output path scenario and replaces the corresponding skb_trim
calls with it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-09-22 20:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-22 20:35 IP fragmentation bug from NFS Stephen Hemminger
2006-09-22 20:50 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).