From: "Michael Büsch" <m@bues.ch>
To: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
netdev@vger.kernel.org, Gary Zambrano <zambrano@broadcom.com>,
bugme-daemon@bugzilla.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Pekka Pietikainen <pp@ee.oulu.fi>,
Florian Schirmer <jolt@tuxbox.org>,
Felix Fietkau <nbd@openwrt.org>, Michael Buesch <mb@bu3sch.de>
Subject: Re: [Bugme-new] [Bug 38102] New: BUG kmalloc-2048: Poison overwritten
Date: Mon, 4 Jul 2011 13:05:31 +0000 [thread overview]
Message-ID: <20110704130531.37cf876e@Nokia-N900> (raw)
In-Reply-To: <CAB9v_DG7e8vDE+4PDwuOR2DYG1FEvUM1fxa+e4a=swwTYGJ9nQ@mail.gmail.com>
On Mon, 4 Jul 2011 15:48:31 +0400
Alexey Zaytsev <alexey.zaytsev@gmail.com> wrote:
> The skb is reinserted into the ring before its data is copied, it
> seems. But this can't be the cause of my problem, as it would lead to
> data corruption at most, not a write-after-free.
Recycling the skb does not imply that the device can reuse it immediately. The device is told at the very end of the RX function (after the loop) that it's now safe to put stuff into the recyceled/new buffers.
> And an other question. Why so we have the logic to work-around the 1Gb
> DMA limit instead of just setting the dma mask?
Because the DMA mask does not work correctly on all arches for masks smaller than 4G.
And btw, I dont understand what that wmb() patch is supposed to fix. There may be a wmb() missing, but rather after the ctrl _and_ the address assignment to the descriptor.
But I don't think this can cause this use-after-free anyway.
next prev parent reply other threads:[~2011-07-04 13:02 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-38102-10286@https.bugzilla.kernel.org/>
2011-06-29 21:51 ` [Bugme-new] [Bug 38102] New: BUG kmalloc-2048: Poison overwritten Andrew Morton
2011-07-01 6:01 ` Alexey Zaytsev
2011-07-02 21:25 ` Alexey Zaytsev
2011-07-03 15:46 ` Eric Dumazet
2011-07-04 11:48 ` Alexey Zaytsev
2011-07-04 13:05 ` Michael Büsch [this message]
2011-07-04 13:57 ` Eric Dumazet
2011-07-04 14:27 ` Michael Büsch
2011-07-04 14:43 ` Michael Büsch
2011-07-04 14:53 ` Eric Dumazet
2011-07-04 15:12 ` Eric Dumazet
2011-07-04 20:25 ` Alexey Zaytsev
2011-07-04 22:29 ` Alexey Zaytsev
2011-07-05 3:44 ` Eric Dumazet
2011-07-05 3:56 ` Alexey Zaytsev
2011-07-05 4:11 ` Eric Dumazet
2011-07-05 4:14 ` Eric Dumazet
2011-07-05 4:17 ` Alexey Zaytsev
2011-07-05 4:18 ` Alexey Zaytsev
2011-07-05 4:25 ` Eric Dumazet
2011-07-05 4:29 ` Alexey Zaytsev
2011-07-05 4:38 ` Eric Dumazet
2011-07-05 4:57 ` Alexey Zaytsev
2011-07-05 5:10 ` Eric Dumazet
2011-07-05 5:18 ` Alexey Zaytsev
2011-07-05 5:33 ` Eric Dumazet
2011-07-05 5:59 ` Eric Dumazet
2011-07-05 16:05 ` Neil Horman
2011-07-05 16:12 ` Eric Dumazet
2011-07-05 16:27 ` Michael Büsch
2011-07-05 16:42 ` Neil Horman
2011-07-05 16:47 ` Eric Dumazet
2011-07-05 16:57 ` Eric Dumazet
2011-07-05 17:01 ` Joe Perches
2011-07-05 17:21 ` Neil Horman
2011-07-05 18:06 ` Neil Horman
2011-07-05 18:13 ` Eric Dumazet
2011-07-05 18:32 ` Eric Dumazet
2011-07-05 18:45 ` Eric Dumazet
2011-07-05 19:53 ` Neil Horman
2011-07-05 20:02 ` Eric Dumazet
2011-07-05 20:15 ` Eric Dumazet
2011-07-05 22:06 ` Neil Horman
2011-07-06 15:32 ` Michael Büsch
2011-07-06 16:00 ` Eric Dumazet
2011-07-06 16:12 ` Michael Büsch
2011-07-06 16:35 ` Eric Dumazet
2011-07-06 16:56 ` Eric Dumazet
2011-07-07 6:32 ` Alexey Zaytsev
2011-07-07 6:48 ` Eric Dumazet
2011-07-07 7:45 ` Alexey Zaytsev
2011-07-07 9:20 ` Eric Dumazet
2011-07-07 9:34 ` Alexey Zaytsev
2011-07-07 9:37 ` Alexey Zaytsev
2011-07-07 9:43 ` Alexey Zaytsev
2011-07-07 9:52 ` Eric Dumazet
2011-07-05 4:21 ` Eric Dumazet
2011-07-04 14:00 ` Eric Dumazet
2011-07-04 14:31 ` Michael Büsch
2011-07-04 14:45 ` Eric Dumazet
2011-07-04 14:51 ` Michael Büsch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110704130531.37cf876e@Nokia-N900 \
--to=m@bues.ch \
--cc=akpm@linux-foundation.org \
--cc=alexey.zaytsev@gmail.com \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jolt@tuxbox.org \
--cc=mb@bu3sch.de \
--cc=nbd@openwrt.org \
--cc=netdev@vger.kernel.org \
--cc=pp@ee.oulu.fi \
--cc=zambrano@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).