From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCHv2 net-next] netlink: allow large data transfers from user-space Date: Mon, 3 Jun 2013 21:21:40 +0200 Message-ID: <20130603192140.GA28973@localhost> References: <1370277599-27072-1-git-send-email-pablo@netfilter.org> <1370279559.24311.160.camel@edumazet-glaptop> <20130603174138.GA28338@localhost> <1370282437.24311.175.camel@edumazet-glaptop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netdev@vger.kernel.org, davem@davemloft.net, kaber@trash.net To: Eric Dumazet Return-path: Received: from mail.us.es ([193.147.175.20]:42862 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755626Ab3FCTVp (ORCPT ); Mon, 3 Jun 2013 15:21:45 -0400 Content-Disposition: inline In-Reply-To: <1370282437.24311.175.camel@edumazet-glaptop> Sender: netdev-owner@vger.kernel.org List-ID: On Mon, Jun 03, 2013 at 11:00:37AM -0700, Eric Dumazet wrote: > On Mon, 2013-06-03 at 19:41 +0200, Pablo Neira Ayuso wrote: > > Hi Eric! > > > > On Mon, Jun 03, 2013 at 10:12:39AM -0700, Eric Dumazet wrote: > > > On Mon, 2013-06-03 at 18:39 +0200, Pablo Neira Ayuso wrote: > > > > > > > + if (is_vmalloc_addr(skb->head)) { > > > > + vfree(skb->head); > > > > + skb->data = NULL; > > > > + } > > > > > > > > > > You probably meant : > > > > > > skb->head = NULL; > > > > > > Now, cross our fingers we do not skb_orphan() these skb too early :) > > > > skb_release_all checks for skb->data != NULL to release skb->head as > > it would have been allocated via kmalloc. This didn't look very > > intuitive to me when I hit a panic while testing my patch either. > > Oh well, this is probably an old typo because of skb_release_data() name > > So we indeed do : > > if (likely(skb->data)) > skb_release_data(skb); > > But it really should be > > if (likely(skb->head)) > skb_release_head(skb); > > as skb->data is not pointing to the beginning of the area to be freed. Indeed, this change is recent, happened in 0ebd0ac. > BTW, __alloc_skb_head() inits skb->data to NULL, and leaves skb->head > uninitialized. Thats is really not nice... Should be skb->head = NULL and leave skb->data unset. I'll send a patch to fix that.