From: Dave Jones <davej@codemonkey.org.uk>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Miller <davem@davemloft.net>,
Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: ipv6: handle -EFAULT from skb_copy_bits
Date: Tue, 20 Dec 2016 17:12:14 -0500 [thread overview]
Message-ID: <20161220221214.w3zerfiy4wu6apee@codemonkey.org.uk> (raw)
In-Reply-To: <CAM_iQpUgqJEG544HqH1iwdQFL9-nV3-hMuuH_eU9OnJ--pX+jg@mail.gmail.com>
On Tue, Dec 20, 2016 at 11:31:38AM -0800, Cong Wang wrote:
> On Tue, Dec 20, 2016 at 10:17 AM, Dave Jones <davej@codemonkey.org.uk> wrote:
> > On Mon, Dec 19, 2016 at 08:36:23PM -0500, David Miller wrote:
> > > From: Dave Jones <davej@codemonkey.org.uk>
> > > Date: Mon, 19 Dec 2016 19:40:13 -0500
> > >
> > > > On Mon, Dec 19, 2016 at 07:31:44PM -0500, Dave Jones wrote:
> > > >
> > > > > Unfortunately, this made no difference. I spent some time today trying
> > > > > to make a better reproducer, but failed. I'll revisit again tomorrow.
> > > > >
> > > > > Maybe I need >1 process/thread to trigger this. That would explain why
> > > > > I can trigger it with Trinity.
> > > >
> > > > scratch that last part, I finally just repro'd it with a single process.
> > >
> > > Thanks for the info, I'll try to think about this some more.
> >
> > I threw in some debug printks right before that BUG_ON.
> > it's always this:
> >
> > skb->len=31 skb->data_len=0 offset:30 total_len:9
>
> Clearly we fail because 30 > 31 - 2, seems 'offset' is not correct here,
> off-by-one?
Ok, I finally made a messy, albeit good enough reproducer.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define LEN 504
int main(int argc, char* argv[])
{
int fd;
int zero = 0;
char buf[LEN];
memset(buf, 0, LEN);
fd = socket(AF_INET6, SOCK_RAW, 7);
setsockopt(fd, SOL_IPV6, IPV6_CHECKSUM, &zero, 4);
setsockopt(fd, SOL_IPV6, IPV6_DSTOPTS, &buf, LEN);
sendto(fd, buf, 1, 0, (struct sockaddr *) buf, 110);
}
next prev parent reply other threads:[~2016-12-20 22:12 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 15:47 ipv6: handle -EFAULT from skb_copy_bits Dave Jones
2016-12-17 15:41 ` David Miller
2016-12-17 16:43 ` Dave Jones
2016-12-19 17:03 ` Dave Jones
2016-12-19 19:48 ` David Miller
2016-12-20 0:31 ` Dave Jones
2016-12-20 0:40 ` Dave Jones
2016-12-20 1:36 ` David Miller
2016-12-20 18:17 ` Dave Jones
2016-12-20 18:28 ` David Miller
2016-12-20 19:34 ` Dave Jones
2016-12-20 19:31 ` Cong Wang
2016-12-20 22:12 ` Dave Jones [this message]
2016-12-21 6:09 ` Cong Wang
2016-12-21 12:27 ` Hannes Frederic Sowa
2016-12-21 12:41 ` Hannes Frederic Sowa
2016-12-21 19:04 ` David Miller
2016-12-21 21:33 ` Hannes Frederic Sowa
2016-12-22 1:40 ` Dave Jones
2016-12-22 3:29 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2016-12-22 16:16 Dave Jones
2016-12-23 17:21 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161220221214.w3zerfiy4wu6apee@codemonkey.org.uk \
--to=davej@codemonkey.org.uk \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).