From: Tommy Christensen <tommy.christensen@tpack.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>,
netdev@oss.sgi.com, "David S. Miller" <davem@davemloft.net>
Subject: Re: assertion (!atomic_read(&sk->sk_rmem_alloc)) failed at net/netlink/af_netlink.c (122)
Date: Thu, 12 May 2005 00:17:19 +0200 [thread overview]
Message-ID: <4282846F.6070403@tpack.net> (raw)
In-Reply-To: <20050511005836.GA1674@gondor.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 974 bytes --]
Herbert Xu wrote:
> I think I understand your patch now. What's happening is that
>
> 1) The skb is sent to socket 1.
> 2) Someone does a recvmsg on socket 1 and drops the ref on the skb.
> Note that the rmalloc is not returned at this point since the
> skb is still referenced.
> 3) The same skb is now sent to socket 2.
Ahh, even I get the point now.
I actually thought this was caused by another race. More on that later.
> I agree with your solution except that we should still do the skb_get
> if we can. Here is my version where we only do the skb_get at the
> start.
What about an alternative fix, that avoids even more cloning (where
possible)? This resurrects the skb_orphan call that was moved out, last
time we had 'shared-skb troubles'. It is practically a no-op in the
common case, but still prevents the possible race with recvmsg.
(And I have a weakness for one-line-fixes). :-)
Signed-off-by: Tommy S. Christensen <tommy.christensen@tpack.net>
[-- Attachment #2: netlink-1.patch --]
[-- Type: text/plain, Size: 506 bytes --]
diff -ru linux-2.6.12-rc4/net/netlink/af_netlink.c linux-2.6.12-work/net/netlink/af_netlink.c
--- linux-2.6.12-rc4/net/netlink/af_netlink.c 2005-05-11 11:10:20.000000000 +0200
+++ linux-2.6.12-work/net/netlink/af_netlink.c 2005-05-12 00:08:33.634344658 +0200
@@ -697,6 +697,7 @@
if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
!test_bit(0, &nlk->state)) {
+ skb_orphan(skb);
skb_set_owner_r(skb, sk);
skb_queue_tail(&sk->sk_receive_queue, skb);
sk->sk_data_ready(sk, skb->len);
next prev parent reply other threads:[~2005-05-11 22:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-10 12:43 assertion (!atomic_read(&sk->sk_rmem_alloc)) failed at net/netlink/af_netlink.c (122) Ken-ichirou MATSUZAWA
2005-05-10 22:07 ` Herbert Xu
2005-05-11 0:58 ` Herbert Xu
2005-05-11 15:20 ` Ken-ichirou MATSUZAWA
2005-05-11 22:17 ` Tommy Christensen [this message]
2005-05-11 22:22 ` Herbert Xu
2005-05-19 19:47 ` David S. Miller
2005-05-11 23:17 ` Herbert Xu
2005-05-12 9:58 ` Tommy Christensen
2005-05-12 10:42 ` Herbert Xu
2005-05-12 10:58 ` Tommy Christensen
2005-05-12 11:07 ` Herbert Xu
2005-05-19 19:49 ` David S. Miller
2005-05-19 21:34 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4282846F.6070403@tpack.net \
--to=tommy.christensen@tpack.net \
--cc=chamas@h4.dion.ne.jp \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).