* [net-next 36/40] ixgbe: fix ring assignment issues for SR-IOV and drop cases
From: Jeff Kirsher @ 2011-06-07 12:33 UTC (permalink / raw)
To: davem; +Cc: Alexander Duyck, netdev, gospo, Jeff Kirsher
In-Reply-To: <1307449995-9458-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Alexander Duyck <alexander.h.duyck@intel.com>
This change fixes the fact that we would trigger a null pointer dereference
or specify the wrong ring if the rings were restored. This change makes
certain that the DROP queue is a static value, and all other rings are
based on the ring offsets for the PF.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ixgbe/ixgbe_ethtool.c | 2 ++
drivers/net/ixgbe/ixgbe_main.c | 8 +++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ixgbe/ixgbe_ethtool.c b/drivers/net/ixgbe/ixgbe_ethtool.c
index f96193d..74a53ca 100644
--- a/drivers/net/ixgbe/ixgbe_ethtool.c
+++ b/drivers/net/ixgbe/ixgbe_ethtool.c
@@ -2721,6 +2721,8 @@ static int ixgbe_add_ethtool_fdir_entry(struct ixgbe_adapter *adapter,
/* program filters to filter memory */
err = ixgbe_fdir_write_perfect_filter_82599(hw,
&input->filter, input->sw_idx,
+ (input->action == IXGBE_FDIR_DROP_QUEUE) ?
+ IXGBE_FDIR_DROP_QUEUE :
adapter->rx_ring[input->action]->reg_idx);
if (err)
goto err_out_w_lock;
diff --git a/drivers/net/ixgbe/ixgbe_main.c b/drivers/net/ixgbe/ixgbe_main.c
index c0deed8..a5425e8 100644
--- a/drivers/net/ixgbe/ixgbe_main.c
+++ b/drivers/net/ixgbe/ixgbe_main.c
@@ -3759,9 +3759,11 @@ static void ixgbe_fdir_filter_restore(struct ixgbe_adapter *adapter)
hlist_for_each_entry_safe(filter, node, node2,
&adapter->fdir_filter_list, fdir_node) {
ixgbe_fdir_write_perfect_filter_82599(hw,
- &filter->filter,
- filter->sw_idx,
- filter->action);
+ &filter->filter,
+ filter->sw_idx,
+ (filter->action == IXGBE_FDIR_DROP_QUEUE) ?
+ IXGBE_FDIR_DROP_QUEUE :
+ adapter->rx_ring[filter->action]->reg_idx);
}
spin_unlock(&adapter->fdir_perfect_lock);
--
1.7.5.2
^ permalink raw reply related
* [net-next 37/40] rtnetlink: Compute and store minimum ifinfo dump size
From: Jeff Kirsher @ 2011-06-07 12:33 UTC (permalink / raw)
To: davem; +Cc: Greg Rose, netdev, gospo, Jeff Kirsher
In-Reply-To: <1307449995-9458-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Greg Rose <gregory.v.rose@intel.com>
The message size allocated for rtnl ifinfo dumps was limited to
a single page. This is not enough for additional interface info
available with devices that support SR-IOV and caused a bug in
which VF info would not be displayed if more than approximately
40 VFs were created per interface.
Implement a new function pointer for the rtnl_register service that will
calculate the amount of data required for the ifinfo dump and allocate
enough data to satisfy the request.
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Tested-by: Evan Swanson <evan.swanson@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
include/linux/netlink.h | 6 ++-
include/net/rtnetlink.h | 7 +++-
net/bridge/br_netlink.c | 15 ++++++---
net/core/fib_rules.c | 6 ++--
net/core/neighbour.c | 11 +++---
net/core/rtnetlink.c | 60 +++++++++++++++++++++++++++------
net/dcb/dcbnl.c | 4 +-
net/decnet/dn_dev.c | 6 ++--
net/decnet/dn_fib.c | 4 +-
net/decnet/dn_route.c | 5 ++-
net/ipv4/devinet.c | 6 ++--
net/ipv4/fib_frontend.c | 6 ++--
net/ipv4/inet_diag.c | 2 +-
net/ipv4/ipmr.c | 3 +-
net/ipv4/route.c | 2 +-
net/ipv6/addrconf.c | 16 ++++++---
net/ipv6/addrlabel.c | 9 +++--
net/ipv6/ip6_fib.c | 3 +-
net/ipv6/ip6mr.c | 3 +-
net/ipv6/route.c | 6 ++--
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 4 +-
net/netlink/af_netlink.c | 17 ++++++---
net/netlink/genetlink.c | 2 +-
net/phonet/pn_netlink.c | 13 ++++---
net/sched/act_api.c | 7 ++--
net/sched/cls_api.c | 6 ++--
net/sched/sch_api.c | 12 +++---
net/xfrm/xfrm_user.c | 3 +-
29 files changed, 157 insertions(+), 89 deletions(-)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index a9dd895..fdd0188 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -221,7 +221,8 @@ struct netlink_callback {
int (*dump)(struct sk_buff * skb,
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
- int family;
+ u16 family;
+ u16 min_dump_alloc;
long args[6];
};
@@ -259,7 +260,8 @@ __nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags)
extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
const struct nlmsghdr *nlh,
int (*dump)(struct sk_buff *skb, struct netlink_callback*),
- int (*done)(struct netlink_callback*));
+ int (*done)(struct netlink_callback*),
+ u16 min_dump_alloc);
#define NL_NONROOT_RECV 0x1
diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
index 4093ca7..678f1ff 100644
--- a/include/net/rtnetlink.h
+++ b/include/net/rtnetlink.h
@@ -6,11 +6,14 @@
typedef int (*rtnl_doit_func)(struct sk_buff *, struct nlmsghdr *, void *);
typedef int (*rtnl_dumpit_func)(struct sk_buff *, struct netlink_callback *);
+typedef u16 (*rtnl_calcit_func)(struct sk_buff *);
extern int __rtnl_register(int protocol, int msgtype,
- rtnl_doit_func, rtnl_dumpit_func);
+ rtnl_doit_func, rtnl_dumpit_func,
+ rtnl_calcit_func);
extern void rtnl_register(int protocol, int msgtype,
- rtnl_doit_func, rtnl_dumpit_func);
+ rtnl_doit_func, rtnl_dumpit_func,
+ rtnl_calcit_func);
extern int rtnl_unregister(int protocol, int msgtype);
extern void rtnl_unregister_all(int protocol);
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index ffb0dc4..6814083 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -218,19 +218,24 @@ int __init br_netlink_init(void)
if (err < 0)
goto err1;
- err = __rtnl_register(PF_BRIDGE, RTM_GETLINK, NULL, br_dump_ifinfo);
+ err = __rtnl_register(PF_BRIDGE, RTM_GETLINK, NULL,
+ br_dump_ifinfo, NULL);
if (err)
goto err2;
- err = __rtnl_register(PF_BRIDGE, RTM_SETLINK, br_rtm_setlink, NULL);
+ err = __rtnl_register(PF_BRIDGE, RTM_SETLINK,
+ br_rtm_setlink, NULL, NULL);
if (err)
goto err3;
- err = __rtnl_register(PF_BRIDGE, RTM_NEWNEIGH, br_fdb_add, NULL);
+ err = __rtnl_register(PF_BRIDGE, RTM_NEWNEIGH,
+ br_fdb_add, NULL, NULL);
if (err)
goto err3;
- err = __rtnl_register(PF_BRIDGE, RTM_DELNEIGH, br_fdb_delete, NULL);
+ err = __rtnl_register(PF_BRIDGE, RTM_DELNEIGH,
+ br_fdb_delete, NULL, NULL);
if (err)
goto err3;
- err = __rtnl_register(PF_BRIDGE, RTM_GETNEIGH, NULL, br_fdb_dump);
+ err = __rtnl_register(PF_BRIDGE, RTM_GETNEIGH,
+ NULL, br_fdb_dump, NULL);
if (err)
goto err3;
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 008dc70..e7ab0c0 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -740,9 +740,9 @@ static struct pernet_operations fib_rules_net_ops = {
static int __init fib_rules_init(void)
{
int err;
- rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule);
+ rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule, NULL);
err = register_pernet_subsys(&fib_rules_net_ops);
if (err < 0)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 799f06e..ceb505b 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2909,12 +2909,13 @@ EXPORT_SYMBOL(neigh_sysctl_unregister);
static int __init neigh_init(void)
{
- rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETNEIGH, NULL, neigh_dump_info);
+ rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETNEIGH, NULL, neigh_dump_info, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info);
- rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
+ NULL);
+ rtnl_register(PF_UNSPEC, RTM_SETNEIGHTBL, neightbl_set, NULL, NULL);
return 0;
}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index abd936d..a798fc6 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -56,9 +56,11 @@
struct rtnl_link {
rtnl_doit_func doit;
rtnl_dumpit_func dumpit;
+ rtnl_calcit_func calcit;
};
static DEFINE_MUTEX(rtnl_mutex);
+static u16 min_ifinfo_dump_size;
void rtnl_lock(void)
{
@@ -144,12 +146,28 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex)
return tab ? tab[msgindex].dumpit : NULL;
}
+static rtnl_calcit_func rtnl_get_calcit(int protocol, int msgindex)
+{
+ struct rtnl_link *tab;
+
+ if (protocol <= RTNL_FAMILY_MAX)
+ tab = rtnl_msg_handlers[protocol];
+ else
+ tab = NULL;
+
+ if (tab == NULL || tab[msgindex].calcit == NULL)
+ tab = rtnl_msg_handlers[PF_UNSPEC];
+
+ return tab ? tab[msgindex].calcit : NULL;
+}
+
/**
* __rtnl_register - Register a rtnetlink message type
* @protocol: Protocol family or PF_UNSPEC
* @msgtype: rtnetlink message type
* @doit: Function pointer called for each request message
* @dumpit: Function pointer called for each dump request (NLM_F_DUMP) message
+ * @calcit: Function pointer to calc size of dump message
*
* Registers the specified function pointers (at least one of them has
* to be non-NULL) to be called whenever a request message for the
@@ -162,7 +180,8 @@ static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex)
* Returns 0 on success or a negative error code.
*/
int __rtnl_register(int protocol, int msgtype,
- rtnl_doit_func doit, rtnl_dumpit_func dumpit)
+ rtnl_doit_func doit, rtnl_dumpit_func dumpit,
+ rtnl_calcit_func calcit)
{
struct rtnl_link *tab;
int msgindex;
@@ -185,6 +204,9 @@ int __rtnl_register(int protocol, int msgtype,
if (dumpit)
tab[msgindex].dumpit = dumpit;
+ if (calcit)
+ tab[msgindex].calcit = calcit;
+
return 0;
}
EXPORT_SYMBOL_GPL(__rtnl_register);
@@ -199,9 +221,10 @@ EXPORT_SYMBOL_GPL(__rtnl_register);
* of memory implies no sense in continuing.
*/
void rtnl_register(int protocol, int msgtype,
- rtnl_doit_func doit, rtnl_dumpit_func dumpit)
+ rtnl_doit_func doit, rtnl_dumpit_func dumpit,
+ rtnl_calcit_func calcit)
{
- if (__rtnl_register(protocol, msgtype, doit, dumpit) < 0)
+ if (__rtnl_register(protocol, msgtype, doit, dumpit, calcit) < 0)
panic("Unable to register rtnetlink message handler, "
"protocol = %d, message type = %d\n",
protocol, msgtype);
@@ -1818,6 +1841,11 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
return err;
}
+static u16 rtnl_calcit(struct sk_buff *skb)
+{
+ return min_ifinfo_dump_size;
+}
+
static int rtnl_dump_all(struct sk_buff *skb, struct netlink_callback *cb)
{
int idx;
@@ -1847,11 +1875,14 @@ void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change)
struct net *net = dev_net(dev);
struct sk_buff *skb;
int err = -ENOBUFS;
+ size_t if_info_size;
- skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL);
+ skb = nlmsg_new((if_info_size = if_nlmsg_size(dev)), GFP_KERNEL);
if (skb == NULL)
goto errout;
+ min_ifinfo_dump_size = max_t(u16, if_info_size, min_ifinfo_dump_size);
+
err = rtnl_fill_ifinfo(skb, dev, type, 0, 0, change, 0);
if (err < 0) {
/* -EMSGSIZE implies BUG in if_nlmsg_size() */
@@ -1902,14 +1933,20 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
struct sock *rtnl;
rtnl_dumpit_func dumpit;
+ rtnl_calcit_func calcit;
+ u16 min_dump_alloc = 0;
dumpit = rtnl_get_dumpit(family, type);
if (dumpit == NULL)
return -EOPNOTSUPP;
+ calcit = rtnl_get_calcit(family, type);
+ if (calcit)
+ min_dump_alloc = calcit(skb);
__rtnl_unlock();
rtnl = net->rtnl;
- err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL);
+ err = netlink_dump_start(rtnl, skb, nlh, dumpit,
+ NULL, min_dump_alloc);
rtnl_lock();
return err;
}
@@ -2019,12 +2056,13 @@ void __init rtnetlink_init(void)
netlink_set_nonroot(NETLINK_ROUTE, NL_NONROOT_RECV);
register_netdevice_notifier(&rtnetlink_dev_notifier);
- rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink, rtnl_dump_ifinfo);
- rtnl_register(PF_UNSPEC, RTM_SETLINK, rtnl_setlink, NULL);
- rtnl_register(PF_UNSPEC, RTM_NEWLINK, rtnl_newlink, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELLINK, rtnl_dellink, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink,
+ rtnl_dump_ifinfo, rtnl_calcit);
+ rtnl_register(PF_UNSPEC, RTM_SETLINK, rtnl_setlink, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_NEWLINK, rtnl_newlink, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELLINK, rtnl_dellink, NULL, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETADDR, NULL, rtnl_dump_all);
- rtnl_register(PF_UNSPEC, RTM_GETROUTE, NULL, rtnl_dump_all);
+ rtnl_register(PF_UNSPEC, RTM_GETADDR, NULL, rtnl_dump_all, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETROUTE, NULL, rtnl_dump_all, NULL);
}
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 3609eac..ed1bb8c 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1819,8 +1819,8 @@ static int __init dcbnl_init(void)
{
INIT_LIST_HEAD(&dcb_app_list);
- rtnl_register(PF_UNSPEC, RTM_GETDCB, dcb_doit, NULL);
- rtnl_register(PF_UNSPEC, RTM_SETDCB, dcb_doit, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETDCB, dcb_doit, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_SETDCB, dcb_doit, NULL, NULL);
return 0;
}
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index cf26ac7..3780fd6 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -1414,9 +1414,9 @@ void __init dn_dev_init(void)
dn_dev_devices_on();
- rtnl_register(PF_DECnet, RTM_NEWADDR, dn_nl_newaddr, NULL);
- rtnl_register(PF_DECnet, RTM_DELADDR, dn_nl_deladdr, NULL);
- rtnl_register(PF_DECnet, RTM_GETADDR, NULL, dn_nl_dump_ifaddr);
+ rtnl_register(PF_DECnet, RTM_NEWADDR, dn_nl_newaddr, NULL, NULL);
+ rtnl_register(PF_DECnet, RTM_DELADDR, dn_nl_deladdr, NULL, NULL);
+ rtnl_register(PF_DECnet, RTM_GETADDR, NULL, dn_nl_dump_ifaddr, NULL);
proc_net_fops_create(&init_net, "decnet_dev", S_IRUGO, &dn_dev_seq_fops);
diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index 1c74ed3..104324d 100644
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -763,8 +763,8 @@ void __init dn_fib_init(void)
register_dnaddr_notifier(&dn_fib_dnaddr_notifier);
- rtnl_register(PF_DECnet, RTM_NEWROUTE, dn_fib_rtm_newroute, NULL);
- rtnl_register(PF_DECnet, RTM_DELROUTE, dn_fib_rtm_delroute, NULL);
+ rtnl_register(PF_DECnet, RTM_NEWROUTE, dn_fib_rtm_newroute, NULL, NULL);
+ rtnl_register(PF_DECnet, RTM_DELROUTE, dn_fib_rtm_delroute, NULL, NULL);
}
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 74544bc..2949ca4 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -1841,10 +1841,11 @@ void __init dn_route_init(void)
proc_net_fops_create(&init_net, "decnet_cache", S_IRUGO, &dn_rt_cache_seq_fops);
#ifdef CONFIG_DECNET_ROUTER
- rtnl_register(PF_DECnet, RTM_GETROUTE, dn_cache_getroute, dn_fib_dump);
+ rtnl_register(PF_DECnet, RTM_GETROUTE, dn_cache_getroute,
+ dn_fib_dump, NULL);
#else
rtnl_register(PF_DECnet, RTM_GETROUTE, dn_cache_getroute,
- dn_cache_dump);
+ dn_cache_dump, NULL);
#endif
}
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 0d4a184..37b3c18 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1833,8 +1833,8 @@ void __init devinet_init(void)
rtnl_af_register(&inet_af_ops);
- rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL);
- rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL);
- rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr);
+ rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, NULL);
+ rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, NULL);
+ rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, NULL);
}
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 2252471..92fc5f6 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1124,9 +1124,9 @@ static struct pernet_operations fib_net_ops = {
void __init ip_fib_init(void)
{
- rtnl_register(PF_INET, RTM_NEWROUTE, inet_rtm_newroute, NULL);
- rtnl_register(PF_INET, RTM_DELROUTE, inet_rtm_delroute, NULL);
- rtnl_register(PF_INET, RTM_GETROUTE, NULL, inet_dump_fib);
+ rtnl_register(PF_INET, RTM_NEWROUTE, inet_rtm_newroute, NULL, NULL);
+ rtnl_register(PF_INET, RTM_DELROUTE, inet_rtm_delroute, NULL, NULL);
+ rtnl_register(PF_INET, RTM_GETROUTE, NULL, inet_dump_fib, NULL);
register_pernet_subsys(&fib_net_ops);
register_netdevice_notifier(&fib_netdev_notifier);
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 6ffe94c..5ff4765 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -871,7 +871,7 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
return netlink_dump_start(idiagnl, skb, nlh,
- inet_diag_dump, NULL);
+ inet_diag_dump, NULL, 0);
}
return inet_diag_get_exact(skb, nlh);
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 30a7763..aae2bd8 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -2544,7 +2544,8 @@ int __init ip_mr_init(void)
goto add_proto_fail;
}
#endif
- rtnl_register(RTNL_FAMILY_IPMR, RTM_GETROUTE, NULL, ipmr_rtm_dumproute);
+ rtnl_register(RTNL_FAMILY_IPMR, RTM_GETROUTE,
+ NULL, ipmr_rtm_dumproute, NULL);
return 0;
#ifdef CONFIG_IP_PIMSM_V2
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 52b0b95..aa29c62 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3295,7 +3295,7 @@ int __init ip_rt_init(void)
xfrm_init();
xfrm4_init(ip_rt_max_size);
#endif
- rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL);
+ rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
#ifdef CONFIG_SYSCTL
register_pernet_subsys(&sysctl_route_ops);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 498b927..954772b 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4692,16 +4692,20 @@ int __init addrconf_init(void)
if (err < 0)
goto errout_af;
- err = __rtnl_register(PF_INET6, RTM_GETLINK, NULL, inet6_dump_ifinfo);
+ err = __rtnl_register(PF_INET6, RTM_GETLINK, NULL, inet6_dump_ifinfo,
+ NULL);
if (err < 0)
goto errout;
/* Only the first call to __rtnl_register can fail */
- __rtnl_register(PF_INET6, RTM_NEWADDR, inet6_rtm_newaddr, NULL);
- __rtnl_register(PF_INET6, RTM_DELADDR, inet6_rtm_deladdr, NULL);
- __rtnl_register(PF_INET6, RTM_GETADDR, inet6_rtm_getaddr, inet6_dump_ifaddr);
- __rtnl_register(PF_INET6, RTM_GETMULTICAST, NULL, inet6_dump_ifmcaddr);
- __rtnl_register(PF_INET6, RTM_GETANYCAST, NULL, inet6_dump_ifacaddr);
+ __rtnl_register(PF_INET6, RTM_NEWADDR, inet6_rtm_newaddr, NULL, NULL);
+ __rtnl_register(PF_INET6, RTM_DELADDR, inet6_rtm_deladdr, NULL, NULL);
+ __rtnl_register(PF_INET6, RTM_GETADDR, inet6_rtm_getaddr,
+ inet6_dump_ifaddr, NULL);
+ __rtnl_register(PF_INET6, RTM_GETMULTICAST, NULL,
+ inet6_dump_ifmcaddr, NULL);
+ __rtnl_register(PF_INET6, RTM_GETANYCAST, NULL,
+ inet6_dump_ifacaddr, NULL);
ipv6_addr_label_rtnl_register();
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index c8993e5..2d8ddba 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -592,8 +592,11 @@ out:
void __init ipv6_addr_label_rtnl_register(void)
{
- __rtnl_register(PF_INET6, RTM_NEWADDRLABEL, ip6addrlbl_newdel, NULL);
- __rtnl_register(PF_INET6, RTM_DELADDRLABEL, ip6addrlbl_newdel, NULL);
- __rtnl_register(PF_INET6, RTM_GETADDRLABEL, ip6addrlbl_get, ip6addrlbl_dump);
+ __rtnl_register(PF_INET6, RTM_NEWADDRLABEL, ip6addrlbl_newdel,
+ NULL, NULL);
+ __rtnl_register(PF_INET6, RTM_DELADDRLABEL, ip6addrlbl_newdel,
+ NULL, NULL);
+ __rtnl_register(PF_INET6, RTM_GETADDRLABEL, ip6addrlbl_get,
+ ip6addrlbl_dump, NULL);
}
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 4076a0b..3030bdf 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1586,7 +1586,8 @@ int __init fib6_init(void)
if (ret)
goto out_kmem_cache_create;
- ret = __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib);
+ ret = __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib,
+ NULL);
if (ret)
goto out_unregister_subsys;
out:
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 82a8099..705c828 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1354,7 +1354,8 @@ int __init ip6_mr_init(void)
goto add_proto_fail;
}
#endif
- rtnl_register(RTNL_FAMILY_IP6MR, RTM_GETROUTE, NULL, ip6mr_rtm_dumproute);
+ rtnl_register(RTNL_FAMILY_IP6MR, RTM_GETROUTE, NULL,
+ ip6mr_rtm_dumproute, NULL);
return 0;
#ifdef CONFIG_IPV6_PIMSM_V2
add_proto_fail:
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index de2b1de..216ff31 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2925,9 +2925,9 @@ int __init ip6_route_init(void)
goto xfrm6_init;
ret = -ENOBUFS;
- if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL) ||
- __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL) ||
- __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL))
+ if (__rtnl_register(PF_INET6, RTM_NEWROUTE, inet6_rtm_newroute, NULL, NULL) ||
+ __rtnl_register(PF_INET6, RTM_DELROUTE, inet6_rtm_delroute, NULL, NULL) ||
+ __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL, NULL))
goto fib6_rules_init;
ret = register_netdevice_notifier(&ip6_route_dev_notifier);
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 8041bef..333b0be 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1120,7 +1120,7 @@ ip_set_dump(struct sock *ctnl, struct sk_buff *skb,
return netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
- ip_set_dump_done);
+ ip_set_dump_done, 0);
}
/* Add, del and test */
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 482e90c..7dec88a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -970,7 +970,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
if (nlh->nlmsg_flags & NLM_F_DUMP)
return netlink_dump_start(ctnl, skb, nlh, ctnetlink_dump_table,
- ctnetlink_done);
+ ctnetlink_done, 0);
err = ctnetlink_parse_zone(cda[CTA_ZONE], &zone);
if (err < 0)
@@ -1840,7 +1840,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
if (nlh->nlmsg_flags & NLM_F_DUMP) {
return netlink_dump_start(ctnl, skb, nlh,
ctnetlink_exp_dump_table,
- ctnetlink_exp_done);
+ ctnetlink_exp_done, 0);
}
err = ctnetlink_parse_zone(cda[CTA_EXPECT_ZONE], &zone);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 6ef64ad..0b92f7549 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1659,13 +1659,10 @@ static int netlink_dump(struct sock *sk)
{
struct netlink_sock *nlk = nlk_sk(sk);
struct netlink_callback *cb;
- struct sk_buff *skb;
+ struct sk_buff *skb = NULL;
struct nlmsghdr *nlh;
int len, err = -ENOBUFS;
-
- skb = sock_rmalloc(sk, NLMSG_GOODSIZE, 0, GFP_KERNEL);
- if (!skb)
- goto errout;
+ int alloc_size;
mutex_lock(nlk->cb_mutex);
@@ -1675,6 +1672,12 @@ static int netlink_dump(struct sock *sk)
goto errout_skb;
}
+ alloc_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE);
+
+ skb = sock_rmalloc(sk, alloc_size, 0, GFP_KERNEL);
+ if (!skb)
+ goto errout;
+
len = cb->dump(skb, cb);
if (len > 0) {
@@ -1721,7 +1724,8 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
const struct nlmsghdr *nlh,
int (*dump)(struct sk_buff *skb,
struct netlink_callback *),
- int (*done)(struct netlink_callback *))
+ int (*done)(struct netlink_callback *),
+ u16 min_dump_alloc)
{
struct netlink_callback *cb;
struct sock *sk;
@@ -1735,6 +1739,7 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
cb->dump = dump;
cb->done = done;
cb->nlh = nlh;
+ cb->min_dump_alloc = min_dump_alloc;
atomic_inc(&skb->users);
cb->skb = skb;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 1781d99..482fa57 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -525,7 +525,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
genl_unlock();
err = netlink_dump_start(net->genl_sock, skb, nlh,
- ops->dumpit, ops->done);
+ ops->dumpit, ops->done, 0);
genl_lock();
return err;
}
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index 438accb..d61f676 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -289,15 +289,16 @@ out:
int __init phonet_netlink_register(void)
{
- int err = __rtnl_register(PF_PHONET, RTM_NEWADDR, addr_doit, NULL);
+ int err = __rtnl_register(PF_PHONET, RTM_NEWADDR, addr_doit,
+ NULL, NULL);
if (err)
return err;
/* Further __rtnl_register() cannot fail */
- __rtnl_register(PF_PHONET, RTM_DELADDR, addr_doit, NULL);
- __rtnl_register(PF_PHONET, RTM_GETADDR, NULL, getaddr_dumpit);
- __rtnl_register(PF_PHONET, RTM_NEWROUTE, route_doit, NULL);
- __rtnl_register(PF_PHONET, RTM_DELROUTE, route_doit, NULL);
- __rtnl_register(PF_PHONET, RTM_GETROUTE, NULL, route_dumpit);
+ __rtnl_register(PF_PHONET, RTM_DELADDR, addr_doit, NULL, NULL);
+ __rtnl_register(PF_PHONET, RTM_GETADDR, NULL, getaddr_dumpit, NULL);
+ __rtnl_register(PF_PHONET, RTM_NEWROUTE, route_doit, NULL, NULL);
+ __rtnl_register(PF_PHONET, RTM_DELROUTE, route_doit, NULL, NULL);
+ __rtnl_register(PF_PHONET, RTM_GETROUTE, NULL, route_dumpit, NULL);
return 0;
}
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index a606025..2f64262 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -1115,9 +1115,10 @@ nlmsg_failure:
static int __init tc_action_init(void)
{
- rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action);
+ rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action,
+ NULL);
return 0;
}
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index bb2c523..9563887 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -610,10 +610,10 @@ EXPORT_SYMBOL(tcf_exts_dump_stats);
static int __init tc_filter_init(void)
{
- rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_ctl_tfilter, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_ctl_tfilter, NULL);
+ rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_ctl_tfilter, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_ctl_tfilter, NULL, NULL);
rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_ctl_tfilter,
- tc_dump_tfilter);
+ tc_dump_tfilter, NULL);
return 0;
}
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 6b86276..8182aef 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1792,12 +1792,12 @@ static int __init pktsched_init(void)
register_qdisc(&pfifo_head_drop_qdisc_ops);
register_qdisc(&mq_qdisc_ops);
- rtnl_register(PF_UNSPEC, RTM_NEWQDISC, tc_modify_qdisc, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELQDISC, tc_get_qdisc, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETQDISC, tc_get_qdisc, tc_dump_qdisc);
- rtnl_register(PF_UNSPEC, RTM_NEWTCLASS, tc_ctl_tclass, NULL);
- rtnl_register(PF_UNSPEC, RTM_DELTCLASS, tc_ctl_tclass, NULL);
- rtnl_register(PF_UNSPEC, RTM_GETTCLASS, tc_ctl_tclass, tc_dump_tclass);
+ rtnl_register(PF_UNSPEC, RTM_NEWQDISC, tc_modify_qdisc, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELQDISC, tc_get_qdisc, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETQDISC, tc_get_qdisc, tc_dump_qdisc, NULL);
+ rtnl_register(PF_UNSPEC, RTM_NEWTCLASS, tc_ctl_tclass, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELTCLASS, tc_ctl_tclass, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETTCLASS, tc_ctl_tclass, tc_dump_tclass, NULL);
return 0;
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index c658cb3..0256b8a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2299,7 +2299,8 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (link->dump == NULL)
return -EINVAL;
- return netlink_dump_start(net->xfrm.nlsk, skb, nlh, link->dump, link->done);
+ return netlink_dump_start(net->xfrm.nlsk, skb, nlh,
+ link->dump, link->done, 0);
}
err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX,
--
1.7.5.2
^ permalink raw reply related
* [net-next 38/40] ixgbe: Update feature flags so that LRO and Ntuple are restricted
From: Jeff Kirsher @ 2011-06-07 12:33 UTC (permalink / raw)
To: davem; +Cc: Alexander Duyck, netdev, gospo, Jeff Kirsher
In-Reply-To: <1307449995-9458-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Alexander Duyck <alexander.h.duyck@intel.com>
This change makes it so that LRO and Ntuple flags are correctly restricted
to only devices that support those features. Currently we weren't
enforcing any of those restrictions and as such it was possible to do
things such as enable LRO without it actually being supported on the
hardware.
This change also makes a slight modification to the code that assumes the
ETH_FLAG_RXVLAN is the same as the netdev flag. I corrected it by just adding
a !! to cast the result of the flag & to a bool in order to guarantee the two
checks are compared as boolean values.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Evan Swanson <evan.swanson@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ixgbe/ixgbe_ethtool.c | 25 ++++++++++++++++---------
1 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ixgbe/ixgbe_ethtool.c b/drivers/net/ixgbe/ixgbe_ethtool.c
index 74a53ca..e4ff46d 100644
--- a/drivers/net/ixgbe/ixgbe_ethtool.c
+++ b/drivers/net/ixgbe/ixgbe_ethtool.c
@@ -2289,7 +2289,8 @@ static int ixgbe_set_coalesce(struct net_device *netdev,
static int ixgbe_set_flags(struct net_device *netdev, u32 data)
{
struct ixgbe_adapter *adapter = netdev_priv(netdev);
- bool need_reset = false;
+ bool need_reset;
+ u32 supported_flags = ETH_FLAG_RXVLAN | ETH_FLAG_TXVLAN;
int rc;
#ifdef CONFIG_IXGBE_DCB
@@ -2298,16 +2299,22 @@ static int ixgbe_set_flags(struct net_device *netdev, u32 data)
return -EINVAL;
#endif
- need_reset = (data & ETH_FLAG_RXVLAN) !=
- (netdev->features & NETIF_F_HW_VLAN_RX);
+ need_reset = !!(data & ETH_FLAG_RXVLAN) !=
+ !!(netdev->features & NETIF_F_HW_VLAN_RX);
- if ((data & ETH_FLAG_RXHASH) &&
- !(adapter->flags & IXGBE_FLAG_RSS_ENABLED))
- return -EOPNOTSUPP;
+ switch (adapter->hw.mac.type) {
+ case ixgbe_mac_X540:
+ case ixgbe_mac_82599EB:
+ supported_flags |= ETH_FLAG_NTUPLE | ETH_FLAG_LRO;
+ break;
+ default:
+ break;
+ }
+
+ if (adapter->flags & IXGBE_FLAG_RSS_ENABLED)
+ supported_flags |= ETH_FLAG_RXHASH;
- rc = ethtool_op_set_flags(netdev, data, ETH_FLAG_LRO | ETH_FLAG_NTUPLE |
- ETH_FLAG_RXVLAN | ETH_FLAG_TXVLAN |
- ETH_FLAG_RXHASH);
+ rc = ethtool_op_set_flags(netdev, data, supported_flags);
if (rc)
return rc;
--
1.7.5.2
^ permalink raw reply related
* [net-next 39/40] ixgbe: update driver version string
From: Jeff Kirsher @ 2011-06-07 12:33 UTC (permalink / raw)
To: davem; +Cc: Don Skidmore, netdev, gospo, Jeff Kirsher
In-Reply-To: <1307449995-9458-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Don Skidmore <donald.c.skidmore@intel.com>
Update the ixgbe driver version string to better match the Source Driver
with similar device support. Likewise update to the current LAD Linux
versioning scheme.
Signed-of-by: Don Skidmore <donald.c.skidmore@intel.com>
Tested-by: Evan Swanson <evan.swanson@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ixgbe/ixgbe_main.c | 8 ++++----
drivers/net/ixgbe/ixgbe_type.h | 3 ++-
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ixgbe/ixgbe_main.c b/drivers/net/ixgbe/ixgbe_main.c
index a5425e8..cb52ff8 100644
--- a/drivers/net/ixgbe/ixgbe_main.c
+++ b/drivers/net/ixgbe/ixgbe_main.c
@@ -53,11 +53,10 @@ char ixgbe_driver_name[] = "ixgbe";
static const char ixgbe_driver_string[] =
"Intel(R) 10 Gigabit PCI Express Network Driver";
#define MAJ 3
-#define MIN 3
+#define MIN 4
#define BUILD 8
-#define KFIX 2
#define DRV_VERSION __stringify(MAJ) "." __stringify(MIN) "." \
- __stringify(BUILD) "-k" __stringify(KFIX)
+ __stringify(BUILD) "-k"
const char ixgbe_driver_version[] = DRV_VERSION;
static const char ixgbe_copyright[] =
"Copyright (c) 1999-2011 Intel Corporation.";
@@ -7723,7 +7722,8 @@ static int __devinit ixgbe_probe(struct pci_dev *pdev,
/* Inform firmware of driver version */
if (hw->mac.ops.set_fw_drv_ver)
- hw->mac.ops.set_fw_drv_ver(hw, MAJ, MIN, BUILD, KFIX);
+ hw->mac.ops.set_fw_drv_ver(hw, MAJ, MIN, BUILD,
+ FW_CEM_UNUSED_VER);
/* add san mac addr to netdev */
ixgbe_add_sanmac_netdev(netdev);
diff --git a/drivers/net/ixgbe/ixgbe_type.h b/drivers/net/ixgbe/ixgbe_type.h
index 8b1abd4..1eefc0c 100644
--- a/drivers/net/ixgbe/ixgbe_type.h
+++ b/drivers/net/ixgbe/ixgbe_type.h
@@ -2143,7 +2143,8 @@ enum ixgbe_fdir_pballoc_type {
#define FW_CEM_HDR_LEN 0x4
#define FW_CEM_CMD_DRIVER_INFO 0xDD
#define FW_CEM_CMD_DRIVER_INFO_LEN 0x5
-#define FW_CEM_CMD_RESERVED 0X0
+#define FW_CEM_CMD_RESERVED 0x0
+#define FW_CEM_UNUSED_VER 0x0
#define FW_CEM_MAX_RETRIES 3
#define FW_CEM_RESP_STATUS_SUCCESS 0x1
--
1.7.5.2
^ permalink raw reply related
* [net-next 40/40] ixgbevf: Update the driver string
From: Jeff Kirsher @ 2011-06-07 12:33 UTC (permalink / raw)
To: davem; +Cc: Greg Rose, netdev, gospo, Jeff Kirsher
In-Reply-To: <1307449995-9458-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Tested-by: Evan Swanson <evan.swanson@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ixgbevf/ixgbevf_main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/net/ixgbevf/ixgbevf_main.c b/drivers/net/ixgbevf/ixgbevf_main.c
index 28d3cb2..b2c5ecd 100644
--- a/drivers/net/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ixgbevf/ixgbevf_main.c
@@ -52,7 +52,7 @@ char ixgbevf_driver_name[] = "ixgbevf";
static const char ixgbevf_driver_string[] =
"Intel(R) 10 Gigabit PCI Express Virtual Function Network Driver";
-#define DRV_VERSION "2.0.0-k2"
+#define DRV_VERSION "2.1.0-k"
const char ixgbevf_driver_version[] = DRV_VERSION;
static char ixgbevf_copyright[] =
"Copyright (c) 2009 - 2010 Intel Corporation.";
--
1.7.5.2
^ permalink raw reply related
* [net-2.6] igb: fix i350 SR-IOV failture
From: Jeff Kirsher @ 2011-06-07 12:38 UTC (permalink / raw)
To: davem; +Cc: Williams, Mitch A, netdev, gospo, stable, Jeff Kirsher
From: "Williams, Mitch A" <mitch.a.williams@intel.com>
When SR-IOV is enabled, i350 devices fail to pass traffic. This is due to
the driver attempting to enable RSS on the PF device, which is not
supported by the i350.
When max_vfs is specified on an i350 adapter, set the number of RSS queues
to 1.
This issue affects 2.6.39 as well.
CC: stable@kernel.org
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/igb/igb_main.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c
index 18fccf9..2c28621 100644
--- a/drivers/net/igb/igb_main.c
+++ b/drivers/net/igb/igb_main.c
@@ -2373,6 +2373,9 @@ static int __devinit igb_sw_init(struct igb_adapter *adapter)
}
#endif /* CONFIG_PCI_IOV */
adapter->rss_queues = min_t(u32, IGB_MAX_RX_QUEUES, num_online_cpus());
+ /* i350 cannot do RSS and SR-IOV at the same time */
+ if (hw->mac.type == e1000_i350 && adapter->vfs_allocated_count)
+ adapter->rss_queues = 1;
/*
* if rss_queues > 4 or vfs are going to be allocated with rss_queues
--
1.7.5.2
^ permalink raw reply related
* RE: SO_BINDTODEVICE inconsistency between IPv4 and IPv6
From: Yuniverg, Michael @ 2011-06-07 12:55 UTC (permalink / raw)
To: David Woodhouse, netdev@vger.kernel.org; +Cc: Yedvab, Nadav
In-Reply-To: <1306537651.2029.196.camel@i7.infradead.org>
[-- Attachment #1.1: Type: text/plain, Size: 1303 bytes --]
Hi David, all
I went as far as to see that different Kernel code is responsible for IPv4 and IPv6 implementation.
We closed the issue in current version as a limitation, but of course we would be happy to get rid of that.
Probably it would be a bit easier to get support in the next version, since we are going to base on another Linux flavor, which is based on latest Kernel.
Michael
> -----Original Message-----
> From: David Woodhouse [mailto:dwmw2@infradead.org]
> Sent: Saturday, May 28, 2011 2:08 AM
> To: netdev@vger.kernel.org
> Cc: Yuniverg, Michael; Yedvab, Nadav
> Subject: Re: SO_BINDTODEVICE inconsistency between IPv4 and IPv6
>
> On Thu, 2011-03-17 at 10:29 +0000, David Woodhouse wrote:
> > We've discovered strange behaviour when we listen on in6addr_any and
> > use SO_BINDTODEVICE to bind to the lo device.
> >
> > We can connect to any IPv4 address that is local to the machine, on
> > any interface. (This is true whether we listen on AF_INET6/in6addr_any
> > and accept IPv4 connections on the IPv6 socket, or whether we just
> > listen on AF_INET/INADDR_ANY).
> >
> > The IPv6 behaviour is different — the only IPv6 address that we can
> > connect to is ::1.
>
> Michael, Nadav ― did you ever get any further with this?
>
> --
> dwmw2
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5256 bytes --]
[-- Attachment #2: Type: text/plain, Size: 366 bytes --]
---------------------------------------------------------------------
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
^ permalink raw reply
* Re: [net-next 24/40] ixgbe: alloc DDP PCI pool and ixgbe queues as per NUMA nodes
From: Ben Hutchings @ 2011-06-07 12:58 UTC (permalink / raw)
To: Jeff Kirsher; +Cc: davem, Vasu Dev, netdev, gospo
In-Reply-To: <1307449995-9458-25-git-send-email-jeffrey.t.kirsher@intel.com>
On Tue, 2011-06-07 at 05:32 -0700, Jeff Kirsher wrote:
> From: Vasu Dev <vasu.dev@intel.com>
>
> Have DDP PCI pools allocated from closest NUMA node to the CPU
> and have ixgbe queues allocs per NUMA node.
>
> Signed-off-by: Vasu Dev <vasu.dev@intel.com>
> Tested-by: Ross Brattain <ross.b.brattain@intel.com>
> Tested-by: Evan Swanson <evan.swanson@intel.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
> ---
> drivers/net/ixgbe/ixgbe_fcoe.c | 8 ++++++--
> drivers/net/ixgbe/ixgbe_main.c | 12 +++++++++---
> 2 files changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/ixgbe/ixgbe_fcoe.c b/drivers/net/ixgbe/ixgbe_fcoe.c
> index aadff4f..71e8458 100644
> --- a/drivers/net/ixgbe/ixgbe_fcoe.c
> +++ b/drivers/net/ixgbe/ixgbe_fcoe.c
> @@ -615,7 +615,7 @@ static void ixgbe_fcoe_ddp_pools_free(struct ixgbe_fcoe *fcoe)
> static void ixgbe_fcoe_ddp_pools_alloc(struct ixgbe_adapter *adapter)
> {
> struct ixgbe_fcoe *fcoe = &adapter->fcoe;
> - unsigned int cpu;
> + unsigned int cpu, nid;
> struct pci_pool **pool;
> char pool_name[32];
>
> @@ -623,19 +623,23 @@ static void ixgbe_fcoe_ddp_pools_alloc(struct ixgbe_adapter *adapter)
> if (!fcoe->pool)
> return;
>
> + nid = dev_to_node(&adapter->pdev->dev);
> /* allocate pci pool for each cpu */
> for_each_possible_cpu(cpu) {
> snprintf(pool_name, 32, "ixgbe_fcoe_ddp_%d", cpu);
> pool = per_cpu_ptr(fcoe->pool, cpu);
> + set_dev_node(&adapter->pdev->dev, cpu_to_node(cpu));
> *pool = pci_pool_create(pool_name,
> adapter->pdev, IXGBE_FCPTR_MAX,
> IXGBE_FCPTR_ALIGN, PAGE_SIZE);
> if (!*pool) {
> e_err(drv, "failed to alloc DDP pool on cpu:%d\n", cpu);
> ixgbe_fcoe_ddp_pools_free(fcoe);
> - return;
> + break;
> }
> }
> + /* restore original node value */
> + set_dev_node(&adapter->pdev->dev, nid);
> }
[...]
This is a horrible hack. You should fix the API so that you can
override the node ID, rather than modifying the device.
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply
* Re: [PATCH] Use unsigned variables for packet lengths in ip[6]_queue.
From: Patrick McHardy @ 2011-06-07 12:59 UTC (permalink / raw)
To: David Miller; +Cc: davej, netdev, netfilter-devel, pablo
In-Reply-To: <20110602.135742.1323883827030625599.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 2230 bytes --]
On 02.06.2011 22:57, David Miller wrote:
> From: Dave Jones <davej@redhat.com>
> Date: Fri, 27 May 2011 20:36:51 -0400
>
>> On Tue, Apr 19, 2011 at 08:41:05PM -0700, David Miller wrote:
>> > From: Dave Jones <davej@redhat.com>
>> > Date: Tue, 19 Apr 2011 21:42:22 -0400
>> >
>> > > Not catastrophic, but ipqueue seems to be too trusting of what it gets
>> > > passed from userspace, and passes it on down to the page allocator,
>> > > where it will spew warnings if the page order is too high.
>> > >
>> > > __ipq_rcv_skb has several checks for lengths too small, but doesn't
>> > > seem to have any for oversized ones. I'm not sure what the maximum
>> > > we should check for is. I'll code up a diff if anyone has any ideas
>> > > on a sane maximum.
>> >
>> > Maybe the thing to do is to simply pass __GFP_NOWARN to nlmsg_new()
>> > in netlink_ack()?
>> >
>> > Anyone else have a better idea?
>>
>> So I went back to this today, and found something that doesn't look right.
>> After adding some instrumentation, and re-running my tests, I found that
>> the reason we were blowing up with enormous allocations was that we
>> were passing down a nlmsglen's like -1061109568
>>
>> Is there any reason for that to be signed ?
>> The nlmsg_len entry of nlmsghdr is a u32, so I'm assuming this is a bug.
>>
>> With the patch below, I haven't been able to reproduce the problem, but
>> I don't know if I've inadvertantly broken some other behaviour somewhere
>> deeper in netlink where this is valid.
This is fine, but I'm wondering whether this can really fix the problem
you've been seeing. Before the packet is reallocated, the length of
nlmsglen - NLMSGLEN(0) - sizeof(struct ipq_peer_msg) is compared to
ipq_peer_msg->data_len, so both values need to be wrong.
ipq_peer_msg->data_len is a size_t, so it's unsigned.
I think what we should additionally do is verify that data_len < 65535
since that's the maximum size of an IP packet.
Using __GFP_NOWARN also makes sense in my opinion since ip_queue
prints a warning anyways and we return an errno code to userspace.
On second thought, we could also simply use GFP_KERNEL, AFAICS
packet reinjection does not happen in atomic context. I'll give
that a try.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 920 bytes --]
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index f7f9bd7..8ded42d 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -279,6 +279,9 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct nf_queue_entry *e)
if (v->data_len < sizeof(*user_iph))
return 0;
+ if (v->data_len > 65535)
+ return -EMSGSIZE;
+
diff = v->data_len - e->skb->len;
if (diff < 0) {
if (pskb_trim(e->skb, v->data_len))
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 065fe40..4ea6a9d 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -279,6 +279,9 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct nf_queue_entry *e)
if (v->data_len < sizeof(*user_iph))
return 0;
+ if (v->data_len > 65535)
+ return -EMSGSIZE;
+
diff = v->data_len - e->skb->len;
if (diff < 0) {
if (pskb_trim(e->skb, v->data_len))
^ permalink raw reply related
* Re: [net-next 31/40] ethtool: remove support for ETHTOOL_GRXNTUPLE
From: Ben Hutchings @ 2011-06-07 13:06 UTC (permalink / raw)
To: Jeff Kirsher; +Cc: davem, Alexander Duyck, netdev, gospo
In-Reply-To: <1307449995-9458-32-git-send-email-jeffrey.t.kirsher@intel.com>
On Tue, 2011-06-07 at 05:33 -0700, Jeff Kirsher wrote:
> From: Alexander Duyck <alexander.h.duyck@intel.com>
>
> This change is meant to remove all support for displaying an ntuple as
> strings via ETHTOOL_GRXNTUPLE. The reason for this change is due to the
> fact that multiple issues have been found including:
> - Multiple buffer overruns for strings being displayed.
> - Incorrect filters displayed, cleared filters with ring of -2 are displayed
> - Setting get_rx_ntuple displays no rules if defined.
> - Endianess wrong on displayed values.
> - Hard limit of 1024 filters makes display functionality extremely limited
>
> The only driver that had supported this interface was ixgbe. Since it no
> longer uses the interface and due to the issues mentioned above I am
> submitting this patch to remove it.
>
> Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
> Tested-by: Ross Brattain <ross.b.brattain@intel.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
> ---
> include/linux/ethtool.h | 8 +-
> include/linux/netdevice.h | 3 -
> net/core/dev.c | 5 -
> net/core/ethtool.c | 299 ---------------------------------------------
> 4 files changed, 2 insertions(+), 313 deletions(-)
>
> diff --git a/include/linux/ethtool.h b/include/linux/ethtool.h
> index c6a850a..3310ab6 100644
> --- a/include/linux/ethtool.h
> +++ b/include/linux/ethtool.h
> @@ -287,7 +287,7 @@ enum ethtool_stringset {
> ETH_SS_TEST = 0,
> ETH_SS_STATS,
> ETH_SS_PRIV_FLAGS,
> - ETH_SS_NTUPLE_FILTERS,
> + ETH_SS_DO_NOT_USE, /* was ETH_SS_NTUPLE_FILTERS */
> ETH_SS_FEATURES,
> };
>
Since this feature didn't work properly, any code that tried to use it
didn't really work, but it still feels kind of wrong to turn that into a
compile error. And it does no harm to leave the definition here, though
you may want to comment that it is no longer supported.
> @@ -720,8 +720,6 @@ struct ethtool_rx_ntuple_flow_spec_container {
> };
>
> struct ethtool_rx_ntuple_list {
> -#define ETHTOOL_MAX_NTUPLE_LIST_ENTRY 1024
> -#define ETHTOOL_MAX_NTUPLE_STRING_PER_ENTRY 14
> struct list_head list;
> unsigned int count;
> };
You can remove struct ethtool_rx_ntuple_flow_spec_container and struct
ethtool_rx_ntuple_list as they were not exposed to userland.
[...]
> @@ -1017,7 +1013,7 @@ struct ethtool_ops {
> #define ETHTOOL_FLASHDEV 0x00000033 /* Flash firmware to device */
> #define ETHTOOL_RESET 0x00000034 /* Reset hardware */
> #define ETHTOOL_SRXNTUPLE 0x00000035 /* Add an n-tuple filter to device */
> -#define ETHTOOL_GRXNTUPLE 0x00000036 /* Get n-tuple filters from device */
> +/* ETHTOOL_GRXNTUPLE 0x00000036 disabled due to multiple issues */
> #define ETHTOOL_GSSET_INFO 0x00000037 /* Get string set info */
> #define ETHTOOL_GRXFHINDIR 0x00000038 /* Get RX flow hash indir'n table */
> #define ETHTOOL_SRXFHINDIR 0x00000039 /* Set RX flow hash indir'n table */
[...]
Same here; the command number needs to be reserved forever and the
definition does no harm.
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply
* Re: [net-next 38/40] ixgbe: Update feature flags so that LRO and Ntuple are restricted
From: Ben Hutchings @ 2011-06-07 13:15 UTC (permalink / raw)
To: Jeff Kirsher; +Cc: davem, Alexander Duyck, netdev, gospo
In-Reply-To: <1307449995-9458-39-git-send-email-jeffrey.t.kirsher@intel.com>
On Tue, 2011-06-07 at 05:33 -0700, Jeff Kirsher wrote:
> From: Alexander Duyck <alexander.h.duyck@intel.com>
>
> This change makes it so that LRO and Ntuple flags are correctly restricted
> to only devices that support those features. Currently we weren't
> enforcing any of those restrictions and as such it was possible to do
> things such as enable LRO without it actually being supported on the
> hardware.
>
> This change also makes a slight modification to the code that assumes the
> ETH_FLAG_RXVLAN is the same as the netdev flag. I corrected it by just adding
> a !! to cast the result of the flag & to a bool in order to guarantee the two
> checks are compared as boolean values.
[...]
You could BUILD_BUG_ON(ETH_FLAG_RXVLAN != NETIF_F_HW_VLAN_RX).
Or implement the new features interface like every other driver...
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Brad Campbell @ 2011-06-07 13:27 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Avi Kivity, CaT, Borislav Petkov, linux-kernel, kvm, netdev
In-Reply-To: <1307391746.2642.11.camel@edumazet-laptop>
On 07/06/11 04:22, Eric Dumazet wrote:
> Could you please try latest linux-2.6 tree ?
>
> We fixed many networking bugs that could explain your crash.
>
>
>
>
No good I'm afraid.
[ 543.040056]
=============================================================================
[ 543.040136] BUG ip_dst_cache: Padding overwritten.
0xffff8803e4217ffe-0xffff8803e4217fff
[ 543.040194]
-----------------------------------------------------------------------------
[ 543.040198]
[ 543.040298] INFO: Slab 0xffffea000d9e74d0 objects=25 used=25 fp=0x
(null) flags=0x8000000000004081
[ 543.040364] Pid: 4576, comm: kworker/1:2 Not tainted 3.0.0-rc2 #1
[ 543.040415] Call Trace:
[ 543.040472] [<ffffffff810b9c1d>] ? slab_err+0xad/0xd0
[ 543.040528] [<ffffffff8102e034>] ? check_preempt_wakeup+0xa4/0x160
[ 543.040595] [<ffffffff810ba206>] ? slab_pad_check+0x126/0x170
[ 543.040650] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
[ 543.040701] [<ffffffff810ba29a>] ? check_slab+0x4a/0xc0
[ 543.040753] [<ffffffff810baf2d>] ? free_debug_processing+0x2d/0x250
[ 543.040808] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 543.040862] [<ffffffff810bbe99>] ? kmem_cache_free+0x99/0xa0
[ 543.040915] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
[ 543.040967] [<ffffffff813307f6>] ? dst_gc_task+0x196/0x1f0
[ 543.041021] [<ffffffff8104e954>] ? queue_delayed_work_on+0x154/0x160
[ 543.041081] [<ffffffff813066fe>] ? do_dbs_timer+0x20e/0x3d0
[ 543.041133] [<ffffffff81330660>] ? dst_alloc+0x180/0x180
[ 543.041187] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
[ 543.041242] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
[ 543.041296] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
[ 543.041678] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 543.041729] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 543.041782] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 543.041835] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 543.041890] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 543.041944] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 543.041993] Padding 0xffff8803e4217f40: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.042718] Padding 0xffff8803e4217f50: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.043433] Padding 0xffff8803e4217f60: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.044155] Padding 0xffff8803e4217f70: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.044866] Padding 0xffff8803e4217f80: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.045590] Padding 0xffff8803e4217f90: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.046311] Padding 0xffff8803e4217fa0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.047034] Padding 0xffff8803e4217fb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.047755] Padding 0xffff8803e4217fc0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.048474] Padding 0xffff8803e4217fd0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.049203] Padding 0xffff8803e4217fe0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.049909] Padding 0xffff8803e4217ff0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 00 00 ZZZZZZZZZZZZZZ..
[ 543.050021] FIX ip_dst_cache: Restoring
0xffff8803e4217f40-0xffff8803e4217fff=0x5a
[ 543.050021]
Dropped -mm, Hugh and Andrea from CC as this does not appear to be mm or
ksm related.
I'll pare down the firewall and see if I can make it break easier with a
smaller test set.
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Patrick McHardy @ 2011-06-07 13:30 UTC (permalink / raw)
To: Brad Campbell
Cc: Bart De Schuymer, kvm, linux-mm, linux-kernel, netdev,
netfilter-devel
In-Reply-To: <4DED9C23.2030408@fnarfbargle.com>
On 07.06.2011 05:33, Brad Campbell wrote:
> On 07/06/11 04:10, Bart De Schuymer wrote:
>> Hi Brad,
>>
>> This has probably nothing to do with ebtables, so please rmmod in case
>> it's loaded.
>> A few questions I didn't directly see an answer to in the threads I
>> scanned...
>> I'm assuming you actually use the bridging firewall functionality. So,
>> what iptables modules do you use? Can you reduce your iptables rules to
>> a core that triggers the bug?
>> Or does it get triggered even with an empty set of firewall rules?
>> Are you using a stock .35 kernel or is it patched?
>> Is this something I can trigger on a poor guy's laptop or does it
>> require specialized hardware (I'm catching up on qemu/kvm...)?
>
> Not specialised hardware as such, I've just not been able to reproduce
> it outside of this specific operating scenario.
The last similar problem we've had was related to the 32/64 bit compat
code. Are you running 32 bit userspace on a 64 bit kernel?
> I can't trigger it with empty firewall rules as it relies on a DNAT to
> occur. If I try it directly to the internal IP address (as I have to
> without netfilter loaded) then of course nothing fails.
>
> It's a pain in the bum as a fault, but it's one I can easily reproduce
> as long as I use the same set of circumstances.
>
> I'll try using 3.0-rc2 (current git) tonight, and if I can reproduce it
> on that then I'll attempt to pare down the IPTABLES rules to a bare
> minimum.
>
> It is nothing to do with ebtables as I don't compile it. I'm not really
> sure about "bridging firewall" functionality. I just use a couple of
> hand coded bash scripts to set the tables up.
>From one of your previous mails:
> # CONFIG_BRIDGE_NF_EBTABLES is not set
How about CONFIG_BRIDGE_NETFILTER?
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Eric Dumazet @ 2011-06-07 13:37 UTC (permalink / raw)
To: Brad Campbell; +Cc: Avi Kivity, CaT, Borislav Petkov, linux-kernel, kvm, netdev
In-Reply-To: <4DEE273F.7090402@fnarfbargle.com>
Le mardi 07 juin 2011 à 21:27 +0800, Brad Campbell a écrit :
> On 07/06/11 04:22, Eric Dumazet wrote:
>
> > Could you please try latest linux-2.6 tree ?
> >
> > We fixed many networking bugs that could explain your crash.
> >
> >
> >
> >
>
> No good I'm afraid.
>
> [ 543.040056]
> =============================================================================
> [ 543.040136] BUG ip_dst_cache: Padding overwritten.
> 0xffff8803e4217ffe-0xffff8803e4217fff
> [ 543.040194]
Thats pretty strange : These are the last two bytes of a page, set to
0x0000 (a 16 bit value)
There is no way a dst field could actually sit on this location (its a
padding), since a dst is a bit less than 256 bytes (0xe8), and each
entry is aligned on a 64byte address.
grep dst /proc/slabinfo
ip_dst_cache 32823 62944 256 32 2 : tunables 0 0
0 : slabdata 1967 1967 0
sizeof(struct rtable)=0xe8
> -----------------------------------------------------------------------------
> [ 543.040198]
> [ 543.040298] INFO: Slab 0xffffea000d9e74d0 objects=25 used=25 fp=0x
> (null) flags=0x8000000000004081
> [ 543.040364] Pid: 4576, comm: kworker/1:2 Not tainted 3.0.0-rc2 #1
> [ 543.040415] Call Trace:
> [ 543.040472] [<ffffffff810b9c1d>] ? slab_err+0xad/0xd0
> [ 543.040528] [<ffffffff8102e034>] ? check_preempt_wakeup+0xa4/0x160
> [ 543.040595] [<ffffffff810ba206>] ? slab_pad_check+0x126/0x170
> [ 543.040650] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
> [ 543.040701] [<ffffffff810ba29a>] ? check_slab+0x4a/0xc0
> [ 543.040753] [<ffffffff810baf2d>] ? free_debug_processing+0x2d/0x250
> [ 543.040808] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
> [ 543.040862] [<ffffffff810bbe99>] ? kmem_cache_free+0x99/0xa0
> [ 543.040915] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
> [ 543.040967] [<ffffffff813307f6>] ? dst_gc_task+0x196/0x1f0
> [ 543.041021] [<ffffffff8104e954>] ? queue_delayed_work_on+0x154/0x160
> [ 543.041081] [<ffffffff813066fe>] ? do_dbs_timer+0x20e/0x3d0
> [ 543.041133] [<ffffffff81330660>] ? dst_alloc+0x180/0x180
> [ 543.041187] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
> [ 543.041242] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
> [ 543.041296] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
> [ 543.041678] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
> [ 543.041729] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
> [ 543.041782] [<ffffffff81053436>] ? kthread+0x96/0xa0
> [ 543.041835] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
> [ 543.041890] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
> [ 543.041944] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
> [ 543.041993] Padding 0xffff8803e4217f40: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.042718] Padding 0xffff8803e4217f50: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.043433] Padding 0xffff8803e4217f60: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.044155] Padding 0xffff8803e4217f70: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.044866] Padding 0xffff8803e4217f80: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.045590] Padding 0xffff8803e4217f90: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.046311] Padding 0xffff8803e4217fa0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.047034] Padding 0xffff8803e4217fb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.047755] Padding 0xffff8803e4217fc0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.048474] Padding 0xffff8803e4217fd0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.049203] Padding 0xffff8803e4217fe0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> [ 543.049909] Padding 0xffff8803e4217ff0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
> 5a 5a 5a 5a 5a 00 00 ZZZZZZZZZZZZZZ..
> [ 543.050021] FIX ip_dst_cache: Restoring
> 0xffff8803e4217f40-0xffff8803e4217fff=0x5a
> [ 543.050021]
>
> Dropped -mm, Hugh and Andrea from CC as this does not appear to be mm or
> ksm related.
>
> I'll pare down the firewall and see if I can make it break easier with a
> smaller test set.
Hmm, not sure now :(
Could you reproduce another bug please ?
^ permalink raw reply
* RE: Multicast IP packet routed between 2 ports nic on the same host
From: BONNEAU Guy @ 2011-06-07 13:57 UTC (permalink / raw)
To: David Stevens; +Cc: netdev@vger.kernel.org, netdev-owner@vger.kernel.org
In-Reply-To: <OF6C0FF28D.EF048A18-ON882578A7.0069A85E-882578A7.0069FF2A@us.ibm.com>
Its works! Thanks a lot David! Googling for SO_BINDTODEVICE helped me to get insight into my issue. This link was really useful : http://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html . However I'm still somewhat confused because I always assumed that this was one of the purpose of IP_ADD_MEMBERSHIP beside joining a multicast group. To constrain the multicast socket to a specific "device" interface. In which case I wonder if the interface member of structure ip_mreq is still relevant? Can you comment!
Thanks
GB
________________________________________
From: David Stevens [dlstevens@us.ibm.com]
Sent: Monday, June 06, 2011 3:17 PM
To: BONNEAU Guy
Cc: netdev@vger.kernel.org; netdev-owner@vger.kernel.org
Subject: Re: Multicast IP packet routed between 2 ports nic on the same host
netdev-owner@vger.kernel.org wrote on 06/06/2011 06:40:26 AM:
> From: BONNEAU Guy <gbonneau@miranda.com>
> I open a second console and I use mreceive to join the same
> multicast group 239.255.200.200:8000 to receive multicast data from
> subnet 172.30.8.xx using the console command : ./mreceive -g 239.
> 255.200.200 -p 8000 -i 172.30.8.31 to the eth1 adapter of my
> workstation. The application starts to receive multicast data and
> advertises the data received. This is also the expected behaviour.
>
> Now this is where the problem begins. As soon as the multicast data
> begin to be received on the eth1 adapter the first console begins to
> advertise multicast data received on eth0 adapter. I am well aware
> that the Linux kernel implements a multicast level 2 routing
> capability. Thus at first glance this seems to be the expected
> behaviour. However... I have forwarding disabled as well as
> mc_forwarding disabled and rp_filter is enabled for both adapters.
> Thus I don't expect the kernel to forward the multicast data from
> eth1 to eth0.
Routing is between multiple machines. You're receiving the
packets on the sockets because they have a binding that matches.
If you only want to receive multicast packets from a particular
interface, then you need to use "SO_BINDTODEVICE" to restrict to
that interface.
Group membership is per-interface, but socket bindings match
against any packets delivered to the entire machine, if you haven't
otherwise restricted it.
+-DLS
^ permalink raw reply
* Re: [PATCH] Use unsigned variables for packet lengths in ip[6]_queue.
From: Patrick McHardy @ 2011-06-07 14:19 UTC (permalink / raw)
To: davej; +Cc: David Miller, netdev, netfilter-devel, pablo
In-Reply-To: <4DEE209C.2010104@trash.net>
On 07.06.2011 14:59, Patrick McHardy wrote:
> On 02.06.2011 22:57, David Miller wrote:
>> From: Dave Jones <davej@redhat.com>
>> Date: Fri, 27 May 2011 20:36:51 -0400
>>
>>> So I went back to this today, and found something that doesn't look right.
>>> After adding some instrumentation, and re-running my tests, I found that
>>> the reason we were blowing up with enormous allocations was that we
>>> were passing down a nlmsglen's like -1061109568
>>>
>>> Is there any reason for that to be signed ?
>>> The nlmsg_len entry of nlmsghdr is a u32, so I'm assuming this is a bug.
>>>
>>> With the patch below, I haven't been able to reproduce the problem, but
>>> I don't know if I've inadvertantly broken some other behaviour somewhere
>>> deeper in netlink where this is valid.
>
> This is fine, but I'm wondering whether this can really fix the problem
> you've been seeing. Before the packet is reallocated, the length of
> nlmsglen - NLMSGLEN(0) - sizeof(struct ipq_peer_msg) is compared to
> ipq_peer_msg->data_len, so both values need to be wrong.
> ipq_peer_msg->data_len is a size_t, so it's unsigned.
>
> I think what we should additionally do is verify that data_len < 65535
> since that's the maximum size of an IP packet.
We're actually already doing this. This makes it even more strange that
you're seeing this problem. Could you send me your testcase?
^ permalink raw reply
* Re: [PATCH] Use unsigned variables for packet lengths in ip[6]_queue.
From: Dave Jones @ 2011-06-07 14:39 UTC (permalink / raw)
To: Patrick McHardy; +Cc: David Miller, netdev, netfilter-devel, pablo
In-Reply-To: <4DEE335C.1010504@trash.net>
On Tue, Jun 07, 2011 at 04:19:08PM +0200, Patrick McHardy wrote:
> >>> With the patch below, I haven't been able to reproduce the problem, but
> >>> I don't know if I've inadvertantly broken some other behaviour somewhere
> >>> deeper in netlink where this is valid.
> >
> > This is fine, but I'm wondering whether this can really fix the problem
> > you've been seeing. Before the packet is reallocated, the length of
> > nlmsglen - NLMSGLEN(0) - sizeof(struct ipq_peer_msg) is compared to
> > ipq_peer_msg->data_len, so both values need to be wrong.
> > ipq_peer_msg->data_len is a size_t, so it's unsigned.
> >
> > I think what we should additionally do is verify that data_len < 65535
> > since that's the maximum size of an IP packet.
>
> We're actually already doing this. This makes it even more strange that
> you're seeing this problem. Could you send me your testcase?
I don't have a standalone test-case, just a generic fuzzing tool that passes
sockets to various syscalls. You can clone it from git://git.codemonkey.org.uk/trinity.git/
(the test-random.sh should explain how to use it)
Dave.
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Brad Campbell @ 2011-06-07 14:40 UTC (permalink / raw)
To: Patrick McHardy
Cc: Bart De Schuymer, kvm, linux-mm, linux-kernel, netdev,
netfilter-devel
In-Reply-To: <4DEE27DE.7060004@trash.net>
On 07/06/11 21:30, Patrick McHardy wrote:
> On 07.06.2011 05:33, Brad Campbell wrote:
>> On 07/06/11 04:10, Bart De Schuymer wrote:
>>> Hi Brad,
>>>
>>> This has probably nothing to do with ebtables, so please rmmod in case
>>> it's loaded.
>>> A few questions I didn't directly see an answer to in the threads I
>>> scanned...
>>> I'm assuming you actually use the bridging firewall functionality. So,
>>> what iptables modules do you use? Can you reduce your iptables rules to
>>> a core that triggers the bug?
>>> Or does it get triggered even with an empty set of firewall rules?
>>> Are you using a stock .35 kernel or is it patched?
>>> Is this something I can trigger on a poor guy's laptop or does it
>>> require specialized hardware (I'm catching up on qemu/kvm...)?
>>
>> Not specialised hardware as such, I've just not been able to reproduce
>> it outside of this specific operating scenario.
>
> The last similar problem we've had was related to the 32/64 bit compat
> code. Are you running 32 bit userspace on a 64 bit kernel?
No, 32 bit Guest OS, but a completely 64 bit userspace on a 64 bit kernel.
Userspace is current Debian Stable. Kernel is Vanilla and qemu-kvm is
current git
>> I can't trigger it with empty firewall rules as it relies on a DNAT to
>> occur. If I try it directly to the internal IP address (as I have to
>> without netfilter loaded) then of course nothing fails.
>>
>> It's a pain in the bum as a fault, but it's one I can easily reproduce
>> as long as I use the same set of circumstances.
>>
>> I'll try using 3.0-rc2 (current git) tonight, and if I can reproduce it
>> on that then I'll attempt to pare down the IPTABLES rules to a bare
>> minimum.
>>
>> It is nothing to do with ebtables as I don't compile it. I'm not really
>> sure about "bridging firewall" functionality. I just use a couple of
>> hand coded bash scripts to set the tables up.
>
> From one of your previous mails:
>
>> # CONFIG_BRIDGE_NF_EBTABLES is not set
>
> How about CONFIG_BRIDGE_NETFILTER?
>
It was compiled in.
With the following table set I was able to reproduce the problem on
3.0-rc2. Replaced my IP with xxx.xxx.xxx.xxx, but otherwise unmodified
root@srv:~# iptables-save
# Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
*filter
:INPUT ACCEPT [978:107619]
:FORWARD ACCEPT [142:7068]
:OUTPUT ACCEPT [1659:291870]
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i ppp0 -m state --state NEW -j ACCEPT
-A INPUT -i ppp0 -j DROP
COMMIT
# Completed on Tue Jun 7 22:11:30 2011
# Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
*nat
:PREROUTING ACCEPT [813:49170]
:INPUT ACCEPT [91:7090]
:OUTPUT ACCEPT [267:20731]
:POSTROUTING ACCEPT [296:22281]
-A PREROUTING -d xxx.xxx.xxx.xxx/32 ! -i ppp0 -p tcp -m tcp --dport 443
-j DNAT --to-destination 192.168.253.198
COMMIT
# Completed on Tue Jun 7 22:11:30 2011
# Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
*mangle
:PREROUTING ACCEPT [2729:274392]
:INPUT ACCEPT [2508:262976]
:FORWARD ACCEPT [142:7068]
:OUTPUT ACCEPT [1674:293701]
:POSTROUTING ACCEPT [2131:346411]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss
1400:1536 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Jun 7 22:11:30 2011
I've just compiled out CONFIG_BRIDGE_NETFILTER and can no longer access
the address the way I was doing it, so that's a no-go for me.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH] usbnet/cdc_ncm: add missing .reset_resume hook
From: Greg KH @ 2011-06-07 14:43 UTC (permalink / raw)
To: Stefan (metze) Metzmacher
Cc: David Miller, oliver, linux-usb, netdev, linux-kernel
In-Reply-To: <4DEDD564.7050308@samba.org>
On Tue, Jun 07, 2011 at 09:38:12AM +0200, Stefan (metze) Metzmacher wrote:
> Am 06.06.2011 17:06, schrieb Greg KH:
> > On Mon, Jun 06, 2011 at 02:23:16PM +0200, Stefan (metze) Metzmacher wrote:
> >> Hi David,
> >>
> >>> From: Stefan Metzmacher <metze@samba.org>
> >>> Date: Wed, 1 Jun 2011 14:01:41 +0200
> >>>
> >>>> This avoids messages like this after suspend:
> >>>>
> >>>> cdc_ncm 2-1.4:1.6: no reset_resume for driver cdc_ncm?
> >>>> cdc_ncm 2-1.4:1.7: no reset_resume for driver cdc_ncm?
> >>>> cdc_ncm 2-1.4:1.6: usb0: unregister 'cdc_ncm' usb-0000:00:1d.0-1.4, CDC NCM
> >>>>
> >>>> This is important for the Ericsson F5521gw GSM/UMTS modem.
> >>>> Otherwise modemmanager looses the fact that the cdc_ncm and cdc_acm devices
> >>>> belong together.
> >>>>
> >>>> The cdc_ether module does the same.
> >>>>
> >>>> Signed-off-by: Stefan Metzmacher <metze@samba.org>
> >>>
> >>> Applied and queued up for -stable, thanks.
> >>
> >> It seems to be part of 3.0-rc2, but I'm not seeing it in any stable tree
> >> yet...
> >>
> >> When can I expect it in stable trees like 2.6.38.y?
> >
> > The .38.y tree is closed and will not have new releases, so you will
> > never see it there, sorry.
>
> Ok, are there chances for .39.y?
There are, it requires the patch to be in Linus's tree first, please see
Documentation/stable_kernel_rules.txt for the details.
greg k-h
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Brad Campbell @ 2011-06-07 15:15 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Avi Kivity, CaT, Borislav Petkov, linux-kernel, kvm, netdev
In-Reply-To: <1307453874.3091.14.camel@edumazet-laptop>
On 07/06/11 21:37, Eric Dumazet wrote:
> Le mardi 07 juin 2011 à 21:27 +0800, Brad Campbell a écrit :
>> On 07/06/11 04:22, Eric Dumazet wrote:
>>
>>> Could you please try latest linux-2.6 tree ?
>>>
>>> We fixed many networking bugs that could explain your crash.
>>>
>>>
>>>
>>>
>>
>> No good I'm afraid.
>>
>> [ 543.040056]
>> =============================================================================
>> [ 543.040136] BUG ip_dst_cache: Padding overwritten.
>> 0xffff8803e4217ffe-0xffff8803e4217fff
>> [ 543.040194]
>
> Thats pretty strange : These are the last two bytes of a page, set to
> 0x0000 (a 16 bit value)
>
> There is no way a dst field could actually sit on this location (its a
> padding), since a dst is a bit less than 256 bytes (0xe8), and each
> entry is aligned on a 64byte address.
>
> grep dst /proc/slabinfo
>
> ip_dst_cache 32823 62944 256 32 2 : tunables 0 0
> 0 : slabdata 1967 1967 0
>
> sizeof(struct rtable)=0xe8
>
>
>> -----------------------------------------------------------------------------
>> [ 543.040198]
>> [ 543.040298] INFO: Slab 0xffffea000d9e74d0 objects=25 used=25 fp=0x
>> (null) flags=0x8000000000004081
>> [ 543.040364] Pid: 4576, comm: kworker/1:2 Not tainted 3.0.0-rc2 #1
>> [ 543.040415] Call Trace:
>> [ 543.040472] [<ffffffff810b9c1d>] ? slab_err+0xad/0xd0
>> [ 543.040528] [<ffffffff8102e034>] ? check_preempt_wakeup+0xa4/0x160
>> [ 543.040595] [<ffffffff810ba206>] ? slab_pad_check+0x126/0x170
>> [ 543.040650] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
>> [ 543.040701] [<ffffffff810ba29a>] ? check_slab+0x4a/0xc0
>> [ 543.040753] [<ffffffff810baf2d>] ? free_debug_processing+0x2d/0x250
>> [ 543.040808] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
>> [ 543.040862] [<ffffffff810bbe99>] ? kmem_cache_free+0x99/0xa0
>> [ 543.040915] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
>> [ 543.040967] [<ffffffff813307f6>] ? dst_gc_task+0x196/0x1f0
>> [ 543.041021] [<ffffffff8104e954>] ? queue_delayed_work_on+0x154/0x160
>> [ 543.041081] [<ffffffff813066fe>] ? do_dbs_timer+0x20e/0x3d0
>> [ 543.041133] [<ffffffff81330660>] ? dst_alloc+0x180/0x180
>> [ 543.041187] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
>> [ 543.041242] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
>> [ 543.041296] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
>> [ 543.041678] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
>> [ 543.041729] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
>> [ 543.041782] [<ffffffff81053436>] ? kthread+0x96/0xa0
>> [ 543.041835] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
>> [ 543.041890] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
>> [ 543.041944] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
>> [ 543.041993] Padding 0xffff8803e4217f40: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.042718] Padding 0xffff8803e4217f50: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.043433] Padding 0xffff8803e4217f60: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.044155] Padding 0xffff8803e4217f70: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.044866] Padding 0xffff8803e4217f80: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.045590] Padding 0xffff8803e4217f90: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.046311] Padding 0xffff8803e4217fa0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.047034] Padding 0xffff8803e4217fb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.047755] Padding 0xffff8803e4217fc0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.048474] Padding 0xffff8803e4217fd0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.049203] Padding 0xffff8803e4217fe0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
>> [ 543.049909] Padding 0xffff8803e4217ff0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
>> 5a 5a 5a 5a 5a 00 00 ZZZZZZZZZZZZZZ..
>> [ 543.050021] FIX ip_dst_cache: Restoring
>> 0xffff8803e4217f40-0xffff8803e4217fff=0x5a
>> [ 543.050021]
>>
>> Dropped -mm, Hugh and Andrea from CC as this does not appear to be mm or
>> ksm related.
>>
>> I'll pare down the firewall and see if I can make it break easier with a
>> smaller test set.
>
> Hmm, not sure now :(
>
> Could you reproduce another bug please ?
Here is the remainder of the log from that bug that I managed to scrape
off the disk. Odd as usually the netconsole dies and so does the disk
subsystem. In this case it managed to get the log to disk.
[ 543.040056]
=============================================================================
[ 543.040136] BUG ip_dst_cache: Padding overwritten.
0xffff8803e4217ffe-0xffff8803e4217fff
[ 543.040194]
-----------------------------------------------------------------------------
[ 543.040198]
[ 543.040298] INFO: Slab 0xffffea000d9e74d0 objects=25 used=25 fp=0x
(null) flags=0x8000000000004081
[ 543.040364] Pid: 4576, comm: kworker/1:2 Not tainted 3.0.0-rc2 #1
[ 543.040415] Call Trace:
[ 543.040472] [<ffffffff810b9c1d>] ? slab_err+0xad/0xd0
[ 543.040528] [<ffffffff8102e034>] ? check_preempt_wakeup+0xa4/0x160
[ 543.040595] [<ffffffff810ba206>] ? slab_pad_check+0x126/0x170
[ 543.040650] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
[ 543.040701] [<ffffffff810ba29a>] ? check_slab+0x4a/0xc0
[ 543.040753] [<ffffffff810baf2d>] ? free_debug_processing+0x2d/0x250
[ 543.040808] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 543.040862] [<ffffffff810bbe99>] ? kmem_cache_free+0x99/0xa0
[ 543.040915] [<ffffffff8133045b>] ? dst_destroy+0x8b/0x110
[ 543.040967] [<ffffffff813307f6>] ? dst_gc_task+0x196/0x1f0
[ 543.041021] [<ffffffff8104e954>] ? queue_delayed_work_on+0x154/0x160
[ 543.041081] [<ffffffff813066fe>] ? do_dbs_timer+0x20e/0x3d0
[ 543.041133] [<ffffffff81330660>] ? dst_alloc+0x180/0x180
[ 543.041187] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
[ 543.041242] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
[ 543.041296] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
[ 543.041678] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 543.041729] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 543.041782] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 543.041835] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 543.041890] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 543.041944] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 543.041993] Padding 0xffff8803e4217f40: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.042718] Padding 0xffff8803e4217f50: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.043433] Padding 0xffff8803e4217f60: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.044155] Padding 0xffff8803e4217f70: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.044866] Padding 0xffff8803e4217f80: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.045590] Padding 0xffff8803e4217f90: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.046311] Padding 0xffff8803e4217fa0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.047034] Padding 0xffff8803e4217fb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.047755] Padding 0xffff8803e4217fc0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.048474] Padding 0xffff8803e4217fd0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.049203] Padding 0xffff8803e4217fe0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 543.049909] Padding 0xffff8803e4217ff0: 5a 5a 5a 5a 5a 5a 5a 5a 5a
5a 5a 5a 5a 5a 00 00 ZZZZZZZZZZZZZZ..
[ 543.050021] FIX ip_dst_cache: Restoring
0xffff8803e4217f40-0xffff8803e4217fff=0x5a
[ 543.050021]
[ 885.504318] br1: port 4(vnet2) entering forwarding state
[ 885.504797] device vnet2 left promiscuous mode
[ 885.504868] br1: port 4(vnet2) entering disabled state
[ 885.847186] br1: port 3(vnet1) entering forwarding state
[ 885.847667] device vnet1 left promiscuous mode
[ 885.847740] br1: port 3(vnet1) entering disabled state
[ 885.940042]
=============================================================================
[ 885.940122] BUG kmalloc-512: Object padding overwritten
[ 885.940171]
-----------------------------------------------------------------------------
[ 885.940175]
[ 885.940273] INFO: 0xffff8803dc09322e-0xffff8803dc09322f. First byte
0x0 instead of 0x5a
[ 885.940344] INFO: Allocated in qdisc_alloc+0x59/0x110 age=66496 cpu=2
pid=4948
[ 885.940404] INFO: Freed in qdisc_alloc+0x49/0x110 age=66496 cpu=2
pid=4948
[ 885.940457] INFO: Slab 0xffffea000d821f80 objects=28 used=21
fp=0xffff8803dc090b68 flags=0x8000000000004081
[ 885.940519] INFO: Object 0xffff8803dc092fe8 @offset=12264
fp=0xffff8803dc092238
[ 885.940523]
[ 885.940618] Bytes b4 0xffff8803dc092fd8: d3 e0 ff ff 00 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a Óàÿÿ....ZZZZZZZZ
[ 885.941373] Object 0xffff8803dc092fe8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.942120] Object 0xffff8803dc092ff8: 00 00 00 00 00 00 00 00 70
0a 34 81 ff ff ff ff ........p.4.ÿÿÿÿ
[ 885.942847] Object 0xffff8803dc093008: b0 08 34 81 ff ff ff ff 04
00 00 00 18 00 00 00 °.4.ÿÿÿÿ........
[ 885.943585] Object 0xffff8803dc093018: 60 ac 5d 81 ff ff ff ff 00
00 00 00 00 00 00 00 `¬].ÿÿÿÿ........
[ 885.944324] Object 0xffff8803dc093028: 28 30 09 dc 03 88 ff ff 28
30 09 dc 03 88 ff ff (0.Ü..ÿÿ(0.Ü..ÿÿ
[ 885.945071] Object 0xffff8803dc093038: 00 00 00 00 ff ff ff ff 00
00 00 00 00 00 00 00 ....ÿÿÿÿ........
[ 885.945794] Object 0xffff8803dc093048: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.946530] Object 0xffff8803dc093058: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.947281] Object 0xffff8803dc093068: 98 f3 f9 0e 04 88 ff ff 00
00 00 00 00 00 00 00 .óù...ÿÿ........
[ 885.948011] Object 0xffff8803dc093078: 00 00 00 00 00 00 00 00 02
00 00 00 00 00 00 00 ................
[ 885.948735] Object 0xffff8803dc093088: 88 30 09 dc 03 88 ff ff 88
30 09 dc 03 88 ff ff .0.Ü..ÿÿ.0.Ü..ÿÿ
[ 885.949483] Object 0xffff8803dc093098: 00 00 00 00 bf bf 00 00 ca
29 01 00 00 00 00 00 ....¿¿..Ê)......
[ 885.950007] Object 0xffff8803dc0930a8: de 01 00 00 00 00 00 00 00
00 00 00 00 00 00 00 Þ...............
[ 885.950007] Object 0xffff8803dc0930b8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0930c8: 10 cd 13 e7 03 88 ff ff a0
13 34 81 ff ff ff ff .Í.ç..ÿÿ..4.ÿÿÿÿ
[ 885.950007] Object 0xffff8803dc0930d8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0930e8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0930f8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093108: 08 31 09 dc 03 88 ff ff 08
31 09 dc 03 88 ff ff .1.Ü..ÿÿ.1.Ü..ÿÿ
[ 885.950007] Object 0xffff8803dc093118: 00 00 00 00 00 00 00 00 20
31 09 dc 03 88 ff ff .........1.Ü..ÿÿ
[ 885.950007] Object 0xffff8803dc093128: 20 31 09 dc 03 88 ff ff 00
00 00 00 00 00 00 00 .1.Ü..ÿÿ........
[ 885.950007] Object 0xffff8803dc093138: 38 31 09 dc 03 88 ff ff 38
31 09 dc 03 88 ff ff 81.Ü..ÿÿ81.Ü..ÿÿ
[ 885.950007] Object 0xffff8803dc093148: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093158: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093168: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093178: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093188: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc093198: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0931a8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0931b8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0931c8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Object 0xffff8803dc0931d8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 885.950007] Redzone 0xffff8803dc0931e8: cc cc cc cc cc cc cc cc
ÌÌÌÌÌÌÌÌ
[ 885.950007] Padding 0xffff8803dc093228: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 885.950007] Pid: 11, comm: rcuc1 Not tainted 3.0.0-rc2 #1
[ 885.950007] Call Trace:
[ 885.950007] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 885.950007] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 885.950007] [<ffffffff81075a49>] ? __rcu_process_callbacks+0x119/0x340
[ 885.950007] [<ffffffff810bb033>] ? free_debug_processing+0x133/0x250
[ 885.950007] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 885.950007] [<ffffffff81075a49>] ? __rcu_process_callbacks+0x119/0x340
[ 885.950007] [<ffffffff8107666b>] ? rcu_cpu_kthread+0x27b/0x3a0
[ 885.950007] [<ffffffff8102d5b9>] ? ttwu_do_wakeup+0x19/0xa0
[ 885.950007] [<ffffffff81074a80>] ? invoke_rcu_cpu_kthread+0x30/0x30
[ 885.950007] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 885.950007] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 885.950007] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 885.950007] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 885.950007] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 885.950007] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 885.950007] FIX kmalloc-512: Restoring
0xffff8803dc09322e-0xffff8803dc09322f=0x5a
[ 885.950007]
[ 886.050119]
=============================================================================
[ 886.050198] BUG kmalloc-512: Object padding overwritten
[ 886.050247]
-----------------------------------------------------------------------------
[ 886.050251]
[ 886.050353] INFO: 0xffff8803dc091916-0xffff8803dc091917. First byte
0x0 instead of 0x5a
[ 886.050451] INFO: Allocated in kvm_ioapic_init+0x3c/0xd0 [kvm]
age=66256 cpu=0 pid=5122
[ 886.050517] INFO: Freed in __kfree_skb+0x11/0x90 age=66311 cpu=4 pid=5054
[ 886.050568] INFO: Slab 0xffffea000d821f80 objects=28 used=17
fp=0xffff8803dc091488 flags=0x8000000000004081
[ 886.050630] INFO: Object 0xffff8803dc0916d0 @offset=5840 fp=0x
(null)
[ 886.050634]
[ 886.050726] Bytes b4 0xffff8803dc0916c0: ea e4 00 00 01 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a êä......ZZZZZZZZ
[ 886.051451] Object 0xffff8803dc0916d0: 00 00 c0 fe 00 00 00 00 3f
00 00 00 00 00 00 00 ..Àþ....?.......
[ 886.052183] Object 0xffff8803dc0916e0: 00 08 00 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.052898] Object 0xffff8803dc0916f0: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.053613] Object 0xffff8803dc091700: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.054325] Object 0xffff8803dc091710: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.055032] Object 0xffff8803dc091720: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.055743] Object 0xffff8803dc091730: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.056462] Object 0xffff8803dc091740: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.057177] Object 0xffff8803dc091750: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.058210] Object 0xffff8803dc091760: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.058957] Object 0xffff8803dc091770: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.059667] Object 0xffff8803dc091780: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091790: 00 00 01 00 00 00 00 00 00
00 01 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917a0: 00 00 01 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917b0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917c0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917d0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917e0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0917f0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091800: 01 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091810: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091820: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091830: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091840: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091850: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc091860: 00 00 00 00 00 00 00 00 b0
80 10 a0 ff ff ff ff ........°...ÿÿÿÿ
[ 886.060104] Object 0xffff8803dc091870: 00 00 df f5 03 88 ff ff 00
00 00 00 00 00 00 00 ..ßõ..ÿÿ........
[ 886.060104] Object 0xffff8803dc091880: 43 43 00 00 00 00 00 00 01
00 00 00 00 00 00 00 CC..............
[ 886.060104] Object 0xffff8803dc091890: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0918a0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0918b0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Object 0xffff8803dc0918c0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 886.060104] Redzone 0xffff8803dc0918d0: cc cc cc cc cc cc cc cc
ÌÌÌÌÌÌÌÌ
[ 886.060104] Padding 0xffff8803dc091910: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 886.060104] Pid: 7359, comm: qemu Not tainted 3.0.0-rc2 #1
[ 886.060104] Call Trace:
[ 886.060104] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 886.060104] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 886.060104] [<ffffffffa00eb8bf>] ? kvm_arch_destroy_vm+0x2f/0x150 [kvm]
[ 886.060104] [<ffffffff810bb033>] ? free_debug_processing+0x133/0x250
[ 886.060104] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 886.060104] [<ffffffffa00eb8bf>] ? kvm_arch_destroy_vm+0x2f/0x150 [kvm]
[ 886.060104] [<ffffffffa00e2dd9>] ? kvm_put_kvm+0xe9/0x130 [kvm]
[ 886.060104] [<ffffffffa00e3763>] ? kvm_vcpu_release+0x13/0x20 [kvm]
[ 886.060104] [<ffffffff810c65fd>] ? fput+0xdd/0x270
[ 886.060104] [<ffffffff810c2e1c>] ? filp_close+0x5c/0x90
[ 886.060104] [<ffffffff8103ae1d>] ? put_files_struct+0xcd/0x100
[ 886.060104] [<ffffffff8103ccc7>] ? do_exit+0x6d7/0x7e0
[ 886.060104] [<ffffffff8103ce20>] ? do_group_exit+0x50/0xc0
[ 886.060104] [<ffffffff81048914>] ? get_signal_to_deliver+0x1a4/0x3a0
[ 886.060104] [<ffffffff8100188a>] ? do_signal+0x8a/0x7d0
[ 886.060104] [<ffffffff81049148>] ? kill_pid_info+0x38/0x60
[ 886.060104] [<ffffffff810493e4>] ? sys_kill+0x94/0x1b0
[ 886.060104] [<ffffffff8100201d>] ? do_notify_resume+0x4d/0x70
[ 886.060104] [<ffffffff810c59c4>] ? sys_pread64+0x74/0xa0
[ 886.060104] [<ffffffff813e11db>] ? int_signal+0x12/0x17
[ 886.060104] FIX kmalloc-512: Restoring
0xffff8803dc091916-0xffff8803dc091917=0x5a
[ 886.060104]
[ 926.148014] br1: port 6(vnet4) entering forwarding state
[ 926.148385] device vnet4 left promiscuous mode
[ 926.148457] br1: port 6(vnet4) entering disabled state
[ 945.659523] br1: port 2(vnet0) entering forwarding state
[ 945.660041] device vnet0 left promiscuous mode
[ 945.660116] br1: port 2(vnet0) entering disabled state
[ 1121.085267] br1: port 5(vnet3) entering forwarding state
[ 1121.085783] device vnet3 left promiscuous mode
[ 1121.085860] br1: port 5(vnet3) entering disabled state
[ 1176.307099] nfsd: last server has exited, flushing export cache
[ 1176.430113]
=============================================================================
[ 1176.430194] BUG kmalloc-512: Object padding overwritten
[ 1176.430199]
-----------------------------------------------------------------------------
[ 1176.430204]
[ 1176.430210] INFO: 0xffff8803f5df5b5e-0xffff8803f5df5b5f. First byte
0x0 instead of 0x5a
[ 1176.430225] INFO: Allocated in sock_alloc_send_pskb+0x1d0/0x320
age=93370 cpu=0 pid=5126
[ 1176.430234] INFO: Freed in __kfree_skb+0x11/0x90 age=93370 cpu=0 pid=4495
[ 1176.430240] INFO: Slab 0xffffea000ddc8d60 objects=28 used=0
fp=0xffff8803f5df76c0 flags=0x8000000000004080
[ 1176.430246] INFO: Object 0xffff8803f5df5918 @offset=6424
fp=0xffff8803f5df7908
[ 1176.430249]
[ 1176.430253] Bytes b4 0xffff8803f5df5908: ab f0 ff ff 00 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a «ðÿÿ....ZZZZZZZZ
[ 1176.430270] Object 0xffff8803f5df5918: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430285] Object 0xffff8803f5df5928: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430300] Object 0xffff8803f5df5938: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430314] Object 0xffff8803f5df5948: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430328] Object 0xffff8803f5df5958: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430343] Object 0xffff8803f5df5968: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430357] Object 0xffff8803f5df5978: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430371] Object 0xffff8803f5df5988: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430386] Object 0xffff8803f5df5998: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430400] Object 0xffff8803f5df59a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430414] Object 0xffff8803f5df59b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430429] Object 0xffff8803f5df59c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430443] Object 0xffff8803f5df59d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430457] Object 0xffff8803f5df59e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430471] Object 0xffff8803f5df59f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430485] Object 0xffff8803f5df5a08: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430500] Object 0xffff8803f5df5a18: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430514] Object 0xffff8803f5df5a28: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430528] Object 0xffff8803f5df5a38: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430542] Object 0xffff8803f5df5a48: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430557] Object 0xffff8803f5df5a58: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430571] Object 0xffff8803f5df5a68: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430585] Object 0xffff8803f5df5a78: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430599] Object 0xffff8803f5df5a88: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430614] Object 0xffff8803f5df5a98: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430628] Object 0xffff8803f5df5aa8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430642] Object 0xffff8803f5df5ab8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430656] Object 0xffff8803f5df5ac8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430671] Object 0xffff8803f5df5ad8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430685] Object 0xffff8803f5df5ae8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430699] Object 0xffff8803f5df5af8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430714] Object 0xffff8803f5df5b08: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[ 1176.430729] Redzone 0xffff8803f5df5b18: bb bb bb bb bb bb bb bb
»»»»»»»»
[ 1176.430742] Padding 0xffff8803f5df5b58: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 1176.430758] Pid: 24, comm: rcuc4 Not tainted 3.0.0-rc2 #1
[ 1176.430762] Call Trace:
[ 1176.430774] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 1176.430782] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 1176.430789] [<ffffffff810bac15>] ? init_object+0x85/0xa0
[ 1176.430795] [<ffffffff810ba816>] ? __free_slab+0x156/0x180
[ 1176.430803] [<ffffffff81075a49>] ? __rcu_process_callbacks+0x119/0x340
[ 1176.430810] [<ffffffff8107666b>] ? rcu_cpu_kthread+0x27b/0x3a0
[ 1176.430818] [<ffffffff8102d5b9>] ? ttwu_do_wakeup+0x19/0xa0
[ 1176.430825] [<ffffffff81074a80>] ? invoke_rcu_cpu_kthread+0x30/0x30
[ 1176.430832] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 1176.430838] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 1176.430846] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 1176.430855] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 1176.430863] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 1176.430870] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 1176.430876] FIX kmalloc-512: Restoring
0xffff8803f5df5b5e-0xffff8803f5df5b5f=0x5a
[ 1176.430879]
[ 1176.430897]
=============================================================================
[ 1176.430902] BUG kmalloc-512: Object padding overwritten
[ 1176.430905]
-----------------------------------------------------------------------------
[ 1176.430909]
[ 1176.430912] INFO: 0xffff8803f5df6fe6-0xffff8803f5df6fe7. First byte
0x0 instead of 0x5a
[ 1176.430921] INFO: Allocated in sock_alloc_send_pskb+0x1d0/0x320
age=93370 cpu=0 pid=5126
[ 1176.430928] INFO: Freed in __kfree_skb+0x11/0x90 age=93370 cpu=0 pid=4495
[ 1176.430935] INFO: Slab 0xffffea000ddc8d60 objects=28 used=0
fp=0xffff8803f5df76c0 flags=0x8000000000004080
[ 1176.430940] INFO: Object 0xffff8803f5df6da0 @offset=11680
fp=0xffff8803f5df5488
[ 1176.430943]
[ 1176.430946] Bytes b4 0xffff8803f5df6d90: cd 7a 00 00 01 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a Íz......ZZZZZZZZ
[ 1176.430962] Object 0xffff8803f5df6da0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430977] Object 0xffff8803f5df6db0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.430992] Object 0xffff8803f5df6dc0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431006] Object 0xffff8803f5df6dd0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431021] Object 0xffff8803f5df6de0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431036] Object 0xffff8803f5df6df0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431050] Object 0xffff8803f5df6e00: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431065] Object 0xffff8803f5df6e10: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431080] Object 0xffff8803f5df6e20: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431094] Object 0xffff8803f5df6e30: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431109] Object 0xffff8803f5df6e40: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431124] Object 0xffff8803f5df6e50: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431138] Object 0xffff8803f5df6e60: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431153] Object 0xffff8803f5df6e70: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431168] Object 0xffff8803f5df6e80: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431182] Object 0xffff8803f5df6e90: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431197] Object 0xffff8803f5df6ea0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431213] Object 0xffff8803f5df6eb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431228] Object 0xffff8803f5df6ec0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431243] Object 0xffff8803f5df6ed0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431258] Object 0xffff8803f5df6ee0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431273] Object 0xffff8803f5df6ef0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431287] Object 0xffff8803f5df6f00: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431303] Object 0xffff8803f5df6f10: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431317] Object 0xffff8803f5df6f20: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431332] Object 0xffff8803f5df6f30: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431346] Object 0xffff8803f5df6f40: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431361] Object 0xffff8803f5df6f50: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431376] Object 0xffff8803f5df6f60: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431391] Object 0xffff8803f5df6f70: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431405] Object 0xffff8803f5df6f80: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1176.431420] Object 0xffff8803f5df6f90: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[ 1176.431435] Redzone 0xffff8803f5df6fa0: bb bb bb bb bb bb bb bb
»»»»»»»»
[ 1176.431448] Padding 0xffff8803f5df6fe0: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 1176.431463] Pid: 24, comm: rcuc4 Not tainted 3.0.0-rc2 #1
[ 1176.431467] Call Trace:
[ 1176.431474] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 1176.431481] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 1176.431487] [<ffffffff810bac15>] ? init_object+0x85/0xa0
[ 1176.431494] [<ffffffff810ba816>] ? __free_slab+0x156/0x180
[ 1176.431501] [<ffffffff81075a49>] ? __rcu_process_callbacks+0x119/0x340
[ 1176.431508] [<ffffffff8107666b>] ? rcu_cpu_kthread+0x27b/0x3a0
[ 1176.431515] [<ffffffff8102d5b9>] ? ttwu_do_wakeup+0x19/0xa0
[ 1176.431522] [<ffffffff81074a80>] ? invoke_rcu_cpu_kthread+0x30/0x30
[ 1176.431529] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 1176.431535] [<ffffffff810763f0>] ? rcu_check_callbacks+0x100/0x100
[ 1176.431543] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 1176.431550] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 1176.431558] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 1176.431565] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 1176.431571] FIX kmalloc-512: Restoring
0xffff8803f5df6fe6-0xffff8803f5df6fe7=0x5a
[ 1176.431574]
[ 1179.773660]
=============================================================================
[ 1179.773742] BUG kmalloc-1024: Object padding overwritten
[ 1179.773792]
-----------------------------------------------------------------------------
[ 1179.773796]
[ 1179.773901] INFO: 0xffff8803e430e6be-0xffff8803e430e6bf. First byte
0x0 instead of 0x5a
[ 1179.773972] INFO: Allocated in tty_buffer_request_room+0xcc/0x1a0
age=93277 cpu=1 pid=5109
[ 1179.774042] INFO: Freed in __blockdev_direct_IO+0xa16/0xa90 age=93277
cpu=5 pid=5146
[ 1179.774102] INFO: Slab 0xffffea000d9ea9c0 objects=29 used=14
fp=0xffff8803e430d9e8 flags=0x8000000000004081
[ 1179.774163] INFO: Object 0xffff8803e430e278 @offset=25208
fp=0xffff8803e4309df8
[ 1179.774166]
[ 1179.774260] Bytes b4 0xffff8803e430e268: a5 57 01 00 01 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a ¥W......ZZZZZZZZ
[ 1179.775297] Object 0xffff8803e430e278: 08 eb 30 e4 03 88 ff ff a0
e2 30 e4 03 88 ff ff .ë0ä..ÿÿ.â0ä..ÿÿ
[ 1179.776003] Object 0xffff8803e430e288: a0 e3 30 e4 03 88 ff ff be
00 00 00 00 01 00 00 .ã0ä..ÿÿŸ.......
[ 1179.776974] Object 0xffff8803e430e298: be 00 00 00 be 00 00 00 5b
20 20 20 20 32 2e 34 Ÿ...Ÿ...[....2.4
[ 1179.777656] Object 0xffff8803e430e2a8: 31 30 32 34 36 5d 20 70 63
69 20 30 30 30 30 3a 10246].pci.0000:
[ 1179.778609] Object 0xffff8803e430e2b8: 30 30 3a 31 34 2e 34 3a 20
20 20 62 72 69 64 67 00:14.4:...bridg
[ 1179.779289] Object 0xffff8803e430e2c8: 65 20 77 69 6e 64 6f 77 20
5b 69 6f 20 20 30 78 e.window.[io..0x
[ 1179.779976] Object 0xffff8803e430e2d8: 30 64 30 30 2d 30 78 66 66
66 66 5d 20 28 73 75 0d00-0xffff].(su
[ 1179.780327] Object 0xffff8803e430e2e8: 62 74 72 61 63 74 69 76 65
20 64 65 63 6f 64 65 btractive.decode
[ 1179.780327] Object 0xffff8803e430e2f8: 29 0d 0a 5b 20 20 20 20 32
2e 34 31 30 32 34 38 )..[....2.410248
[ 1179.780327] Object 0xffff8803e430e308: 5d 20 70 63 69 20 30 30 30
30 3a 30 30 3a 31 34 ].pci.0000:00:14
[ 1179.780327] Object 0xffff8803e430e318: 2e 34 3a 20 20 20 62 72 69
64 67 65 20 77 69 6e .4:...bridge.win
[ 1179.780327] Object 0xffff8803e430e328: 64 6f 77 20 5b 6d 65 6d 20
30 78 30 30 30 61 30 dow.[mem.0x000a0
[ 1179.780327] Object 0xffff8803e430e338: 30 30 30 2d 30 78 30 30 30
62 66 66 66 66 5d 20 000-0x000bffff].
[ 1179.780327] Object 0xffff8803e430e348: 28 73 75 62 74 72 61 63 74
69 76 65 20 64 65 63 (subtractive.dec
[ 1179.780327] Object 0xffff8803e430e358: 6f 64 65 29 0d 0a 32 30 5d
20 78 48 43 49 20 78 ode)..20].xHCI.x
[ 1179.780327] Object 0xffff8803e430e368: 68 63 69 5f 63 68 65 63 6b
5f 62 61 6e 64 77 69 hci_check_bandwi
[ 1179.780327] Object 0xffff8803e430e378: 64 74 68 20 63 61 6c 6c 65
64 20 66 6f 72 20 72 dth.called.for.r
[ 1179.780327] Object 0xffff8803e430e388: 6f 6f 74 20 68 75 62 0d 0a
0d 0a 0d 0a 0d 0a 0d oot.hub.........
[ 1179.780327] Object 0xffff8803e430e398: 0a 30 30 0d 0a 0d 0a 0a 00
00 00 00 00 00 00 00 .00.............
[ 1179.780327] Object 0xffff8803e430e3a8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e3b8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e3c8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e3d8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e3e8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e3f8: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e408: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e418: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e428: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e438: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e448: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e458: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e468: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e478: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e488: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1179.780327] Object 0xffff8803e430e498: 00 00 00 00 00 00 00 00 6b
6b 6b 6b 6b 6b 6b 6b ........kkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e4f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e508: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e518: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e528: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e538: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e548: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e558: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e568: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e578: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e588: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e598: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e5f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e608: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e618: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e628: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e638: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e648: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e658: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1179.780327] Object 0xffff8803e430e668: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[ 1179.780327] Redzone 0xffff8803e430e678: cc cc cc cc cc cc cc cc
ÌÌÌÌÌÌÌÌ
[ 1179.780327] Padding 0xffff8803e430e6b8: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 1179.780327] Pid: 2212, comm: kworker/5:2 Not tainted 3.0.0-rc2 #1
[ 1179.780327] Call Trace:
[ 1179.780327] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 1179.780327] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 1179.780327] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1179.780327] [<ffffffff810bb033>] ? free_debug_processing+0x133/0x250
[ 1179.780327] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 1179.780327] [<ffffffff81254c70>] ? free_tty_struct+0x30/0x30
[ 1179.780327] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1179.780327] [<ffffffff81254c66>] ? free_tty_struct+0x26/0x30
[ 1179.780327] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
[ 1179.780327] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
[ 1179.780327] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
[ 1179.780327] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1179.780327] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1179.780327] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 1179.780327] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 1179.780327] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 1179.780327] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 1179.780327] FIX kmalloc-1024: Restoring
0xffff8803e430e6be-0xffff8803e430e6bf=0x5a
[ 1179.780327]
[ 1180.826212]
=============================================================================
[ 1180.826289] BUG kmalloc-1024: Object padding overwritten
[ 1180.826338]
-----------------------------------------------------------------------------
[ 1180.826341]
[ 1180.826439] INFO: 0xffff8804097a9566-0xffff8804097a9567. First byte
0x0 instead of 0x5a
[ 1180.826505] INFO: Allocated in tty_buffer_request_room+0xcc/0x1a0
age=69291 cpu=0 pid=5978
[ 1180.826567] INFO: Freed in __blockdev_direct_IO+0xa16/0xa90 age=80371
cpu=5 pid=5713
[ 1180.826626] INFO: Slab 0xffffea000e212cc0 objects=29 used=3
fp=0xffff8804097a8890 flags=0x8000000000004081
[ 1180.826686] INFO: Object 0xffff8804097a9120 @offset=4384
fp=0xffff8804097a8890
[ 1180.826689]
[ 1180.826781] Bytes b4 0xffff8804097a9110: 91 48 01 00 01 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a .H......ZZZZZZZZ
[ 1180.827478] Object 0xffff8804097a9120: 30 de 70 fc 03 88 ff ff 48
91 7a 09 04 88 ff ff 0Þpü..ÿÿH.z...ÿÿ
[ 1180.828179] Object 0xffff8804097a9130: 48 92 7a 09 04 88 ff ff ce
00 00 00 00 01 00 00 H.z...ÿÿÎ.......
[ 1180.829149] Object 0xffff8804097a9140: ce 00 00 00 ce 00 00 00 5b
20 20 20 20 32 2e 33 Î...Î...[....2.3
[ 1180.830162] Object 0xffff8804097a9150: 32 31 31 35 36 5d 20 70 63
69 20 30 30 30 30 3a 21156].pci.0000:
[ 1180.831118] Object 0xffff8804097a9160: 30 30 3a 31 33 2e 30 3a 20
5b 31 30 30 32 3a 34 00:13.0:.[1002:4
[ 1180.831796] Object 0xffff8804097a9170: 33 39 37 5d 20 74 79 70 65
20 30 20 63 6c 61 73 397].type.0.clas
[ 1180.832492] Object 0xffff8804097a9180: 73 20 30 78 30 30 30 63 30
33 0d 0a 5b 20 20 20 s.0x000c03..[...
[ 1180.833482] Object 0xffff8804097a9190: 20 32 2e 33 32 31 31 36 36
5d 20 70 63 69 20 30 .2.321166].pci.0
[ 1180.834173] Object 0xffff8804097a91a0: 30 30 30 3a 30 30 3a 31 33
2e 30 3a 20 72 65 67 000:00:13.0:.reg
[ 1180.835134] Object 0xffff8804097a91b0: 20 31 30 3a 20 5b 6d 65 6d
20 30 78 66 65 31 66 .10:.[mem.0xfe1f
[ 1180.835240] Object 0xffff8804097a91c0: 64 30 30 30 2d 30 78 66 65
31 66 64 66 66 66 5d d000-0xfe1fdfff]
[ 1180.835240] Object 0xffff8804097a91d0: 0d 0a 5b 20 20 20 20 32 2e
33 32 31 32 31 38 5d ..[....2.321218]
[ 1180.835240] Object 0xffff8804097a91e0: 20 70 63 69 20 30 30 30 30
3a 30 30 3a 31 33 2e .pci.0000:00:13.
[ 1180.835240] Object 0xffff8804097a91f0: 32 3a 20 5b 31 30 30 32 3a
34 33 39 36 5d 20 74 2:.[1002:4396].t
[ 1180.835240] Object 0xffff8804097a9200: 79 70 65 20 30 20 63 6c 61
73 73 20 30 78 30 30 ype.0.class.0x00
[ 1180.835240] Object 0xffff8804097a9210: 30 63 30 33 0d 0a 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b 0c03..kkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9220: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9230: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9240: 6b 6b 6b 6b 6b 6b 6b 6b 00
00 00 00 00 00 00 00 kkkkkkkk........
[ 1180.835240] Object 0xffff8804097a9250: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9260: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9270: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9280: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9290: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92a0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92b0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92c0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92d0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92e0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a92f0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9300: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.835240] Object 0xffff8804097a9310: 00 00 00 00 00 00 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b ......kkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9320: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9330: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9340: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9350: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9360: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9370: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9380: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9390: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a93f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9400: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9410: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9420: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9430: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9440: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9450: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9460: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9470: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9480: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9490: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a94f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9500: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.835240] Object 0xffff8804097a9510: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[ 1180.835240] Redzone 0xffff8804097a9520: cc cc cc cc cc cc cc cc
ÌÌÌÌÌÌÌÌ
[ 1180.835240] Padding 0xffff8804097a9560: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 1180.835240] Pid: 8295, comm: kworker/5:0 Not tainted 3.0.0-rc2 #1
[ 1180.835240] Call Trace:
[ 1180.835240] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 1180.835240] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 1180.835240] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1180.835240] [<ffffffff810bb033>] ? free_debug_processing+0x133/0x250
[ 1180.835240] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 1180.835240] [<ffffffff81254c70>] ? free_tty_struct+0x30/0x30
[ 1180.835240] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1180.835240] [<ffffffff81254c66>] ? free_tty_struct+0x26/0x30
[ 1180.835240] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
[ 1180.835240] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
[ 1180.835240] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
[ 1180.835240] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1180.835240] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1180.835240] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 1180.835240] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 1180.835240] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 1180.835240] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 1180.835240] FIX kmalloc-1024: Restoring
0xffff8804097a9566-0xffff8804097a9567=0x5a
[ 1180.835240]
[ 1180.881652]
=============================================================================
[ 1180.881713] BUG kmalloc-1024: Object padding overwritten
[ 1180.881760]
-----------------------------------------------------------------------------
[ 1180.881763]
[ 1180.881859] INFO: 0xffff8803fc70eb06-0xffff8803fc70eb07. First byte
0x0 instead of 0x5a
[ 1180.881920] INFO: Allocated in tty_buffer_request_room+0xcc/0x1a0
age=69297 cpu=0 pid=5978
[ 1180.881981] INFO: Freed in __blockdev_direct_IO+0xa16/0xa90 age=69384
cpu=5 pid=5146
[ 1180.882040] INFO: Slab 0xffffea000df389c0 objects=29 used=3
fp=0xffff8803fc70de30 flags=0x8000000000004081
[ 1180.882099] INFO: Object 0xffff8803fc70e6c0 @offset=26304
fp=0xffff8803fc70de30
[ 1180.882102]
[ 1180.882192] Bytes b4 0xffff8803fc70e6b0: aa 40 01 00 01 00 00 00 5a
5a 5a 5a 5a 5a 5a 5a ª@......ZZZZZZZZ
[ 1180.882884] Object 0xffff8803fc70e6c0: 68 95 6c fc 03 88 ff ff e8
e6 70 fc 03 88 ff ff h.lü..ÿÿèæpü..ÿÿ
[ 1180.883583] Object 0xffff8803fc70e6d0: e8 e7 70 fc 03 88 ff ff 00
01 00 00 00 01 00 00 èçpü..ÿÿ........
[ 1180.884542] Object 0xffff8803fc70e6e0: 00 01 00 00 00 01 00 00 5b
20 20 20 20 32 2e 33 ........[....2.3
[ 1180.885223] Object 0xffff8803fc70e6f0: 32 30 38 31 38 5d 20 70 63
69 20 30 30 30 30 3a 20818].pci.0000:
[ 1180.886169] Object 0xffff8803fc70e700: 30 30 3a 30 34 2e 30 3a 20
50 4d 45 23 20 73 75 00:04.0:.PME#.su
[ 1180.886850] Object 0xffff8803fc70e710: 70 70 6f 72 74 65 64 20 66
72 6f 6d 20 44 30 20 pported.from.D0.
[ 1180.887535] Object 0xffff8803fc70e720: 44 33 68 6f 74 20 44 33 63
6f 6c 64 0d 0a 5b 20 D3hot.D3cold..[.
[ 1180.888848] Object 0xffff8803fc70e730: 20 20 20 32 2e 33 32 30 38
32 30 5d 20 70 63 69 ...2.320820].pci
[ 1180.889537] Object 0xffff8803fc70e740: 20 30 30 30 30 3a 30 30 3a
30 34 2e 30 3a 20 50 .0000:00:04.0:.P
[ 1180.890481] Object 0xffff8803fc70e750: 4d 45 23 20 64 69 73 61 62
6c 65 64 0d 0a 5b 20 ME#.disabled..[.
[ 1180.891161] Object 0xffff8803fc70e760: 20 20 20 32 2e 33 32 30 38
33 36 5d 20 70 63 69 ...2.320836].pci
[ 1180.891365] Object 0xffff8803fc70e770: 20 30 30 30 30 3a 30 30 3a
30 39 2e 30 3a 20 5b .0000:00:09.0:.[
[ 1180.891365] Object 0xffff8803fc70e780: 31 30 32 32 3a 39 36 30 38
5d 20 74 79 70 65 20 1022:9608].type.
[ 1180.891365] Object 0xffff8803fc70e790: 31 20 63 6c 61 73 73 20 30
78 30 30 30 36 30 34 1.class.0x000604
[ 1180.891365] Object 0xffff8803fc70e7a0: 0d 0a 5b 20 20 20 20 32 2e
33 32 30 38 35 35 5d ..[....2.320855]
[ 1180.891365] Object 0xffff8803fc70e7b0: 20 70 63 69 20 30 30 30 30
3a 30 30 3a 30 39 2e .pci.0000:00:09.
[ 1180.891365] Object 0xffff8803fc70e7c0: 30 3a 20 50 4d 45 23 20 73
75 70 70 6f 72 74 65 0:.PME#.supporte
[ 1180.891365] Object 0xffff8803fc70e7d0: 64 20 66 72 6f 6d 20 44 30
20 44 33 68 6f 74 20 d.from.D0.D3hot.
[ 1180.891365] Object 0xffff8803fc70e7e0: 44 33 63 6f 6c 64 0d 0a 00
00 00 00 00 00 00 00 D3cold..........
[ 1180.891365] Object 0xffff8803fc70e7f0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e800: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e810: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e820: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e830: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e840: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e850: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e860: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e870: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e880: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e890: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e8a0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e8b0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e8c0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e8d0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
[ 1180.891365] Object 0xffff8803fc70e8e0: 00 00 00 00 00 00 00 00 6b
6b 6b 6b 6b 6b 6b 6b ........kkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e8f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e900: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e910: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e920: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e930: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e940: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e950: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e960: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e970: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e980: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e990: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70e9f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea00: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea10: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea20: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea30: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea40: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea50: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea60: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea70: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea80: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70ea90: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70eaa0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
[ 1180.891365] Object 0xffff8803fc70eab0: 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
[ 1180.891365] Redzone 0xffff8803fc70eac0: cc cc cc cc cc cc cc cc
ÌÌÌÌÌÌÌÌ
[ 1180.891365] Padding 0xffff8803fc70eb00: 5a 5a 5a 5a 5a 5a 00 00
ZZZZZZ..
[ 1180.891365] Pid: 8295, comm: kworker/5:0 Not tainted 3.0.0-rc2 #1
[ 1180.891365] Call Trace:
[ 1180.891365] [<ffffffff810ba41d>] ? check_bytes_and_report+0x10d/0x150
[ 1180.891365] [<ffffffff810ba509>] ? check_object+0xa9/0x260
[ 1180.891365] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1180.891365] [<ffffffff810bb033>] ? free_debug_processing+0x133/0x250
[ 1180.891365] [<ffffffff810bb27b>] ? __slab_free+0x12b/0x140
[ 1180.891365] [<ffffffff81254c70>] ? free_tty_struct+0x30/0x30
[ 1180.891365] [<ffffffff8125acf7>] ? tty_buffer_free_all+0x47/0x70
[ 1180.891365] [<ffffffff81254c66>] ? free_tty_struct+0x26/0x30
[ 1180.891365] [<ffffffff8104f28b>] ? process_one_work+0xfb/0x3b0
[ 1180.891365] [<ffffffff8104f964>] ? worker_thread+0x144/0x3d0
[ 1180.891365] [<ffffffff8102cc10>] ? __wake_up_common+0x50/0x80
[ 1180.891365] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1180.891365] [<ffffffff8104f820>] ? rescuer_thread+0x2e0/0x2e0
[ 1180.891365] [<ffffffff81053436>] ? kthread+0x96/0xa0
[ 1180.891365] [<ffffffff813e1d14>] ? kernel_thread_helper+0x4/0x10
[ 1180.891365] [<ffffffff810533a0>] ? kthread_worker_fn+0x120/0x120
[ 1180.891365] [<ffffffff813e1d10>] ? gs_change+0xb/0xb
[ 1180.891365] FIX kmalloc-1024: Restoring
0xffff8803fc70eb06-0xffff8803fc70eb07=0x5a
[ 1180.891365]
^ permalink raw reply
* Re: [PATCH 1/2] vlan: only create special VLAN 0 once
From: Patrick McHardy @ 2011-06-07 15:17 UTC (permalink / raw)
To: David Miller; +Cc: jbohac, netdev, pedro.netdev
In-Reply-To: <20110605.142823.1727360496050285755.davem@davemloft.net>
On 05.06.2011 23:28, David Miller wrote:
> From: Jiri Bohac <jbohac@suse.cz>
> Date: Fri, 3 Jun 2011 22:07:38 +0200
>
>> Commit ad1afb00 registers a VLAN with vid == 0 for every device to handle
>> 802.1p frames. This is currently done on every NETDEV_UP event and the special
>> vlan is never unregistered. This may have strange effects on drivers
>> implementning ndo_vlan_rx_add_vid(). E.g. bonding will allocate a linked-list
>> element each time, causing a memory leak.
>>
>> Only register the special VLAN once on NETDEV_REGISTER.
>>
>> Signed-off-by: Jiri Bohac <jbohac@suse.cz>
>
> I recognize the problem, but this solution isn't all that good.
>
> I am pretty sure that the hardware device driver methods that
> implement ndo_vlan_rx_add_vid() assume that the device is up.
> Because most drivers completely reset the chip when the
> interface is brought up and this will likely clear out the
> VLAN ID tables in the chip.
>
Good point.
I don't think this approach works very well at all since
some drivers don't do incremental updates, but iterate over
the registered VLAN group when constructing filters. The
group is not created until the first real VLAN device is
registered however.
Based on a quick grep (may have missed some):
- via_velocity, mlx4, starfire: will do nothing
- benet, igb, vxge, igbvf, ixgbevf, e1000e: would oops on
rx_kill_vid due to unnecessary vlan_group_set_device()
The assumption of the drivers that a VLAN group exists
before the first VID is configured is reasonable in my
opinion, a lot of them also don't even configure VLAN
filtering until the VLAN group is registered.
So I think a good solution would be to make sure all
drivers don't enable VLAN filtering before the first
VLAN is actually registered and do the automatic
registration of VID 0 once the first real VLAN device
is created.
Also the code currently doesn't handle module unload:
regulary registered VLAN devices are removed through
rtnl_link, the manually registered VIDs need to be
removed manually.
^ permalink raw reply
* Re: [PATCH] Use unsigned variables for packet lengths in ip[6]_queue.
From: Patrick McHardy @ 2011-06-07 15:19 UTC (permalink / raw)
To: Dave Jones; +Cc: David Miller, netdev, netfilter-devel, pablo
In-Reply-To: <20110607143924.GA5257@redhat.com>
On 07.06.2011 16:39, Dave Jones wrote:
> On Tue, Jun 07, 2011 at 04:19:08PM +0200, Patrick McHardy wrote:
>
> > >>> With the patch below, I haven't been able to reproduce the problem, but
> > >>> I don't know if I've inadvertantly broken some other behaviour somewhere
> > >>> deeper in netlink where this is valid.
> > >
> > > This is fine, but I'm wondering whether this can really fix the problem
> > > you've been seeing. Before the packet is reallocated, the length of
> > > nlmsglen - NLMSGLEN(0) - sizeof(struct ipq_peer_msg) is compared to
> > > ipq_peer_msg->data_len, so both values need to be wrong.
> > > ipq_peer_msg->data_len is a size_t, so it's unsigned.
> > >
> > > I think what we should additionally do is verify that data_len < 65535
> > > since that's the maximum size of an IP packet.
> >
> > We're actually already doing this. This makes it even more strange that
> > you're seeing this problem. Could you send me your testcase?
>
> I don't have a standalone test-case, just a generic fuzzing tool that passes
> sockets to various syscalls. You can clone it from git://git.codemonkey.org.uk/trinity.git/
> (the test-random.sh should explain how to use it)
Thanks, that explains the weird values. Still wondering how it managed
to get passed the ipq_peer_msg length check.
Anyways, I'll give it a try myself.
^ permalink raw reply
* Re: KVM induced panic on 2.6.38[2367] & 2.6.39
From: Patrick McHardy @ 2011-06-07 15:35 UTC (permalink / raw)
To: Brad Campbell
Cc: Bart De Schuymer, kvm, linux-mm, linux-kernel, netdev,
netfilter-devel
In-Reply-To: <4DEE3859.6070808@fnarfbargle.com>
On 07.06.2011 16:40, Brad Campbell wrote:
> On 07/06/11 21:30, Patrick McHardy wrote:
>> On 07.06.2011 05:33, Brad Campbell wrote:
>>> On 07/06/11 04:10, Bart De Schuymer wrote:
>>>> Hi Brad,
>>>>
>>>> This has probably nothing to do with ebtables, so please rmmod in case
>>>> it's loaded.
>>>> A few questions I didn't directly see an answer to in the threads I
>>>> scanned...
>>>> I'm assuming you actually use the bridging firewall functionality. So,
>>>> what iptables modules do you use? Can you reduce your iptables rules to
>>>> a core that triggers the bug?
>>>> Or does it get triggered even with an empty set of firewall rules?
>>>> Are you using a stock .35 kernel or is it patched?
>>>> Is this something I can trigger on a poor guy's laptop or does it
>>>> require specialized hardware (I'm catching up on qemu/kvm...)?
>>>
>>> Not specialised hardware as such, I've just not been able to reproduce
>>> it outside of this specific operating scenario.
>>
>> The last similar problem we've had was related to the 32/64 bit compat
>> code. Are you running 32 bit userspace on a 64 bit kernel?
>
> No, 32 bit Guest OS, but a completely 64 bit userspace on a 64 bit kernel.
>
> Userspace is current Debian Stable. Kernel is Vanilla and qemu-kvm is
> current git
>
>
>>> I can't trigger it with empty firewall rules as it relies on a DNAT to
>>> occur. If I try it directly to the internal IP address (as I have to
>>> without netfilter loaded) then of course nothing fails.
>>>
>>> It's a pain in the bum as a fault, but it's one I can easily reproduce
>>> as long as I use the same set of circumstances.
>>>
>>> I'll try using 3.0-rc2 (current git) tonight, and if I can reproduce it
>>> on that then I'll attempt to pare down the IPTABLES rules to a bare
>>> minimum.
>>>
>>> It is nothing to do with ebtables as I don't compile it. I'm not really
>>> sure about "bridging firewall" functionality. I just use a couple of
>>> hand coded bash scripts to set the tables up.
>>
>> From one of your previous mails:
>>
>>> # CONFIG_BRIDGE_NF_EBTABLES is not set
>>
>> How about CONFIG_BRIDGE_NETFILTER?
>>
>
> It was compiled in.
>
> With the following table set I was able to reproduce the problem on
> 3.0-rc2. Replaced my IP with xxx.xxx.xxx.xxx, but otherwise unmodified
Which kernel was the last version without this problem?
> root@srv:~# iptables-save
> # Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
> *filter
> :INPUT ACCEPT [978:107619]
> :FORWARD ACCEPT [142:7068]
> :OUTPUT ACCEPT [1659:291870]
> -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT ! -i ppp0 -m state --state NEW -j ACCEPT
> -A INPUT -i ppp0 -j DROP
> COMMIT
> # Completed on Tue Jun 7 22:11:30 2011
> # Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
> *nat
> :PREROUTING ACCEPT [813:49170]
> :INPUT ACCEPT [91:7090]
> :OUTPUT ACCEPT [267:20731]
> :POSTROUTING ACCEPT [296:22281]
> -A PREROUTING -d xxx.xxx.xxx.xxx/32 ! -i ppp0 -p tcp -m tcp --dport 443
> -j DNAT --to-destination 192.168.253.198
> COMMIT
> # Completed on Tue Jun 7 22:11:30 2011
> # Generated by iptables-save v1.4.10 on Tue Jun 7 22:11:30 2011
> *mangle
> :PREROUTING ACCEPT [2729:274392]
> :INPUT ACCEPT [2508:262976]
> :FORWARD ACCEPT [142:7068]
> :OUTPUT ACCEPT [1674:293701]
> :POSTROUTING ACCEPT [2131:346411]
> -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss
> 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
> COMMIT
> # Completed on Tue Jun 7 22:11:30 2011
The main suspects would be NAT and TCPMSS. Did you also try whether
the crash occurs with only one of these these rules?
> I've just compiled out CONFIG_BRIDGE_NETFILTER and can no longer access
> the address the way I was doing it, so that's a no-go for me.
That's really weird since you're apparently not using any bridge
netfilter features. It shouldn't have any effect besides changing
at which point ip_tables is invoked. How are your network devices
configured (specifically any bridges)?
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCHv2 RFC 4/4] Revert "virtio: make add_buf return capacity remaining:
From: Michael S. Tsirkin @ 2011-06-07 15:54 UTC (permalink / raw)
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA
Cc: Krishna Kumar, Carsten Otte, lguest-uLR06cmDAlY/bJ5BZ2RsiQ,
Shirley Ma, kvm-u79uwXL29TY76Z2rM5mHXA,
linux-s390-u79uwXL29TY76Z2rM5mHXA, netdev-u79uwXL29TY76Z2rM5mHXA,
habanero-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8, Heiko Carstens,
virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA,
steved-r/Jw6+rmf7HQT0dZR+AlfA, Christian Borntraeger,
Tom Lendacky, Martin Schwidefsky, linux390-tA70FqPdS9bQT0dZR+AlfA
In-Reply-To: <7572d6fb81181e349af4a8b203ea0977f6e91ae1.1307029009.git.mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Thu, Jun 02, 2011 at 06:43:25PM +0300, Michael S. Tsirkin wrote:
> This reverts commit 3c1b27d5043086a485f8526353ae9fe37bfa1065.
> The only user was virtio_net, and it switched to
> min_capacity instead.
>
> Signed-off-by: Michael S. Tsirkin <mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
It turns out another place in virtio_net: receive
buf processing - relies on the old behaviour:
try_fill_recv:
do {
if (vi->mergeable_rx_bufs)
err = add_recvbuf_mergeable(vi, gfp);
else if (vi->big_packets)
err = add_recvbuf_big(vi, gfp);
else
err = add_recvbuf_small(vi, gfp);
oom = err == -ENOMEM;
if (err < 0)
break;
++vi->num;
} while (err > 0);
The point is to avoid allocating a buf if
the ring is out of space and we are sure
add_buf will fail.
It works well for mergeable buffers and for big
packets if we are not OOM. small packets and
oom will do extra get_page/put_page calls
(but maybe we don't care).
So this is RX, I intend to drop it from this patchset and focus on the
TX side for starters.
> ---
> drivers/virtio/virtio_ring.c | 2 +-
> include/linux/virtio.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> index 23422f1..a6c21eb 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -233,7 +233,7 @@ add_head:
> pr_debug("Added buffer head %i to %p\n", head, vq);
> END_USE(vq);
>
> - return vq->num_free;
> + return 0;
> }
> EXPORT_SYMBOL_GPL(virtqueue_add_buf_gfp);
>
> diff --git a/include/linux/virtio.h b/include/linux/virtio.h
> index 209220d..63c4908 100644
> --- a/include/linux/virtio.h
> +++ b/include/linux/virtio.h
> @@ -34,7 +34,7 @@ struct virtqueue {
> * in_num: the number of sg which are writable (after readable ones)
> * data: the token identifying the buffer.
> * gfp: how to do memory allocations (if necessary).
> - * Returns remaining capacity of queue (sg segments) or a negative error.
> + * Returns 0 on success or a negative error.
> * virtqueue_kick: update after add_buf
> * vq: the struct virtqueue
> * After one or more add_buf calls, invoke this to kick the other side.
> --
> 1.7.5.53.gc233e
^ permalink raw reply
* Re: [PATCHv2 RFC 3/4] virtio_net: limit xmit polling
From: Michael S. Tsirkin @ 2011-06-07 15:59 UTC (permalink / raw)
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA
Cc: Krishna Kumar, Carsten Otte, lguest-uLR06cmDAlY/bJ5BZ2RsiQ,
Shirley Ma, kvm-u79uwXL29TY76Z2rM5mHXA,
linux-s390-u79uwXL29TY76Z2rM5mHXA, netdev-u79uwXL29TY76Z2rM5mHXA,
habanero-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8, Heiko Carstens,
virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA,
steved-r/Jw6+rmf7HQT0dZR+AlfA, Christian Borntraeger,
Tom Lendacky, Martin Schwidefsky, linux390-tA70FqPdS9bQT0dZR+AlfA
In-Reply-To: <a80199422de16ae355e56ee1b2abc9b2bf91a7f6.1307029009.git.mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Thu, Jun 02, 2011 at 06:43:17PM +0300, Michael S. Tsirkin wrote:
> Current code might introduce a lot of latency variation
> if there are many pending bufs at the time we
> attempt to transmit a new one. This is bad for
> real-time applications and can't be good for TCP either.
>
> Free up just enough to both clean up all buffers
> eventually and to be able to xmit the next packet.
>
> Signed-off-by: Michael S. Tsirkin <mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
I've been testing this patch and it seems to work fine
so far. The following fixups are needed to make it
build though:
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index b25db1c..77cdf34 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -529,11 +529,8 @@ static bool free_old_xmit_skb(struct virtnet_info *vi)
* virtqueue_add_buf will succeed. */
static bool free_xmit_capacity(struct virtnet_info *vi)
{
- struct sk_buff *skb;
- unsigned int len;
-
while (virtqueue_min_capacity(vi->svq) < MAX_SKB_FRAGS + 2)
- if (unlikely(!free_old_xmit_skb))
+ if (unlikely(!free_old_xmit_skb(vi)))
return false;
return true;
}
@@ -628,7 +625,7 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev)
* Doing this after kick means there's a chance we'll free
* the skb we have just sent, which is hot in cache. */
for (i = 0; i < 2; i++)
- free_old_xmit_skb(v);
+ free_old_xmit_skb(vi);
if (likely(free_xmit_capacity(vi)))
return NETDEV_TX_OK;
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox