Hello!
On Mon, May 22, 2000 at 07:13:18PM -0400, Whit Blauvelt wrote:
> >>EIP: c01792c2 <tcp_keepalive+e6/18c>
> Code: c01792c2 <tcp_keepalive+e6/18c> 00000000 <_EIP>: <===
> Code: c01792c2 <tcp_keepalive+e6/18c> 0: 8b 40 50 mov 0x50(%eax),%eax <===
> Code: c01792c5 <tcp_keepalive+e9/18c> 3: ff d0 call *%eax
> Code: c01792c7 <tcp_keepalive+eb/18c> 5: 83 c4 10 add $0x10,%esp
> Code: c01792ca <tcp_keepalive+ee/18c> 8: 83 fe 01 cmp $0x1,%esi
> Code: c01792cd <tcp_keepalive+f1/18c> b: 75 06 jne c01792d5 <tcp_keepalive+f9/18c>
> Code: c01792cf <tcp_keepalive+f3/18c> d: ff 0d 0c 41 25 c0 decl 0xc025410c
> Code: c01792d5 <tcp_keepalive+f9/18c> 13: 66 data16
Well, I found this code to be responsible for crash, in include/net/tcp.h:
case TCP_CLOSE:
{
struct tcp_opt *tp = &sk->tp_pinfo.af_tcp;
/* Should be about 2 rtt's */
net_reset_timer(sk, TIME_DONE, min(tp->srtt * 2, TCP_DONE_TIME));
sk->prot->unhash(sk); <--- HERE sk->prot == NULL
/* fall through */
I have no better idea than this patch, then:
--- include/net/tcp.h.orig Tue May 23 13:34:01 2000
+++ include/net/tcp.h Tue May 23 13:34:44 2000
@@ -909,7 +909,8 @@
struct tcp_opt *tp = &sk->tp_pinfo.af_tcp;
/* Should be about 2 rtt's */
net_reset_timer(sk, TIME_DONE, min(tp->srtt * 2, TCP_DONE_TIME));
- sk->prot->unhash(sk);
+ if (sk->prot)
+ sk->prot->unhash(sk);
/* fall through */
}
default:
Try it on top of my previous patch.
Well, in fact there is a lot places in kernel that depends on sk->prot
not being NULL. It seems just bad luck, that BH was executed when
one of struck sock, was not filled enough.
At list this same oops should not occur with this patch.
We'll see what comes next.
2 NET Gurus: Or may be I am overlooking smth and sk->proto allowed to be NULL?
Bye,
Oleg
-- System Administrator Tank Hill Ukraine- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:23 EST