Re: [Bug #16626] Machine hangs with EIP at skb_copy_and_csum_dev
From: Eric Dumazet
Date: Wed Sep 01 2010 - 09:57:55 EST
Le mercredi 01 septembre 2010 Ã 11:20 +0000, Jarek Poplawski a Ãcrit :
> On Wed, Sep 01, 2010 at 12:50:51PM +0200, Eric Dumazet wrote:
> > Plamen, could you test following patch ?
> >
> > I reproduced problem on a dev machine and following patch cured it.
> >
> > Thanks
> >
> > [PATCH] gro: fix different skb headrooms
> >
> > packets entering GRO might have different headrooms, even for a given
> > flow (because of implementation details in drivers, like copybreak).
> > We cant force drivers to deliver packets with a fixed headroom.
> >
> > 1) fix skb_segment()
> >
> > skb_segment() makes the false assumption headrooms of fragments are same
> > than the head. When CHECKSUM_PARTIAL is used, this can give csum_start
> > errors, and crash later in skb_copy_and_csum_dev()
>
> Eric, probably I missed something, but since the same test as in
> skb_copy_and_csum_dev() gave different result a bit earlier on exactly
> the same skb, I've suspected some sharing (or use after free)
> problems, so I'm not sure your current diagnose can explain this.
> (Unless this old test was dismissed later.)
Oh, this is because your patch had an error for the gso part that read :
- rc = ops->ndo_start_xmit(nskb, dev);
+ if (skb_csum_start_bug(skb, 50)) {
+ kfree_skb(skb);
+ rc = NETDEV_TX_OK;
+ } else
+ rc = ops->ndo_start_xmit(nskb, dev);
+
if (unlikely(rc != NETDEV_TX_OK)) {
if (rc & ~NETDEV_TX_MASK)
goto out_kfree_gso_skb;
You called skb_csum_start_bug(skb, 50) instead of
skb_csum_start_bug(nskb, 50)
Hope this clarify a bit ;)
Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/