Re: Help: major pppoe regression since 2.6.35 (panic on first pppconection)?

From: Eric Dumazet
Date: Wed Dec 22 2010 - 11:25:14 EST

Next message: David Howells: "[PATCH] KEYS: Don't call up_write() if __key_link_begin() returns anerror"
Previous message: Takashi Iwai: "Re: [git pull] drm fixes"
In reply to: Joel Soete: "Re: Help: major pppoe regression since 2.6.35 (panic on first pppconection)?"
Next in thread: Joel Soete: "Re: Help: major pppoe regression since 2.6.35 (panic on first pppconection)?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le mercredi 22 dÃcembre 2010 Ã 17:00 +0100, Joel Soete a Ãcrit :
> Hello Jarek,
>
> Nice to read you :<)
>
> On 12/22/2010 12:00 PM, Jarek Poplawski wrote:
> > On 2010-12-22 09:22, Andrew Morton wrote:
> >> (cc netdev)
> >>
> >> The bug is still present in 2.6.37-rc6.
> >>
> >> On Sat, 18 Dec 2010 11:33:14 +0000 Joel Soete<soete.joel@xxxxxxxxxx> wrote:
> >>
> >>> Hello all,
> >
> > Hi,
> > Could you reproduce this bug with a vanilla kernel (without nvidia
> > patch)? If so, please include dmesg and .config to the next report.
> >
> Yes (it was already a vanilla kernel but 2.6.35 with my config, even thought same issue occurs some other distro stock
> kernel 2.6.35), but here are some more dmesg with vanilla 2.6.37-rc6 and rc7 (I just added your debugging patch
> I found here, just because if I don't do it kernel is panicing immediately without letting any chance to capture dmesg (and
> unfortunately I don't have any more chance to grab panic messages from serial console: no more rs232 on latest office laptop :<)
>
> So you will find here attached personal config files of 2 kernels and respective dmesg.
>
> If ever you need more details, don't hesitate to ask me.
>
> Thanks a lot,
> J.

Something overwrites nr_frags in skb_shinfo(skb)

As skb_shinfo follows head portion of an skb, something overflows skb
head

Please try adding some room like in following patch ?

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index e6ba898..adf2834 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -187,6 +187,7 @@ enum {
* the end of the header data, ie. at skb->end.
*/
struct skb_shared_info {
+ char filler[64];
unsigned short nr_frags;
unsigned short gso_size;
/* Warning: this field is not always filled in (UFO)! */

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "[PATCH] KEYS: Don't call up_write() if __key_link_begin() returns anerror"
Previous message: Takashi Iwai: "Re: [git pull] drm fixes"
In reply to: Joel Soete: "Re: Help: major pppoe regression since 2.6.35 (panic on first pppconection)?"
Next in thread: Joel Soete: "Re: Help: major pppoe regression since 2.6.35 (panic on first pppconection)?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]