Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga) causeskernel oops

From: Eric Dumazet
Date: Mon Oct 17 2011 - 22:30:41 EST

Next message: pingfank: "Currnetly, how can host know the cpu unplug event on guest"
Previous message: Dave Young: "Re: [PATCH] drm: avoid switching to text console if there is no panic timeout"
In reply to: Elmar Vonlanthen: "Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga) causeskernel oops"
Next in thread: Herbert Xu: "Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga)causes kernel oops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le lundi 17 octobre 2011 Ã 09:16 +0200, Elmar Vonlanthen a Ãcrit :
> 2011/10/14 Eric Dumazet <eric.dumazet@xxxxxxxxx>:
> > Please try following patch :
> >
> > [PATCH] ip_gre: dont increase dev->needed_headroom on a live device
> >
> > It seems ip_gre is able to change dev->needed_headroom on the fly.
> >
> > Its is not legal unfortunately and triggers a BUG in raw_sendmsg()
> >
> > skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev)
> >
> > < another cpu change dev->needed_headromm (making it bigger)
> >
> > ...
> > skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));
> >
> > We end with LL_RESERVED_SPACE() being bigger than LL_ALLOCATED_SPACE()
> > -> we crash later because skb head is exhausted.
> >
> > Bug introduced in commit 243aad83 in 2.6.34 (ip_gre: include route
> > header_len in max_headroom calculation)
> >
> > Reported-by: Elmar Vonlanthen <evonlanthen@xxxxxxxxx>
> > Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> > CC: Timo TerÃs <timo.teras@xxxxxx>
> > CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> > ---
> > diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
> > index 8871067..1505dcf 100644
> > --- a/net/ipv4/ip_gre.c
> > +++ b/net/ipv4/ip_gre.c
> > @@ -835,8 +835,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
> > if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
> > (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
> > struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
> > - if (max_headroom > dev->needed_headroom)
> > - dev->needed_headroom = max_headroom;
> > if (!new_skb) {
> > ip_rt_put(rt);
> > dev->stats.tx_dropped++;
>
> Hello
>
> I tried this patch and I was not able anymore to reproduce the kernel
> oops. So the patch solved the bug.
> Thank you very much!
>
> Would it be possible to add the patch to the long term kernel 2.6.35
> as well? Because this is the one I use at the moment in production.
>

Thanks for testing.

If David/Herbert/Timo agree, then patch should find its way into current
kernel, then to stable trees as well.

Thanks

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: pingfank: "Currnetly, how can host know the cpu unplug event on guest"
Previous message: Dave Young: "Re: [PATCH] drm: avoid switching to text console if there is no panic timeout"
In reply to: Elmar Vonlanthen: "Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga) causeskernel oops"
Next in thread: Herbert Xu: "Re: PROBLEM: System call 'sendmsg' of process ospfd (quagga)causes kernel oops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]