RE: [PATCH] net: Fix skb_under_panic oops in neigh_resolve_output

From: Eric Dumazet
Date: Fri Oct 05 2012 - 12:59:42 EST

Next message: Andy Shevchenko: "Re: [PATCHv2.5] trace: reuse kbasename() functionality"
Previous message: Steven Rostedt: "Re: [PATCH -tip 2/4] tracing: add a resize function for making onebuffer equivalent to the other buffer"
In reply to: Ramesh Nagappa: "RE: [PATCH] net: Fix skb_under_panic oops in neigh_resolve_output"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2012-10-05 at 12:33 -0400, Ramesh Nagappa wrote:
> Hi Eric,
>
> Yes, that is a good optimization. neigh_resolve_output() also has the
> __skb_pull() outside the loop, is that required ? The changes would be
> like ...
>
> neigh_resolve_output()
> ...
> - __skb_pull(skb, skb_network_offset(skb));
>
>
> if (!neigh_event_send(neigh, skb)) {
> int err;
> struct net_device *dev = neigh->dev;
> unsigned int seq;
>
> if (dev->header_ops->cache && !neigh->hh.hh_len)
> neigh_hh_init(neigh, dst);
>
> do {
> + __skb_pull(skb, skb_network_offset(skb));
> seq = read_seqbegin(&neigh->ha_lock);
> err = dev_hard_header(skb, dev, ntohs(skb->protocol),
> neigh->ha, NULL, skb->len);
> } while (read_seqretry(&neigh->ha_lock, seq));

All similar constructions should be audited.

For example in net/decnet/dn_neigh.c , dn_neigh_output_packet()

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andy Shevchenko: "Re: [PATCHv2.5] trace: reuse kbasename() functionality"
Previous message: Steven Rostedt: "Re: [PATCH -tip 2/4] tracing: add a resize function for making onebuffer equivalent to the other buffer"
In reply to: Ramesh Nagappa: "RE: [PATCH] net: Fix skb_under_panic oops in neigh_resolve_output"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]