Re: kernel panic in skb_copy_bits

From: Eric Dumazet
Date: Sun Jun 30 2013 - 03:51:03 EST

Next message: Mike Galbraith: "sched: context tracking demolishes pipe-test"
Previous message: Masami Hiramatsu: "Re: Re: [PATCH] tracing/kprobe: Recover old array if fails toenable kprobe"
In reply to: Joe Jin: "Re: kernel panic in skb_copy_bits"
Next in thread: Alex Bligh: "Re: kernel panic in skb_copy_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2013-06-30 at 08:26 +0800, Joe Jin wrote:

> So far we suspected it caused by iscsi called sendpage(), and later page
> be unmapped but still trying copy skb. We'll try to disable sg to see if
> help or no.

sendpage() should increment page refcounts for every page frag of an
skb, therefore page should not be unmapped.

Of course userland can either rewrite the content, or unmap() the page,
but the underlying page cannot be freed as long skb is not freed.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Galbraith: "sched: context tracking demolishes pipe-test"
Previous message: Masami Hiramatsu: "Re: Re: [PATCH] tracing/kprobe: Recover old array if fails toenable kprobe"
In reply to: Joe Jin: "Re: kernel panic in skb_copy_bits"
Next in thread: Alex Bligh: "Re: kernel panic in skb_copy_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]