Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated memory
allocation in the packet send path. This commit introduced a bug since it
did not account for the case if the skb was cloned. Fix this bug by
using the pre-reserved head room only if the skb is not cloned.
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
drivers/net/hyperv/netvsc_drv.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
index a3a9d38..7eb0251 100644
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -421,7 +421,7 @@ check_size:
pkt_sz = sizeof(struct hv_netvsc_packet) + RNDIS_AND_PPI_SIZE;
- if (head_room < pkt_sz) {
+ if (skb->cloned || head_room < pkt_sz) {
packet = kmalloc(pkt_sz, GFP_ATOMIC);
if (!packet) {
/* out of memory, drop packet */
--
1.7.4.1
From: "K. Y. Srinivasan" <[email protected]>
Date: Mon, 27 Apr 2015 18:14:50 -0700
> Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated memory
> allocation in the packet send path. This commit introduced a bug since it
> did not account for the case if the skb was cloned. Fix this bug by
> using the pre-reserved head room only if the skb is not cloned.
>
> Signed-off-by: K. Y. Srinivasan <[email protected]>
We have generic infrastructure to do this, please try instead:
err = skb_cow_head(skb, pkt_sz);
this will take care of everything for you and you can get rid
of all of this dynamic memory allocation etc. in this code
path.
> -----Original Message-----
> From: devel [mailto:[email protected]] On
> Behalf Of K. Y. Srinivasan
> Sent: Tuesday, April 28, 2015 9:15
> To: [email protected]; [email protected]; linux-
> [email protected]; [email protected]; [email protected];
> [email protected]; [email protected]
> Subject: [PATCH net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit()
>
> Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b
> eliminated memory
> allocation in the packet send path. This commit introduced a bug since it
> did not account for the case if the skb was cloned. Fix this bug by
> using the pre-reserved head room only if the skb is not cloned.
>
> Signed-off-by: K. Y. Srinivasan <[email protected]>
> ---
> drivers/net/hyperv/netvsc_drv.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/net/hyperv/netvsc_drv.c
> b/drivers/net/hyperv/netvsc_drv.c
> index a3a9d38..7eb0251 100644
> --- a/drivers/net/hyperv/netvsc_drv.c
> +++ b/drivers/net/hyperv/netvsc_drv.c
> @@ -421,7 +421,7 @@ check_size:
>
> pkt_sz = sizeof(struct hv_netvsc_packet) + RNDIS_AND_PPI_SIZE;
>
> - if (head_room < pkt_sz) {
> + if (skb->cloned || head_room < pkt_sz) {
> packet = kmalloc(pkt_sz, GFP_ATOMIC);
> if (!packet) {
> /* out of memory, drop packet */
> --
Without the patch, the guest can panic due to memory corruption.
I confirm the patch can fix the panic I saw.
Tested-by: Dexuan Cui <[email protected]>
Thanks,
-- Dexuan
> -----Original Message-----
> From: David Miller [mailto:[email protected]]
> Sent: Monday, April 27, 2015 7:57 PM
> To: KY Srinivasan
> Cc: [email protected]; [email protected];
> [email protected]; [email protected]; [email protected];
> [email protected]
> Subject: Re: [PATCH net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit()
>
> From: "K. Y. Srinivasan" <[email protected]>
> Date: Mon, 27 Apr 2015 18:14:50 -0700
>
> > Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated
> memory
> > allocation in the packet send path. This commit introduced a bug since it
> > did not account for the case if the skb was cloned. Fix this bug by
> > using the pre-reserved head room only if the skb is not cloned.
> >
> > Signed-off-by: K. Y. Srinivasan <[email protected]>
>
> We have generic infrastructure to do this, please try instead:
>
> err = skb_cow_head(skb, pkt_sz);
>
> this will take care of everything for you and you can get rid
> of all of this dynamic memory allocation etc. in this code
> path.
Thanks David; I will resubmit this patch.
Regards,
K. Y
Hello.
On 04/28/2015 04:14 AM, K. Y. Srinivasan wrote:
> Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated memory
One "commit" is enough. :-)
And please also specify that commit's summary in parens.
> allocation in the packet send path. This commit introduced a bug since it
> did not account for the case if the skb was cloned. Fix this bug by
> using the pre-reserved head room only if the skb is not cloned.
> Signed-off-by: K. Y. Srinivasan <[email protected]>
[...]
WBR, Sergei
> -----Original Message-----
> From: Sergei Shtylyov [mailto:[email protected]]
> Sent: Tuesday, April 28, 2015 11:27 AM
> To: KY Srinivasan; [email protected]; [email protected]; linux-
> [email protected]; [email protected]; [email protected];
> [email protected]; [email protected]
> Subject: Re: [PATCH net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit()
>
> Hello.
>
> On 04/28/2015 04:14 AM, K. Y. Srinivasan wrote:
>
> > Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated
> memory
>
> One "commit" is enough. :-)
> And please also specify that commit's summary in parens.
>
> > allocation in the packet send path. This commit introduced a bug since it
> > did not account for the case if the skb was cloned. Fix this bug by
> > using the pre-reserved head room only if the skb is not cloned.
>
> > Signed-off-by: K. Y. Srinivasan <[email protected]>
>
> [...]
>
> WBR, Sergei
Will do; thanks.
K. Y