Received: by 10.223.176.46 with SMTP id f43csp1338501wra; Fri, 19 Jan 2018 10:03:49 -0800 (PST) X-Google-Smtp-Source: ACJfBotJjgNC2Ps/CIgNCPiZ8d/XAhEzQ3VdiH8Ck1lRAUh1n8IhCZdt0dtEwZrcQmpDkJcBXJy7 X-Received: by 10.98.47.193 with SMTP id v184mr9405658pfv.90.1516385029635; Fri, 19 Jan 2018 10:03:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516385029; cv=none; d=google.com; s=arc-20160816; b=AXZVzT+zz2qNyCK3hDX7tMC0azIqDT4MM+fAWy778OIQzDxw68YfuFOfaK5OQwQ6op 5RxtJ5oO9pe5gt6b3szjv8vIzNtW8QeOys8CT5IJX48u5PZMArvU4VZKrAdfwWFAAcYb mCpaCv7gJp1OVSxQ3puq6J0JGkov5+MIhbuDY2WDRM7kjHMVqvrse/trFF8fWBpp8alh ocwro+LCzzci8Kh/D+0XmWagpk8L4kCt0P+pNaho59YJegd3/nEdKJX2nnlx2jCL1FWc DF9qZMnBiAGghjYZeZVydeI4pTc2lePBrsbbEWMk5oNGmxkvI/ZmaO1l4FbzISbQTcIo rh2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Ldj7Yj2Se+E7iTbvEZ+jZUO9yStygoa9LP7E0wX+lTY=; b=eGbj4HVBw7Aaquv+IZMHhEmf1/CUUuteXgff0ouHyjNLUBUjlafz3xXIaefvPkwhIO hK84ykJMbjwXw0gkZ0LFMLNozRgBY/JzG3jn8f+pYAcyhiK8gkNIJbM42v2/iiosqce0 EyTOqChThA6IigBU2Y5cMZZP0aOhYnOoviqcpQPsNZ6Ehr1KNCVNtYWjQteGe+Dt8TYJ coj2m7RIRj2xkIUsUAAUKKnM3WJwVsTqeoDhNR10waZ4Hv6l7U/vKLhlRHM/P7s3ex6H TpFrufp5ggSq8tJDEcamfvr3xCZhVY5ouVigB8HIY8uP61kvaGnfgLxWcGco6d4yics6 WWPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=IgnGNYGL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n16-v6si997726pll.259.2018.01.19.10.03.35; Fri, 19 Jan 2018 10:03:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=IgnGNYGL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756168AbeASSC7 (ORCPT + 99 others); Fri, 19 Jan 2018 13:02:59 -0500 Received: from mail-qt0-f196.google.com ([209.85.216.196]:44555 "EHLO mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755949AbeASSCz (ORCPT ); Fri, 19 Jan 2018 13:02:55 -0500 Received: by mail-qt0-f196.google.com with SMTP id l20so4530702qtj.11; Fri, 19 Jan 2018 10:02:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ldj7Yj2Se+E7iTbvEZ+jZUO9yStygoa9LP7E0wX+lTY=; b=IgnGNYGLvZL8yOGJcl8lTSnV8dOv07MNEfC0yflASnjDgSbRbDOEz/rY1d2AY9sCXF 2WHtdU1uzOhuFYxyZLVwzHacONi4xDFr+a6RfGG8G5JvJFkcWu5Zq1o/qUE+y+EkpvGS x1qgTGWm20iHH2jNK6z5jwsta2Kanmb0M17FcfEsBix7sHozL2OiPqaVb3kloPupx5ev 86aa7K5b5COE3Ngayq5oQORkMUVVHaUW1E/bH0dHoj9N1eoqU6SmjEzhljcxPIg2cKQW jcKwv+3gNkOKGZluNWj2NwySuUIFzaLcVDCKPusODBBL4XdXCWBRaKZU9k6S+mC42Rf0 9LTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ldj7Yj2Se+E7iTbvEZ+jZUO9yStygoa9LP7E0wX+lTY=; b=pmgoTJyrW1ycb3cToGLCI8Fv0DqLxiLaprFzdyoDKQInWyQGoMjx9K4IX3ZzrFFf6j 3Ef34eBGZEVFQyh02Sy1MQdDeOz3DI4D+LyF+ZF8z97r2FS6RuaKdQp/FjdgS98ujCOd JpCx94IhcAbXLIu4XovwcM+00oULPGdVXpa6QzW5Wutdvt53+msSdeANFm191IVhWK/K WjWo/XdTElAlDlKtYSl95ZT6IyoJFCM02uONaGv2iiqfWsQhERr8AvCS5K9ivs8aMdyn LhjDBxGkyQvLeOwamhlaMuTxoL/CicTeYxQ+M3XTPfvZ1S0cTiWJs8o2/vrs8fImJL4O NmNw== X-Gm-Message-State: AKwxytc4Mqsbs8XGZRg8Q9e5Xua/yWTEYXNhxo5XZ9E47aEts/PkyKfa 9IXXyphc1bBacuVX7W8AxLd0QaJtbW7Cz7WPH/w= X-Received: by 10.237.33.1 with SMTP id 1mr9811737qtc.106.1516384974769; Fri, 19 Jan 2018 10:02:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.36.203 with HTTP; Fri, 19 Jan 2018 10:02:54 -0800 (PST) In-Reply-To: <20180119171900.GO1422@alphalink.fr> References: <001a1149c712d56ccc055cc48e37@google.com> <001a113f6a6aea72c00562d65d39@google.com> <20180119171900.GO1422@alphalink.fr> From: Xin Long Date: Sat, 20 Jan 2018 02:02:54 +0800 Message-ID: Subject: Re: kernel BUG at net/core/skbuff.c:LINE! (2) To: Guillaume Nault Cc: syzbot , davem , Eric Dumazet , kuznet , LKML , linux-sctp@vger.kernel.org, network dev , Neil Horman , syzkaller-bugs@googlegroups.com, Vlad Yasevich , =?UTF-8?Q?Am=C3=A9rico_Wang?= , yoshfuji Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 20, 2018 at 1:19 AM, Guillaume Nault wrote: > On Tue, Jan 16, 2018 at 04:21:40PM +0800, Xin Long wrote: >> ipv4 tunnels don't really set dev->hard_header_len properly, >> we may should fix it in pppoe by using needed_headroom, >> as what it doesn't in arp_create. >> > I'm a bit in doubt about which device needs to be fixed. Should ip_gre > set ->hard_header_len? Or should pppoe take ->needed_headroom into > account in skb_reserve()? I'd favor the later option too, but I haven't > figured out the semantic of these fields precisely enough to justify > this choice. That's also why I haven't posted the patch yet. (Sorry, I almost forgot this mail.) > >> @@ -860,16 +861,16 @@ static int pppoe_sendmsg(struct socket *sock, >> struct msghdr *m, >> if (total_len > (dev->mtu + dev->hard_header_len)) >> goto end; >> >> + rlen = LL_RESERVED_SPACE(dev) + dev->needed_tailroom; >> >> - skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32, >> - 0, GFP_KERNEL); >> + skb = sock_wmalloc(sk, total_len + rlen + 32, 0, GFP_KERNEL); >> if (!skb) { >> error = -ENOMEM; >> goto end; >> } >> >> /* Reserve space for headers. */ >> - skb_reserve(skb, dev->hard_header_len); >> + skb_reserve(skb, rlen); > Any reason why you include dev->needed_tailroom in skb_reserve()? > BTW, we also have to fix __pppoe_xmit. I noticed them right after I replied, and was about to correct when submitting and after figuring out the difference between hard_header_len and needed_headroom. it's good if you wish to do this with the following patch :-) > > What about this patch? > > > ---- >8 ---- > diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c > index 4e1da1645b15..42518af53332 100644 > --- a/drivers/net/ppp/pppoe.c > +++ b/drivers/net/ppp/pppoe.c > @@ -842,6 +842,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, > struct pppoe_hdr *ph; > struct net_device *dev; > char *start; > + int hlen; > > lock_sock(sk); > if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) { > @@ -860,16 +861,16 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, > if (total_len > (dev->mtu + dev->hard_header_len)) > goto end; > > - > - skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32, > - 0, GFP_KERNEL); > + hlen = LL_RESERVED_SPACE(dev); > + skb = sock_wmalloc(sk, hlen + sizeof(struct pppoe_hdr) + total_len + > + dev->needed_tailroom, 0, GFP_KERNEL); > if (!skb) { > error = -ENOMEM; > goto end; > } > > /* Reserve space for headers. */ > - skb_reserve(skb, dev->hard_header_len); > + skb_reserve(skb, hlen); > skb_reset_network_header(skb); > > skb->dev = dev; > @@ -930,7 +931,7 @@ static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb) > /* Copy the data if there is no space for the header or if it's > * read-only. > */ > - if (skb_cow_head(skb, sizeof(*ph) + dev->hard_header_len)) > + if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph))) > goto abort; > > __skb_push(skb, sizeof(*ph));