Message ID | 27F9C60D11D683428E133F85D2BB4A53043E3EDFE6@dlee03.ent.ti.com |
---|---|
State | RFC, archived |
Delegated to: | David Miller |
Headers | show |
From: "Arce, Abraham" <x0066660@ti.com> Date: Tue, 25 May 2010 20:48:02 -0500 > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > index f8abf68..eb81f76 100644 > --- a/net/core/skbuff.c > +++ b/net/core/skbuff.c > @@ -334,7 +334,7 @@ static void skb_release_data(struct sk_buff *skb) > if (!skb->cloned || > !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, > &skb_shinfo(skb)->dataref)) { > - if (skb_shinfo(skb)->nr_frags) { > + if (skb_shinfo(skb)->nr_frags && skb_has_frags(skb)) { > int i; > for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) > put_page(skb_shinfo(skb)->frags[i].page); skb_shinfo(skb)->nr_frags counts the number of entries contained in the skb_shinfo(skb)->frags[] array. This has nothing to do with the frag list pointer, skb_shinfo(skb)->frag_list, which is what skb_has_frags() tests. You've got some kind of memory corruption going on and it appears to have nothing to do with the code paths you're playing with here. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Thanks David, > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > > index f8abf68..eb81f76 100644 > > --- a/net/core/skbuff.c > > +++ b/net/core/skbuff.c > > @@ -334,7 +334,7 @@ static void skb_release_data(struct sk_buff *skb) > > if (!skb->cloned || > > !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, > > &skb_shinfo(skb)->dataref)) { > > - if (skb_shinfo(skb)->nr_frags) { > > + if (skb_shinfo(skb)->nr_frags && skb_has_frags(skb)) { > > int i; > > for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) > > put_page(skb_shinfo(skb)->frags[i].page); > > skb_shinfo(skb)->nr_frags counts the number of entries contained > in the skb_shinfo(skb)->frags[] array. > > This has nothing to do with the frag list pointer, > skb_shinfo(skb)->frag_list, which is what skb_has_frags() > tests. > > You've got some kind of memory corruption going on and it > appears to have nothing to do with the code paths you're > playing with here. Do you have any recommendation on debugging technique/tool for this memory corruption issue? Best Regards Abraham -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le mardi 25 mai 2010 à 21:02 -0500, Arce, Abraham a écrit : > Thanks David, > > > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > > > index f8abf68..eb81f76 100644 > > > --- a/net/core/skbuff.c > > > +++ b/net/core/skbuff.c > > > @@ -334,7 +334,7 @@ static void skb_release_data(struct sk_buff *skb) > > > if (!skb->cloned || > > > !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, > > > &skb_shinfo(skb)->dataref)) { > > > - if (skb_shinfo(skb)->nr_frags) { > > > + if (skb_shinfo(skb)->nr_frags && skb_has_frags(skb)) { > > > int i; > > > for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) > > > put_page(skb_shinfo(skb)->frags[i].page); > > > > skb_shinfo(skb)->nr_frags counts the number of entries contained > > in the skb_shinfo(skb)->frags[] array. > > > > This has nothing to do with the frag list pointer, > > skb_shinfo(skb)->frag_list, which is what skb_has_frags() > > tests. > > > > You've got some kind of memory corruption going on and it > > appears to have nothing to do with the code paths you're > > playing with here. > > Do you have any recommendation on debugging technique/tool for this memory corruption issue? > > Best Regards > Abraham > -- It seems quite strange. You have a skb->nr_frags > 0 value, but a frags[i].page = 0 value You might add following function : shinfo_check(struct sk_buff *skb) { struct skb_shared_info *shinfo = skb_shinfo(skb); int i; WARN_ON(shinfo->nr_frags >= MAX_SKB_FRAGS); for (i = 0; i < shinfo->nr_frags; i++) WARN_ON(!shinfo->frags[i].page); } And call it from various points, to check who corrupts your skb. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index f8abf68..eb81f76 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -334,7 +334,7 @@ static void skb_release_data(struct sk_buff *skb) if (!skb->cloned || !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, &skb_shinfo(skb)->dataref)) { - if (skb_shinfo(skb)->nr_frags) { + if (skb_shinfo(skb)->nr_frags && skb_has_frags(skb)) { int i; for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) put_page(skb_shinfo(skb)->frags[i].page);