Message ID | 1359739301-14044-1-git-send-email-phil.sutter@viprinet.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On 02/01/2013 06:21 PM, Phil Sutter wrote: > When releasing a packet socket, the routine packet_set_ring() is reused > to free rings instead of allocating them. But when calling it for the > first time, it fills req->tp_block_nr with the value of rb->pg_vec_len > which in the second invocation makes it bail out since req->tp_block_nr > is greater zero but req->tp_block_size is zero. > > This patch solves the problem by passing a zeroed auto-variable to > packet_set_ring() upon each invocation from packet_release(). > > As far as I can tell, this issue exists even since 69e3c75 (net: TX_RING > and packet mmap), i.e. the original inclusion of TX ring support into > af_packet, but applies only to sockets with both RX and TX ring > allocated, which is probably why this was unnoticed all the time. > > Signed-off-by: Phil Sutter <phil.sutter@viprinet.com> > Cc: Johann Baudy <johann.baudy@gnu-log.net> > Cc: Daniel Borkmann <dborkman@redhat.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Borkmann <dborkman@redhat.com> Date: Fri, 01 Feb 2013 18:25:13 +0100 > On 02/01/2013 06:21 PM, Phil Sutter wrote: >> When releasing a packet socket, the routine packet_set_ring() is >> reused >> to free rings instead of allocating them. But when calling it for the >> first time, it fills req->tp_block_nr with the value of rb->pg_vec_len >> which in the second invocation makes it bail out since >> req->tp_block_nr >> is greater zero but req->tp_block_size is zero. >> >> This patch solves the problem by passing a zeroed auto-variable to >> packet_set_ring() upon each invocation from packet_release(). >> >> As far as I can tell, this issue exists even since 69e3c75 (net: >> TX_RING >> and packet mmap), i.e. the original inclusion of TX ring support into >> af_packet, but applies only to sockets with both RX and TX ring >> allocated, which is probably why this was unnoticed all the time. >> >> Signed-off-by: Phil Sutter <phil.sutter@viprinet.com> >> Cc: Johann Baudy <johann.baudy@gnu-log.net> >> Cc: Daniel Borkmann <dborkman@redhat.com> > > Acked-by: Daniel Borkmann <dborkman@redhat.com> Applied and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index a91fd0b..07c9483 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2364,13 +2364,15 @@ static int packet_release(struct socket *sock) packet_flush_mclist(sk); - memset(&req_u, 0, sizeof(req_u)); - - if (po->rx_ring.pg_vec) + if (po->rx_ring.pg_vec) { + memset(&req_u, 0, sizeof(req_u)); packet_set_ring(sk, &req_u, 1, 0); + } - if (po->tx_ring.pg_vec) + if (po->tx_ring.pg_vec) { + memset(&req_u, 0, sizeof(req_u)); packet_set_ring(sk, &req_u, 1, 1); + } fanout_release(sk);
When releasing a packet socket, the routine packet_set_ring() is reused to free rings instead of allocating them. But when calling it for the first time, it fills req->tp_block_nr with the value of rb->pg_vec_len which in the second invocation makes it bail out since req->tp_block_nr is greater zero but req->tp_block_size is zero. This patch solves the problem by passing a zeroed auto-variable to packet_set_ring() upon each invocation from packet_release(). As far as I can tell, this issue exists even since 69e3c75 (net: TX_RING and packet mmap), i.e. the original inclusion of TX ring support into af_packet, but applies only to sockets with both RX and TX ring allocated, which is probably why this was unnoticed all the time. Signed-off-by: Phil Sutter <phil.sutter@viprinet.com> Cc: Johann Baudy <johann.baudy@gnu-log.net> Cc: Daniel Borkmann <dborkman@redhat.com> --- Changes since v1: - less functions - more code duplication --- net/packet/af_packet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)