usbnet: fix oops in usbnet_start_xmit

Submitted by Konstantin Khlebnikov on Nov. 6, 2011, 7:33 p.m.

Details

Message ID 20111106183337.5379.4356.stgit@zurg
State Superseded
Delegated to: David Miller
Headers show

Commit Message

Konstantin Khlebnikov Nov. 6, 2011, 7:33 p.m.
This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
SKB can be NULL at this point, at least for cdc-ncm.
Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
---
 drivers/net/usb/usbnet.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Michael Riesch Nov. 7, 2011, 1:29 p.m.
On Sun, 2011-11-06 at 22:33 +0300, Konstantin Khlebnikov wrote:
> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> SKB can be NULL at this point, at least for cdc-ncm.

OK, I didn't think of that, but...

> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

... the reason I put the skb_tx_timestamp() call before the tx_fixup is
that these hacks often perform skb_push/skb_pull or any other kind of
framing. This may result (at least in the case of the asix drivers) in
perfectly correct PTP packets being not recognized as such by the packet
filter.

Can we do a check like this:
	if(skb) skb_tx_timestamp()
	tx_fixup()
?

Regards, Michael


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Richard Cochran Nov. 7, 2011, 1:33 p.m.
On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> SKB can be NULL at this point, at least for cdc-ncm.

What? You mean .ndo_start_xmit is called with skb NULL?

> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

No, that won't work.

That call is before the fixup on purpose, because some fixups add
padding in front of the Ethernet payload, and this will spoil the PTP
packet detection filter.

I don't know why the skb can be NULL here. If that is really the case,
then the correct fix is:

	if (skb)
		skb_tx_timestamp(skb);

Thanks,
Richard


> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
> ---
>  drivers/net/usb/usbnet.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
> index 7d60821..485be70 100644
> --- a/drivers/net/usb/usbnet.c
> +++ b/drivers/net/usb/usbnet.c
> @@ -1057,8 +1057,6 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>  	unsigned long		flags;
>  	int retval;
>  
> -	skb_tx_timestamp(skb);
> -
>  	// some devices want funky USB-level framing, for
>  	// win32 driver (usually) and/or hardware quirks
>  	if (info->tx_fixup) {
> @@ -1075,6 +1073,8 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>  	}
>  	length = skb->len;
>  
> +	skb_tx_timestamp(skb);
> +
>  	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
>  		netif_dbg(dev, tx_err, dev->net, "no urb\n");
>  		goto drop;
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Konstantin Khlebnikov Nov. 7, 2011, 2:05 p.m.
Richard Cochran wrote:
> On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
>> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
>> SKB can be NULL at this point, at least for cdc-ncm.
>
> What? You mean .ndo_start_xmit is called with skb NULL?

no. cdc_ncm call usbnet_start_xmit with NULL skb from timer handler
and tx_fixup hook pickup skb from internal context. yeah, it really messy.

>
>> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.
>
> No, that won't work.
>
> That call is before the fixup on purpose, because some fixups add
> padding in front of the Ethernet payload, and this will spoil the PTP
> packet detection filter.
>
> I don't know why the skb can be NULL here. If that is really the case,
> then the correct fix is:
>
> 	if (skb)
> 		skb_tx_timestamp(skb);
>
> Thanks,
> Richard
>
>
>>
>> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
>> ---
>>   drivers/net/usb/usbnet.c |    4 ++--
>>   1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
>> index 7d60821..485be70 100644
>> --- a/drivers/net/usb/usbnet.c
>> +++ b/drivers/net/usb/usbnet.c
>> @@ -1057,8 +1057,6 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>>   	unsigned long		flags;
>>   	int retval;
>>
>> -	skb_tx_timestamp(skb);
>> -
>>   	// some devices want funky USB-level framing, for
>>   	// win32 driver (usually) and/or hardware quirks
>>   	if (info->tx_fixup) {
>> @@ -1075,6 +1073,8 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>>   	}
>>   	length = skb->len;
>>
>> +	skb_tx_timestamp(skb);
>> +
>>   	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
>>   		netif_dbg(dev, tx_err, dev->net, "no urb\n");
>>   		goto drop;
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Richard Cochran Nov. 7, 2011, 2:42 p.m.
On Mon, Nov 07, 2011 at 06:05:22PM +0400, Konstantin Khlebnikov wrote:
> Richard Cochran wrote:
> >On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
> >>This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> >>SKB can be NULL at this point, at least for cdc-ncm.
> >
> >What? You mean .ndo_start_xmit is called with skb NULL?
> 
> no. cdc_ncm call usbnet_start_xmit with NULL skb from timer handler
> and tx_fixup hook pickup skb from internal context. yeah, it really messy.

You said it.

Can you please submit the fix suggested by Michael and myself?

Thanks,
Richard
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch hide | download patch | download mbox

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 7d60821..485be70 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1057,8 +1057,6 @@  netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
 	unsigned long		flags;
 	int retval;
 
-	skb_tx_timestamp(skb);
-
 	// some devices want funky USB-level framing, for
 	// win32 driver (usually) and/or hardware quirks
 	if (info->tx_fixup) {
@@ -1075,6 +1073,8 @@  netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
 	}
 	length = skb->len;
 
+	skb_tx_timestamp(skb);
+
 	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
 		netif_dbg(dev, tx_err, dev->net, "no urb\n");
 		goto drop;