Patchwork usbnet: fix oops in usbnet_start_xmit

login
register
mail settings
Submitter Konstantin Khlebnikov
Date Nov. 6, 2011, 7:33 p.m.
Message ID <20111106183337.5379.4356.stgit@zurg>
Download mbox | patch
Permalink /patch/123954/
State Superseded
Delegated to: David Miller
Headers show

Comments

Konstantin Khlebnikov - Nov. 6, 2011, 7:33 p.m.
This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
SKB can be NULL at this point, at least for cdc-ncm.
Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
---
 drivers/net/usb/usbnet.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Michael Riesch - Nov. 7, 2011, 1:29 p.m.
On Sun, 2011-11-06 at 22:33 +0300, Konstantin Khlebnikov wrote:
> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> SKB can be NULL at this point, at least for cdc-ncm.

OK, I didn't think of that, but...

> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

... the reason I put the skb_tx_timestamp() call before the tx_fixup is
that these hacks often perform skb_push/skb_pull or any other kind of
framing. This may result (at least in the case of the asix drivers) in
perfectly correct PTP packets being not recognized as such by the packet
filter.

Can we do a check like this:
	if(skb) skb_tx_timestamp()
	tx_fixup()
?

Regards, Michael


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Richard Cochran - Nov. 7, 2011, 1:33 p.m.
On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> SKB can be NULL at this point, at least for cdc-ncm.

What? You mean .ndo_start_xmit is called with skb NULL?

> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.

No, that won't work.

That call is before the fixup on purpose, because some fixups add
padding in front of the Ethernet payload, and this will spoil the PTP
packet detection filter.

I don't know why the skb can be NULL here. If that is really the case,
then the correct fix is:

	if (skb)
		skb_tx_timestamp(skb);

Thanks,
Richard


> 
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
> ---
>  drivers/net/usb/usbnet.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
> index 7d60821..485be70 100644
> --- a/drivers/net/usb/usbnet.c
> +++ b/drivers/net/usb/usbnet.c
> @@ -1057,8 +1057,6 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>  	unsigned long		flags;
>  	int retval;
>  
> -	skb_tx_timestamp(skb);
> -
>  	// some devices want funky USB-level framing, for
>  	// win32 driver (usually) and/or hardware quirks
>  	if (info->tx_fixup) {
> @@ -1075,6 +1073,8 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>  	}
>  	length = skb->len;
>  
> +	skb_tx_timestamp(skb);
> +
>  	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
>  		netif_dbg(dev, tx_err, dev->net, "no urb\n");
>  		goto drop;
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Konstantin Khlebnikov - Nov. 7, 2011, 2:05 p.m.
Richard Cochran wrote:
> On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
>> This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
>> SKB can be NULL at this point, at least for cdc-ncm.
>
> What? You mean .ndo_start_xmit is called with skb NULL?

no. cdc_ncm call usbnet_start_xmit with NULL skb from timer handler
and tx_fixup hook pickup skb from internal context. yeah, it really messy.

>
>> Let's call skb_tx_timestamp() after driver specific tx-fixup hacks.
>
> No, that won't work.
>
> That call is before the fixup on purpose, because some fixups add
> padding in front of the Ethernet payload, and this will spoil the PTP
> packet detection filter.
>
> I don't know why the skb can be NULL here. If that is really the case,
> then the correct fix is:
>
> 	if (skb)
> 		skb_tx_timestamp(skb);
>
> Thanks,
> Richard
>
>
>>
>> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
>> ---
>>   drivers/net/usb/usbnet.c |    4 ++--
>>   1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
>> index 7d60821..485be70 100644
>> --- a/drivers/net/usb/usbnet.c
>> +++ b/drivers/net/usb/usbnet.c
>> @@ -1057,8 +1057,6 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>>   	unsigned long		flags;
>>   	int retval;
>>
>> -	skb_tx_timestamp(skb);
>> -
>>   	// some devices want funky USB-level framing, for
>>   	// win32 driver (usually) and/or hardware quirks
>>   	if (info->tx_fixup) {
>> @@ -1075,6 +1073,8 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
>>   	}
>>   	length = skb->len;
>>
>> +	skb_tx_timestamp(skb);
>> +
>>   	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
>>   		netif_dbg(dev, tx_err, dev->net, "no urb\n");
>>   		goto drop;
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Richard Cochran - Nov. 7, 2011, 2:42 p.m.
On Mon, Nov 07, 2011 at 06:05:22PM +0400, Konstantin Khlebnikov wrote:
> Richard Cochran wrote:
> >On Sun, Nov 06, 2011 at 10:33:37PM +0300, Konstantin Khlebnikov wrote:
> >>This patch fixes the bug added in commit v3.1-rc7-1055-gf9b491e
> >>SKB can be NULL at this point, at least for cdc-ncm.
> >
> >What? You mean .ndo_start_xmit is called with skb NULL?
> 
> no. cdc_ncm call usbnet_start_xmit with NULL skb from timer handler
> and tx_fixup hook pickup skb from internal context. yeah, it really messy.

You said it.

Can you please submit the fix suggested by Michael and myself?

Thanks,
Richard
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 7d60821..485be70 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1057,8 +1057,6 @@  netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
 	unsigned long		flags;
 	int retval;
 
-	skb_tx_timestamp(skb);
-
 	// some devices want funky USB-level framing, for
 	// win32 driver (usually) and/or hardware quirks
 	if (info->tx_fixup) {
@@ -1075,6 +1073,8 @@  netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
 	}
 	length = skb->len;
 
+	skb_tx_timestamp(skb);
+
 	if (!(urb = usb_alloc_urb (0, GFP_ATOMIC))) {
 		netif_dbg(dev, tx_err, dev->net, "no urb\n");
 		goto drop;