Message ID | CAJFSNy4ar_=QP-zYi_AmEZ_70JOgOiqELBdWWQ=AZy=2Faxf5Q@mail.gmail.com |
---|---|
State | RFC, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, 2015-10-29 at 04:19 +0900, Nikolay Borisov wrote: > > > Could you please comment whether it looks viable so that I can resend > as a proper fix? Also the interesting question is what kind of packets > could trigger this warn_on_once? In both traces ovs_packet_cmd_execute > is present so I suspect it might be possible that somehow openvswitch is > injecting wrong packets which make the kernel crash. Bug is the packet producer, not in try_to_coalesce() This issue comes up on netdev from times to times... The WARN_ON() in try_to_coalesce() is an attempt to detect a producer made a lie about truesize, leading to OOM in case of abuses. Do not paper over the bug, find the root cause and fix it, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index fab4599ba8b2..d0ac294f412a 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4156,6 +4156,8 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff * from, return false; delta = from->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff)); + if (WARN_ON_ONCE(delta < len) + return false; page = virt_to_head_page(from->head);