Re: linux-image-2.6.26-1-686: SKB BUG: Invalid truesize

To: 498548@bugs.debian.org
Cc: debian-release@lists.debian.org
Subject: Re: linux-image-2.6.26-1-686: SKB BUG: Invalid truesize
From: Reinhard Tartler <siretart@tauware.de>
Date: Thu, 26 Mar 2009 11:31:06 +0100
Message-id: <87bproa845.fsf@faui44a.informatik.uni-erlangen.de>
In-reply-to: <20080911013043.14604.37346.reportbug@chronos.ar.most> (Emiliano Castagnari's message of "Wed, 10 Sep 2008 21:30:43 -0400")
References: <20080911013043.14604.37346.reportbug@chronos.ar.most>

tags 498548@bugs.debian.org
stop

Emiliano Castagnari <ecastag@gmail.com> writes:

> I am getting this kernel messages at least 9 times per second. 

This patch should fix the issue:

http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=review-2.6.27/net-kill-skb_truesize_check-it-only-catches-false-positives.patch;h=14296ae60663c4ff4bce76a3145918a7cd7d7a87;hb=HEAD


>From fdfaac1e3c05e73b6ccd416a6a8abd5ec124e557 Mon Sep 17 00:00:00 2001
From: David S. Miller <davem@davemloft.net>
Date: Wed, 25 Feb 2009 23:09:34 -0800
Subject: net: Kill skb_truesize_check(), it only catches false-positives.

From: David S. Miller <davem@davemloft.net>

[ Upstream commit 92a0acce186cde8ead56c6915d9479773673ea1a ]

A long time ago we had bugs, primarily in TCP, where we would modify
skb->truesize (for TSO queue collapsing) in ways which would corrupt
the socket memory accounting.

skb_truesize_check() was added in order to try and catch this error
more systematically.

However this debugging check has morphed into a Frankenstein of sorts
and these days it does nothing other than catch false-positives.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 include/linux/skbuff.h |    9 ---------
 include/net/sock.h     |    1 -
 net/core/skbuff.c      |    8 --------
 net/core/sock.c        |    1 -
 4 files changed, 19 deletions(-)

--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -395,15 +395,6 @@ extern void	      skb_over_panic(struct 
 				     void *here);
 extern void	      skb_under_panic(struct sk_buff *skb, int len,
 				      void *here);
-extern void	      skb_truesize_bug(struct sk_buff *skb);
-
-static inline void skb_truesize_check(struct sk_buff *skb)
-{
-	int len = sizeof(struct sk_buff) + skb->len;
-
-	if (unlikely((int)skb->truesize < len))
-		skb_truesize_bug(skb);
-}
 
 extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
 			int getfrag(void *from, char *to, int offset,
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -777,7 +777,6 @@ static inline void sk_mem_uncharge(struc
 
 static inline void sk_wmem_free_skb(struct sock *sk, struct sk_buff *skb)
 {
-	skb_truesize_check(skb);
 	sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
 	sk->sk_wmem_queued -= skb->truesize;
 	sk_mem_uncharge(sk, skb->truesize);
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -143,14 +143,6 @@ void skb_under_panic(struct sk_buff *skb
 	BUG();
 }
 
-void skb_truesize_bug(struct sk_buff *skb)
-{
-	printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
-	       "len=%u, sizeof(sk_buff)=%Zd\n",
-	       skb->truesize, skb->len, sizeof(struct sk_buff));
-}
-EXPORT_SYMBOL(skb_truesize_bug);
-
 /* 	Allocate a new skbuff. We do this ourselves so we can fill in a few
  *	'private' fields and also do memory statistics to find all the
  *	[BEEP] leaks.
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1136,7 +1136,6 @@ void sock_rfree(struct sk_buff *skb)
 {
 	struct sock *sk = skb->sk;
 
-	skb_truesize_check(skb);
 	atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
 	sk_mem_uncharge(skb->sk, skb->truesize);
 }


Can we have that patch please is Debian 5.0.1?


-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Reply to:

Prev by Date: Re: preapproval for asciidoc 8.2.7-3~lenny+1
Next by Date: Re: Libass transition
Previous by thread: Re: lam out of sync in lenny
Next by thread: Please hint shibboleth-sp2 and friends into testing
Index(es):
- Date
- Thread