[Click] 2.6 update - Bug + Fix

Beyers Cronje bcronje at gmail.com
Wed Jun 28 01:37:14 EDT 2006 

Hi Eddie,

I found the bug I reported earlier on the new etc/linux-2.6.16.13-patch you
posted below. The problem is that skb_recycle does a atomic_sub_return on
the skb dataref if the skb is cloned. If the skb data-reference is more than
1, ie shared by another skb and the recycling condition fails, skb_recycle
calls  kfree_skbmem, which in turns  calls skb_release_data which does
another atomic_sub_return on the dataref of the skb. This double subtraction
on dataref on the same skb will obviously cause skb_release_data to
prematurely free the packet data.

The attached patch fixes this by first checking using atomic_read on
dataref, and only calls atomic_sub after we know we can recycle the skb.

I'm not sure what performance impact the additional atomic operation will
have.

Cheers

Beyers Cronje

         if (skb->fclone == SKB_FCLONE_UNAVAILABLE
             && (!skb->cloned ||
-            !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 :
1,
-                       &skb_shinfo(skb)->dataref))) {
+            !(atomic_read(&skb_shinfo(skb)->dataref) - skb->nohdr ? (1 <<
SKB_DATAREF_SHIFT) + 1 : 1))) {
+            if (skb->cloned)
+                atomic_sub(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 :
1,&skb_shinfo(skb)->dataref);
             if (skb_shinfo(skb)->nr_frags) {
                 int i;
                 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)



On 6/23/06, Eddie Kohler <kohler at cs.ucla.edu> wrote:
>
> Hi all,
>
> A brief update on Linux 2.6 kernel module support.  We've just checked in
> a
> fix that plugs a large memory leak of sk_buffs.  You will need to re-patch
> your kernels with the current etc/linux-2.6.16.13-patch.  FYI.
>
> Eddie
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: skbuff.c.patch
Type: text/x-patch
Size: 650 bytes
Desc: not available
Url : https://amsterdam.lcs.mit.edu/pipermail/click/attachments/20060628/1621189e/skbuff.c.bin

More information about the click mailing list