linux-toradex.git/net/bridge/br_forward.c, branch v2.6.30.6 Linux kernel for Apalis and Colibri modules bridge: Fix LRO crash with tun 2009-02-09T23:07:18+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-02-09T23:07:18+00:00 4906f9985e310fc01f956256b0d58ac28b0dcb19 > Kernel BUG at drivers/net/tun.c:444 > invalid opcode: 0000 [1] SMP > last sysfs file: /class/net/lo/ifindex > CPU 0 > Modules linked in: tun ipt_MASQUERADE iptable_nat ip_nat xt_state ip_conntrack > nfnetlink ipt_REJECT xt_tcpudp iptable_filter d > Pid: 6912, comm: qemu-kvm Tainted: G 2.6.18-128.el5 #1 > RIP: 0010:[<ffffffff886f57b0>] [<ffffffff886f57b0>] > :tun:tun_chr_readv+0x2b1/0x3a6 > RSP: 0018:ffff8102202c5e48 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: ffff8102202c5e98 RCX: 0000000004010000 > RDX: ffff810227063680 RSI: ffff8102202c5e9e RDI: ffff8102202c5e92 > RBP: 0000000000010ff6 R08: 0000000000000000 R09: 0000000000000001 > R10: ffff8102202c5e94 R11: 0000000000000202 R12: ffff8102275357c0 > R13: ffff81022755e500 R14: 0000000000000000 R15: ffff8102202c5ef8 > FS: 00002ae4398db980(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: 00002ae4ab514000 CR3: 0000000221344000 CR4: 00000000000026e0 > Process qemu-kvm (pid: 6912, threadinfo ffff8102202c4000, task > ffff81022e58d820) > Stack: 00000000498735cb ffff810229d1a3c0 0000000000000000 ffff81022e58d820 > ffffffff8008a461 ffff81022755e528 ffff81022755e528 ffffffff8009f925 > 000005ea05ea0000 ffff8102209d0000 00001051143e1600 ffffffff8003c00e > Call Trace: > [<ffffffff8008a461>] default_wake_function+0x0/0xe > [<ffffffff8009f925>] enqueue_hrtimer+0x55/0x70 > [<ffffffff8003c00e>] hrtimer_start+0xbc/0xce > [<ffffffff886f58bf>] :tun:tun_chr_read+0x1a/0x1f > [<ffffffff8000b3f3>] vfs_read+0xcb/0x171 > [<ffffffff800117d4>] sys_read+0x45/0x6e > [<ffffffff8005d116>] system_call+0x7e/0x83 > > > Code: 0f 0b 68 40 62 6f 88 c2 bc 01 f6 42 0a 08 74 0c 80 4c 24 41 > RIP [<ffffffff886f57b0>] :tun:tun_chr_readv+0x2b1/0x3a6 > RSP <ffff8102202c5e48> > <0>Kernel panic - not syncing: Fatal exception This crashed when an LRO packet generated by bnx2x reached a tun device through the bridge. We're supposed to drop it at the bridge. However, because the check was placed in br_forward instead of __br_forward, it's only effective if we are sending the packet through a single port. This patch fixes it by moving the check into __br_forward. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
> Kernel BUG at drivers/net/tun.c:444
> invalid opcode: 0000 [1] SMP
> last sysfs file: /class/net/lo/ifindex
> CPU 0
> Modules linked in: tun ipt_MASQUERADE iptable_nat ip_nat xt_state ip_conntrack
> nfnetlink ipt_REJECT xt_tcpudp iptable_filter d
> Pid: 6912, comm: qemu-kvm Tainted: G      2.6.18-128.el5 #1
> RIP: 0010:[<ffffffff886f57b0>]  [<ffffffff886f57b0>]
> :tun:tun_chr_readv+0x2b1/0x3a6
> RSP: 0018:ffff8102202c5e48  EFLAGS: 00010246
> RAX: 0000000000000000 RBX: ffff8102202c5e98 RCX: 0000000004010000
> RDX: ffff810227063680 RSI: ffff8102202c5e9e RDI: ffff8102202c5e92
> RBP: 0000000000010ff6 R08: 0000000000000000 R09: 0000000000000001
> R10: ffff8102202c5e94 R11: 0000000000000202 R12: ffff8102275357c0
> R13: ffff81022755e500 R14: 0000000000000000 R15: ffff8102202c5ef8
> FS:  00002ae4398db980(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00002ae4ab514000 CR3: 0000000221344000 CR4: 00000000000026e0
> Process qemu-kvm (pid: 6912, threadinfo ffff8102202c4000, task
> ffff81022e58d820)
> Stack:  00000000498735cb ffff810229d1a3c0 0000000000000000 ffff81022e58d820
>  ffffffff8008a461 ffff81022755e528 ffff81022755e528 ffffffff8009f925
>  000005ea05ea0000 ffff8102209d0000 00001051143e1600 ffffffff8003c00e
> Call Trace:
>  [<ffffffff8008a461>] default_wake_function+0x0/0xe
>  [<ffffffff8009f925>] enqueue_hrtimer+0x55/0x70
>  [<ffffffff8003c00e>] hrtimer_start+0xbc/0xce
>  [<ffffffff886f58bf>] :tun:tun_chr_read+0x1a/0x1f
>  [<ffffffff8000b3f3>] vfs_read+0xcb/0x171
>  [<ffffffff800117d4>] sys_read+0x45/0x6e
>  [<ffffffff8005d116>] system_call+0x7e/0x83
>
>
> Code: 0f 0b 68 40 62 6f 88 c2 bc 01 f6 42 0a 08 74 0c 80 4c 24 41
> RIP  [<ffffffff886f57b0>] :tun:tun_chr_readv+0x2b1/0x3a6
>  RSP <ffff8102202c5e48>
>  <0>Kernel panic - not syncing: Fatal exception

This crashed when an LRO packet generated by bnx2x reached a
tun device through the bridge.  We're supposed to drop it at
the bridge.  However, because the check was placed in br_forward
instead of __br_forward, it's only effective if we are sending
the packet through a single port.

This patch fixes it by moving the check into __br_forward.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Discard and warn about LRO'd skbs received for forwarding 2008-06-19T23:22:28+00:00 Ben Hutchings bhutchings@solarflare.com 2008-06-19T23:22:28+00:00 4497b0763cb1afae463f5e144c28b5d806e28b60 Add skb_warn_if_lro() to test whether an skb was received with LRO and warn if so. Change br_forward(), ip_forward() and ip6_forward() to call it) and discard the skb if it returns true. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add skb_warn_if_lro() to test whether an skb was received with LRO and
warn if so.

Change br_forward(), ip_forward() and ip6_forward() to call it) and
discard the skb if it returns true.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: remove CVS keywords 2008-06-12T04:00:38+00:00 Adrian Bunk bunk@kernel.org 2008-06-11T05:46:50+00:00 0b040829952d84bf2a62526f0e24b624e0699447 This patch removes CVS keywords that weren't updated for a long time from comments. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch removes CVS keywords that weren't updated for a long time
from comments.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: Use on-device stats instead of private ones. 2008-05-21T21:13:47+00:00 Pavel Emelyanov xemul@openvz.org 2008-05-21T21:13:47+00:00 a339f1c881fdb8092ef9b118610307e10e885fc8 Even though bridges require 6 fields from struct net_device_stats, the on-device stats are always there, so we may just use them. The br_dev_get_stats is no longer required after this. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Even though bridges require 6 fields from struct net_device_stats,
the on-device stats are always there, so we may just use them.

The br_dev_get_stats is no longer required after this.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[BRIDGE]: Kill clone argument to br_flood_* 2007-09-16T23:20:48+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-09-16T23:20:48+00:00 e081e1e3ef4682802ac63b1e5e26158fb9ca9e90 The clone argument is only used by one caller and that caller can clone the packet itself. This patch moves the clone call into the caller and kills the clone argument. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
The clone argument is only used by one caller and that caller can clone
the packet itself.  This patch moves the clone call into the caller and
kills the clone argument.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Allow forwarding of ip_summed except CHECKSUM_COMPLETE 2007-04-26T05:28:16+00:00 Herbert Xu herbert@gondor.apana.org.au 2007-03-27T06:22:20+00:00 35fc92a9deee0da6e35fdc3150bb134e58f2fd63 Right now Xen has a horrible hack that lets it forward packets with partial checksums. One of the reasons that CHECKSUM_PARTIAL and CHECKSUM_COMPLETE were added is so that we can get rid of this hack (where it creates two extra bits in the skbuff to essentially mirror ip_summed without being destroyed by the forwarding code). I had forgotten that I've already gone through all the deivce drivers last time around to make sure that they're looking at ip_summed == CHECKSUM_PARTIAL rather than ip_summed != 0 on transmit. In any case, I've now done that again so it should definitely be safe. Unfortunately nobody has yet added any code to update CHECKSUM_COMPLETE values on forward so we I'm setting that to CHECKSUM_NONE. This should be safe to remove for bridging but I'd like to check that code path first. So here is the patch that lets us get rid of the hack by preserving ip_summed (mostly) on forwarded packets. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
Right now Xen has a horrible hack that lets it forward packets with
partial checksums.  One of the reasons that CHECKSUM_PARTIAL and
CHECKSUM_COMPLETE were added is so that we can get rid of this hack
(where it creates two extra bits in the skbuff to essentially mirror
ip_summed without being destroyed by the forwarding code).

I had forgotten that I've already gone through all the deivce drivers
last time around to make sure that they're looking at ip_summed ==
CHECKSUM_PARTIAL rather than ip_summed != 0 on transmit.  In any case,
I've now done that again so it should definitely be safe.

Unfortunately nobody has yet added any code to update CHECKSUM_COMPLETE
values on forward so we I'm setting that to CHECKSUM_NONE.  This should
be safe to remove for bridging but I'd like to check that code path
first.

So here is the patch that lets us get rid of the hack by preserving
ip_summed (mostly) on forwarded packets.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET] BRIDGE: Fix whitespace errors. 2007-02-11T07:19:23+00:00 YOSHIFUJI Hideaki yoshfuji@linux-ipv6.org 2007-02-09T14:24:35+00:00 9d6f229fc45b6ac268020c0c8eff29e94bb34381 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER] bridge: code rearrangement for clarity 2006-09-22T22:18:30+00:00 Stephen Hemminger shemminger@osdl.org 2006-08-30T00:48:17+00:00 07317621d004e8e6967f2dac8562825267e56135 Cleanup and rearrangement for better style and clarity: Split the function nf_bridge_maybe_copy_header into two pieces Move copy portion out of line. Use Ethernet header size macros. Use header file to handle CONFIG_NETFILTER_BRIDGE differences Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Cleanup and rearrangement for better style and clarity:
	Split the function nf_bridge_maybe_copy_header into two pieces
	Move copy portion out of line.
	Use Ethernet header size macros.
	Use header file to handle CONFIG_NETFILTER_BRIDGE differences

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[BRIDGE] netfilter: memory corruption fix 2006-08-27T03:28:30+00:00 Stephen Hemminger shemminger@osdl.org 2006-08-27T03:28:30+00:00 3a13813e6effcfad5910d47b15b724621b50b878 The bridge-netfilter code will overwrite memory if there is not headroom in the skb to save the header. This first showed up when using Xen with sky2 driver that doesn't allocate the extra space. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
The bridge-netfilter code will overwrite memory if there is not
headroom in the skb to save the header.  This first showed up when
using Xen with sky2 driver that doesn't allocate the extra space.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NET] gso: Add skb_is_gso 2006-07-08T20:34:32+00:00 Herbert Xu herbert@gondor.apana.org.au 2006-07-08T20:34:32+00:00 89114afd435a486deb8583e89f490fc274444d18 This patch adds the wrapper function skb_is_gso which can be used instead of directly testing skb_shinfo(skb)->gso_size. This makes things a little nicer and allows us to change the primary key for indicating whether an skb is GSO (if we ever want to do that). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch adds the wrapper function skb_is_gso which can be used instead
of directly testing skb_shinfo(skb)->gso_size.  This makes things a little
nicer and allows us to change the primary key for indicating whether an skb
is GSO (if we ever want to do that).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>