Ack: [natty/oneiric][SRU][PATCH] bug #905219 - Linux Kernel crash in Netfilter

Seth Forshee seth.forshee at canonical.com
Wed Jun 27 18:24:30 UTC 2012 

On Wed, Jun 27, 2012 at 11:55:28AM -0500, Chris J Arges wrote:
> BugLink: https://bugs.launchpad.net/bugs/905219
> 
> == Natty/Oneiric SRU Justification ==
> 
>     Impact: When running KVM with a few VM's with physical eth bridges
> and TAP interfaces connected between KVM (via libvirt) and the bridge,
> occasionally kernel panics will occur.
> 
> == Fix ==
> 
> Cherry-pick from a504b86e718a425ea4a34e2f95b5cf0545ddfd8d. This is
> present in Precise onwards. This fixes an issue in netfilter/tun where
> tun's allocation is problematic and requires additional padding.
> 
> 
> == Testcase ==
> 
> See bug for reproducible testcase.
> 
> Thanks,
> --chris j arges
> 

> From 74f15d9eecd8fd4e2537b9f51e68ee89d9e411a3 Mon Sep 17 00:00:00 2001
> From: stephen hemminger <shemminger at vyatta.com>
> Date: Wed, 8 Jun 2011 14:33:07 +0000
> Subject: [PATCH 1/2] tun: reserves space for network in skb
> 
> The tun driver allocates skb's to hold data from user and then passes
> the data into the network stack as received data. Most network devices
> allocate the receive skb with routines like dev_alloc_skb() that reserves
> additional space for use by network protocol stack but tun does not.
> 
> Because of the lack of padding, when the packet is passed through bridge
> netfilter a new skb has to be allocated.
> 
> Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry picked from commit a504b86e718a425ea4a34e2f95b5cf0545ddfd8d)
> 
> BugLink: http://launchpad.net/bugs/905219
> 
> Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
> ---
>  drivers/net/tun.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index b100bd5..2bf9fb4 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -554,7 +554,7 @@ static __inline__ ssize_t tun_get_user(struct tun_struct *tun,
>  {
>  	struct tun_pi pi = { 0, cpu_to_be16(ETH_P_IP) };
>  	struct sk_buff *skb;
> -	size_t len = count, align = 0;
> +	size_t len = count, align = NET_SKB_PAD;
>  	struct virtio_net_hdr gso = { 0 };
>  	int offset = 0;
>  
> @@ -584,7 +584,7 @@ static __inline__ ssize_t tun_get_user(struct tun_struct *tun,
>  	}
>  
>  	if ((tun->flags & TUN_TYPE_MASK) == TUN_TAP_DEV) {
> -		align = NET_IP_ALIGN;
> +		align += NET_IP_ALIGN;
>  		if (unlikely(len < ETH_HLEN ||
>  			     (gso.hdr_len && gso.hdr_len < ETH_HLEN)))
>  			return -EINVAL;
> -- 
> 1.7.9.5
> 

> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list