|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Kernel 3.7.0-pre-rc1 kernel BUG at drivers/net/xen-netback/netback.c:405 RIP: e030:[<ffffffff814714f9>] [<ffffffff814714f9>] netbk_gop_frag_copy+0x379/0x380
Monday, October 8, 2012, 10:54:21 AM, you wrote:
> On Mon, 2012-10-08 at 00:34 +0100, Konrad Rzeszutek Wilk wrote:
>> On Sat, Oct 06, 2012 at 12:20:54AM +0200, Sander Eikelenboom wrote:
>> >
>> > Friday, October 5, 2012, 9:26:31 PM, you wrote:
>> >
>> > > Sorry for top posting - on mobile.
>> >
>> > > I saw it too yesterday but only on a specific hardware - AMD FX8. What
>> > > type of CPU do you have? Does xsave=off on Xen line help?
>> >
>> > Nope the xsave=off doesn't help
>> >
>> > > Sander Eikelenboom <linux@xxxxxxxxxxxxxx> wrote:
>> >
>> > >>Hi Konrad,
>> > >>
>> > >>Just tested kernel 3.7.0-pre-rc1 but ran into a oops in netback on boot
>> > >>after starting some guests:
>> > >>
>> > >>[ 402.723915] ------------[ cut here ]------------
>> > >>[ 402.734629] kernel BUG at drivers/net/xen-netback/netback.c:405!
>>
>> Looking at the code, this is what we get:
>>
>> /* Data must not cross a page boundary. */
>> BUG_ON(size + offset > PAGE_SIZE);
>>
>> Looking at the commits, the one recently added was:
>> commit c571898ffc24a1768e1b2dabeac0fc7dd4c14601
>> Author: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx>
>> Date: Fri Sep 14 14:26:59 2012 +0000
>>
>> xen/gndev: Xen backend support for paged out grant targets V4.
>>
>>
>> But after reverting it and trying the kernel I still got the crash.
>>
>> So .. the weirdness is that this seems to be only happening on
>> certain AMD machines - for example on my AMD A8 box I did not see this.
> I took a look at this last week and can't repro.
> The code which calls this function is supposed to ensure that the buffer
> doesn't cross a page boundary.
> There are two places which call it, one is looping over the skb's frags,
> which just can't cross page boundaries and if they did it would be
> breaking left and right for everyone AFAICT (although I'm very behind on
> my LKML and netdev reading, so maybe it is ;-)).
> The other case is processing the SKB's linear data area, which can cross
> a page boundary but the code loops over it and processes it in chunks
> which fit in single pages. I was suspicious of this code so I pulled it
> out into a little userspace test harness and fed it some corner cases
> but it looked like it was doing the right thing.
> I speculated that this might be NIC rather than processor related
> (perhaps there's some weak correlation between certain NICs and certain
> processor manufacturers).
> Konrad seems to have an r8169 but the module list wasn't in Sander's
> output -- do you know what you have?
>> I fear that the next step is to do a bit off git bisection to
>> get an idea of which merge it might be. I am going to be AFK
>> on Monday so I won't get to this until Tuesday/Wednesay :-(
>>
>> .. Thought to help speed this process, this looks like a
>> candidate:
>>
>> commit 229993001282e128a49a59ec43d255614775703a
>> Merge: 7687b80 fd0f586
>> Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
>> Date: Mon Oct 1 11:13:33 2012 -0700
>>
>> Merge branch 'x86-mm-for-linus' of
>> git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
>>
>> Pull x86/mm changes from Ingo Molnar:
>> "The biggest change is new TLB partial flushing code for AMD CPUs.
>> (The v3.6 kernel had the Intel CPU side code, see commits
>> e0ba94f14f74..effee4b9b3b.)
> Would be interesting to try although I don't think anything in this area
> is actively messing with page table mappings (that happens later, and
> doesn't effect the non-data bits of the skb like the sizes and offsets).
> Perhaps this debug patch might shed some light? PG_compound or THP might
> be an interesting case?
After applying the debug patch:
[ 197.876304] netbk_gop_frag_copy failed: skb frag 0 page
[ 197.884299] copying from offset 0, len 1628
[ 197.892781] page:ffffea0000b18400 count:3 mapcount:0 mapping:
(null) index:0x0
[ 197.900778] page flags: 0x40000000004000(head)
[ 197.907074] ------------[ cut here ]------------
[ 197.913345] kernel BUG at drivers/net/xen-netback/netback.c:546!
[ 197.919626] invalid opcode: 0000 [#1] PREEMPT SMP
[ 197.921573] xen_bridge: port 10(vif10.0) entered forwarding state
[ 197.932106] Modules linked in:
[ 197.938370] CPU 0
[ 197.938420] Pid: 1180, comm: netback/0 Not tainted
3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640)
[ 197.951203] RIP: e030:[<ffffffff8147462a>] [<ffffffff8147462a>]
xen_netbk_rx_action+0x89a/0x910
[ 197.957775] RSP: e02b:ffff880037911c20 EFLAGS: 00010282
[ 197.964290] RAX: 0000000000000001 RBX: ffff880036862ee0 RCX: 0000000000000000
[ 197.970956] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8800379102b0
[ 197.977679] RBP: ffff880037911d50 R08: 0000000000000002 R09: 0000000000000000
[ 197.984361] R10: 0000000000000001 R11: ffff880039925e40 R12: 0000000000000030
[ 197.990958] R13: 0000000000000000 R14: ffff880031e71800 R15: 0000000000000001
[ 197.997459] FS: 00007fb5dfcf7700(0000) GS:ffff88003f800000(0000)
knlGS:0000000000000000
[ 198.004123] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 198.010827] CR2: 00007fb5d802d000 CR3: 0000000031fd3000 CR4: 0000000000000660
[ 198.017534] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 198.024168] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 198.030717] Process netback/0 (pid: 1180, threadinfo ffff880037910000, task
ffff88003997d190)
[ 198.037326] Stack:
[ 198.043817] ffff880037911d1c ffff88003997d840 ffff880037911d00
ffff880037911c80
[ 198.050573] ffffffff00000001 0000000000000662 ffffc90010824bb8
ffffc90010820050
[ 198.057413] 0000000001080083 ffffc90010820000 0000000000000000
ffff880031cf09c0
[ 198.064228] Call Trace:
[ 198.070887] [<ffffffff810acf3d>] ? trace_hardirqs_on+0xd/0x10
[ 198.077604] [<ffffffff8147568a>] xen_netbk_kthread+0xba/0xa90
[ 198.084394] [<ffffffff810957e6>] ? try_to_wake_up+0x1b6/0x310
[ 198.091109] [<ffffffff81086810>] ? wake_up_bit+0x40/0x40
[ 198.097726] [<ffffffff814755d0>] ? xen_netbk_tx_build_gops+0xa70/0xa70
[ 198.104343] [<ffffffff810861a6>] kthread+0xd6/0xe0
[ 198.111001] [<ffffffff8174e664>] kernel_thread_helper+0x4/0x10
[ 198.117737] [<ffffffff8174cb37>] ? retint_restore_args+0x13/0x13
[ 198.124425] [<ffffffff8174e660>] ? gs_change+0x13/0x13
[ 198.131008] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d
00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b
eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7
[ 198.145094] RIP [<ffffffff8147462a>] xen_netbk_rx_action+0x89a/0x910
[ 198.152192] RSP <ffff880037911c20>
[ 198.159344] ---[ end trace cbdd0e4e80268fa8 ]---
[ 199.703539] tty_init_dev: 2 callbacks suppressed
[ 200.712098] device vif12.0 entered promiscuous mode
[ 201.010433] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi)
[ 201.020644] xen_bridge: port 12(vif12.0) entered forwarding state
[ 201.027833] xen_bridge: port 12(vif12.0) entered forwarding state
[ 206.774576] netbk_gop_frag_copy failed: skb frag 0 page
[ 206.777945] device vif13.0 entered promiscuous mode
[ 206.788845] copying from offset 1ba4, len 2c1
[ 206.795791] page:ffffea0000b18400 count:6 mapcount:0 mapping:
(null) index:0x0
[ 206.802771] page flags: 0x40000000004000(head)
[ 206.809619] ------------[ cut here ]------------
[ 206.816498] kernel BUG at drivers/net/xen-netback/netback.c:546!
[ 206.823465] invalid opcode: 0000 [#2] PREEMPT SMP
[ 206.830354] Modules linked in:
[ 206.837176] CPU 3
[ 206.837234] Pid: 1183, comm: netback/3 Tainted: G D
3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640)
[ 206.850881] RIP: e030:[<ffffffff8147462a>] [<ffffffff8147462a>]
xen_netbk_rx_action+0x89a/0x910
[ 206.857935] RSP: e02b:ffff880037917c20 EFLAGS: 00010282
[ 206.864972] RAX: 0000000000000001 RBX: ffff880003313ae0 RCX: 0000000000000000
[ 206.872049] RDX: ffff88003997b0f0 RSI: 0000000000000001 RDI: ffff8800379102b0
[ 206.879147] RBP: ffff880037917d50 R08: 0000000000000002 R09: 0000000000000000
[ 206.886242] R10: 0000000000000001 R11: ffff880039925640 R12: 0000000000000030
[ 206.893163] R13: 0000000000000000 R14: ffff88002c7c4400 R15: 0000000000000001
[ 206.900041] FS: 00007f800341a700(0000) GS:ffff88003f8c0000(0000)
knlGS:0000000000000000
[ 206.907145] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 206.914126] CR2: 00007f8002b31fb0 CR3: 0000000001c0b000 CR4: 0000000000000660
[ 206.921181] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 206.927996] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 206.934711] Process netback/3 (pid: 1183, threadinfo ffff880037916000, task
ffff88003997b0f0)
[ 206.941494] Stack:
[ 206.948105] ffff880037917d1c ffff880037916010 ffff880037917d00
ffff880037917c80
[ 206.955062] ffffffff810800b5 00000000000000ba ffffc900108466e0
ffffc90010841b78
[ 206.962007] 0000000101080083 ffffc90010841b28 0000000100000000
ffff88002c5bb9c0
[ 206.968967] Call Trace:
[ 206.975830] [<ffffffff810800b5>] ? __alloc_workqueue_key+0x265/0x5d0
[ 206.982789] [<ffffffff810acf3d>] ? trace_hardirqs_on+0xd/0x10
[ 206.989662] [<ffffffff8147568a>] xen_netbk_kthread+0xba/0xa90
[ 206.996570] [<ffffffff810957e6>] ? try_to_wake_up+0x1b6/0x310
[ 207.003523] [<ffffffff81086810>] ? wake_up_bit+0x40/0x40
[ 207.010333] [<ffffffff814755d0>] ? xen_netbk_tx_build_gops+0xa70/0xa70
[ 207.017171] [<ffffffff810861a6>] kthread+0xd6/0xe0
[ 207.023890] [<ffffffff8174e664>] kernel_thread_helper+0x4/0x10
[ 207.030540] [<ffffffff8174cb37>] ? retint_restore_args+0x13/0x13
[ 207.037275] [<ffffffff8174e660>] ? gs_change+0x13/0x13
[ 207.043890] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d
00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b
eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7
[ 207.057976] RIP [<ffffffff8147462a>] xen_netbk_rx_action+0x89a/0x910
[ 207.065064] RSP <ffff880037917c20>
[ 207.072056] ---[ end trace cbdd0e4e80268fa9 ]---
[ 207.079366] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi)
[ 207.090256] vpn_bridge: port 1(vif13.0) entered forwarding state
[ 207.097403] vpn_bridge: port 1(vif13.0) entered forwarding state
[ 208.636257] xen_bridge: port 11(vif11.0) entered forwarding state
[ 211.515779] netbk_gop_frag_copy failed: skb frag 0 page
[ 211.522711] copying from offset 2126, len 2c1
[ 211.529403] page:ffffea0000b18400 count:8 mapcount:0 mapping:
(null) index:0x0
[ 211.536142] page flags: 0x40000000004000(head)
[ 211.542942] ------------[ cut here ]------------
[ 211.549664] kernel BUG at drivers/net/xen-netback/netback.c:546!
[ 211.556408] invalid opcode: 0000 [#3] PREEMPT SMP
[ 211.563168] Modules linked in:
[ 211.569739] CPU 4
[ 211.569789] Pid: 1184, comm: netback/4 Tainted: G D
3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640)
[ 211.583126] RIP: e030:[<ffffffff8147462a>] [<ffffffff8147462a>]
xen_netbk_rx_action+0x89a/0x910
[ 211.590041] RSP: e02b:ffff880037921c20 EFLAGS: 00010282
[ 211.596868] RAX: 0000000000000001 RBX: ffff8800375bc4e0 RCX: 0000000000000000
[ 211.603890] RDX: ffff88003997a0a0 RSI: 0000000000000001 RDI: ffff8800379202b0
[ 211.610792] RBP: ffff880037921d50 R08: 0000000000000002 R09: 0000000000000000
[ 211.617608] R10: 0000000000000001 R11: ffff8800399249e0 R12: 0000000000000030
[ 211.624537] R13: 0000000000000000 R14: ffff88002b98d400 R15: 0000000000000001
[ 211.631302] FS: 00007f332d735740(0000) GS:ffff88003f900000(0000)
knlGS:0000000000000000
[ 211.638090] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 211.644965] CR2: 00007f1023d22000 CR3: 0000000031fba000 CR4: 0000000000000660
[ 211.651894] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 211.658652] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 211.665288] Process netback/4 (pid: 1184, threadinfo ffff880037920000, task
ffff88003997a0a0)
[ 211.671884] Stack:
[ 211.678376] ffff880037921d1c ffff880037920010 ffff880037921d00
ffff880037921c80
[ 211.685145] ffffffff810800b5 00000000000000ba ffffc90010851a98
ffffc9001084cf30
[ 211.691837] 0000000101080083 ffffc9001084cee0 0000000100000000
ffff88002c5bd9c0
[ 211.698581] Call Trace:
[ 211.705349] [<ffffffff810800b5>] ? __alloc_workqueue_key+0x265/0x5d0
[ 211.712156] [<ffffffff810acf3d>] ? trace_hardirqs_on+0xd/0x10
[ 211.718907] [<ffffffff8147568a>] xen_netbk_kthread+0xba/0xa90
[ 211.725654] [<ffffffff810957e6>] ? try_to_wake_up+0x1b6/0x310
[ 211.732369] [<ffffffff81086810>] ? wake_up_bit+0x40/0x40
[ 211.739111] [<ffffffff814755d0>] ? xen_netbk_tx_build_gops+0xa70/0xa70
[ 211.745858] [<ffffffff810861a6>] kthread+0xd6/0xe0
[ 211.752449] [<ffffffff8174e664>] kernel_thread_helper+0x4/0x10
[ 211.758975] [<ffffffff8174cb37>] ? retint_restore_args+0x13/0x13
[ 211.765575] [<ffffffff8174e660>] ? gs_change+0x13/0x13
[ 211.772016] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d
00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b
eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7
[ 211.785816] RIP [<ffffffff8147462a>] xen_netbk_rx_action+0x89a/0x910
[ 211.792586] RSP <ffff880037921c20>
[ 211.799394] ---[ end trace cbdd0e4e80268faa ]---
[ 212.852714] device vif14.0 entered promiscuous mode
[ 213.234995] xen-blkback:ring-ref 8, event-channel 9, protocol 1 (x86_64-abi)
[ 213.245054] xen_bridge: port 13(vif14.0) entered forwarding state
[ 213.252087] xen_bridge: port 13(vif14.0) entered forwarding state
[ 214.691532] netbk_gop_frag_copy failed: skb frag 0 page
[ 214.698515] copying from offset 26a8, len 2c1
[ 214.705472] page:ffffea0000b18400 count:10 mapcount:0 mapping:
(null) index:0x0
[ 214.712415] page flags: 0x40000000004000(head)
[ 214.719170] ------------[ cut here ]------------
[ 214.725887] kernel BUG at drivers/net/xen-netback/netback.c:546!
[ 214.732563] invalid opcode: 0000 [#4] PREEMPT SMP
[ 214.739221] Modules linked in:
[ 214.745808] CPU 5
[ 214.745859] Pid: 1185, comm: netback/5 Tainted: G D
3.6.0pre-rc1-20121008bisect #1 MSI MS-7640/890FXA-GD70 (MS-7640)
[ 214.759156] RIP: e030:[<ffffffff8147462a>] [<ffffffff8147462a>]
xen_netbk_rx_action+0x89a/0x910
[ 214.766127] RSP: e02b:ffff880037923c20 EFLAGS: 00010282
[ 214.773012] RAX: 0000000000000001 RBX: ffff8800379172e0 RCX: 0000000000000000
[ 214.780010] RDX: ffff880039ac8000 RSI: 0000000000000001 RDI: ffff8800379202b0
[ 214.786988] RBP: ffff880037923d50 R08: 0000000000000002 R09: 0000000000000000
[ 214.793870] R10: 0000000000000001 R11: ffff880039924460 R12: 0000000000000030
[ 214.800812] R13: 0000000000000000 R14: ffff88002b8b4800 R15: 0000000000000001
[ 214.807668] FS: 00007f236d331700(0000) GS:ffff88003f940000(0000)
knlGS:0000000000000000
[ 214.814545] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 214.821415] CR2: 00007f236c42b6b0 CR3: 0000000039275000 CR4: 0000000000000660
[ 214.828435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 214.835337] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 214.841963] Process netback/5 (pid: 1185, threadinfo ffff880037922000, task
ffff880039ac8000)
[ 214.848655] Stack:
[ 214.855220] ffff880037923d1c ffff880037922010 ffff880037923d00
ffff880037923c80
[ 214.861945] ffffffff810800b5 00000000000000ba ffffc9001085ce50
ffffc900108582e8
[ 214.868699] 0000000101080083 ffffc90010858298 0000000100000000
ffff880031e939c0
[ 214.875477] Call Trace:
[ 214.882247] [<ffffffff810800b5>] ? __alloc_workqueue_key+0x265/0x5d0
[ 214.889083] [<ffffffff810acf3d>] ? trace_hardirqs_on+0xd/0x10
[ 214.895851] [<ffffffff8147568a>] xen_netbk_kthread+0xba/0xa90
[ 214.902612] [<ffffffff810957e6>] ? try_to_wake_up+0x1b6/0x310
[ 214.909343] [<ffffffff81086810>] ? wake_up_bit+0x40/0x40
[ 214.916115] [<ffffffff814755d0>] ? xen_netbk_tx_build_gops+0xa70/0xa70
[ 214.922856] [<ffffffff810861a6>] kthread+0xd6/0xe0
[ 214.929527] [<ffffffff8174e664>] kernel_thread_helper+0x4/0x10
[ 214.936178] [<ffffffff8174cb37>] ? retint_restore_args+0x13/0x13
[ 214.942781] [<ffffffff8174e660>] ? gs_change+0x13/0x13
[ 214.949279] Code: 00 00 00 42 8b 54 30 3c 41 8b 74 04 08 31 c0 e8 e5 37 2d
00 8b 83 c4 00 00 00 4c 03 b3 c8 00 00 00 4a 8b 7c 30 30 e8 46 24 c8 ff <0f> 0b
eb fe 48 8b b3 d0 00 00 00 48 c7 c2 c0 36 47 81 48 c7 c7
[ 214.963107] RIP [<ffffffff8147462a>] xen_netbk_rx_action+0x89a/0x910
[ 214.969952] RSP <ffff880037923c20>
[ 214.976802] ---[ end trace cbdd0e4e80268fab ]---
[ 216.045946] xen_bridge: port 12(vif12.0) entered forwarding state
[ 220.405869] device vif15.0 entered promiscuous mode
[ 220.607946] device vif15.0-emu entered promiscuous mode
[ 220.625075] xen_bridge: port 15(vif15.0-emu) entered forwarding state
[ 220.633333] xen_bridge: port 15(vif15.0-emu) entered forwarding state
[ 220.890237] pciback 0000:06:00.0: restoring config space at offset 0x3c (was
0x100, writing 0x10a)
[ 220.898814] pciback 0000:06:00.0: restoring config space at offset 0x10 (was
0x4, writing 0xf9a00004)
[ 220.907406] pciback 0000:06:00.0: restoring config space at offset 0xc (was
0x0, writing 0x10)
[ 222.122750] vpn_bridge: port 1(vif13.0) entered forwarding state
[ 225.943971] tty_init_dev: 14 callbacks suppressed
[ 226.654618] device vif16.0 entered promiscuous mode
[ 226.775073] device vif16.0-emu entered promiscuous mode
[ 226.784025] xen_bridge: port 17(vif16.0-emu) entered forwarding state
[ 226.790188] xen_bridge: port 17(vif16.0-emu) entered forwarding state
[ 228.253024] xen_bridge: port 13(vif14.0) entered forwarding state
[ 229.788197] xen_bridge: port 15(vif15.0-emu) entered disabled state
[ 229.796826] xen_bridge: port 15(vif15.0-emu) entered disabled state
[ 229.805243] device vif15.0-emu left promiscuous mode
[ 229.813385] xen_bridge: port 15(vif15.0-emu) entered disabled state
[ 231.558329] xen-blkback:ring-ref 8, event-channel 25, protocol 1 (x86_64-abi)
[ 231.569080] xen-blkback:ring-ref 9, event-channel 26, protocol 1 (x86_64-abi)
[ 231.609663] xen_bridge: port 14(vif15.0) entered forwarding state
[ 231.617943] xen_bridge: port 14(vif15.0) entered forwarding state
[ 231.934347] tty_init_dev: 25 callbacks suppressed
> Ian.
> diff --git a/drivers/net/xen-netback/netback.c
> b/drivers/net/xen-netback/netback.c
> index 05593d8..ca4c47d 100644
> --- a/drivers/net/xen-netback/netback.c
> +++ b/drivers/net/xen-netback/netback.c
> @@ -386,7 +386,7 @@ static struct netbk_rx_meta *get_next_rx_buffer(struct
> xenvif *vif,
> * Set up the grant operations for this fragment. If it's a flipping
> * interface, we also set up the unmap request from here.
> */
> -static void netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb,
> +static int netbk_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb,
> struct netrx_pending_operations *npo,
> struct page *page, unsigned long size,
> unsigned long offset, int *head)
> @@ -402,7 +402,8 @@ static void netbk_gop_frag_copy(struct xenvif *vif,
> struct sk_buff *skb,
> unsigned long bytes;
>
> /* Data must not cross a page boundary. */
> - BUG_ON(size + offset > PAGE_SIZE);
> + if (size + offset > PAGE_SIZE)
> + return -1;
>
> meta = npo->meta + npo->meta_prod - 1;
>
> @@ -459,6 +460,7 @@ static void netbk_gop_frag_copy(struct xenvif *vif,
> struct sk_buff *skb,
> *head = 0; /* There must be something in this buffer now. */
>
> }
> + return 0;
> }
>
> /*
> @@ -517,17 +519,31 @@ static int netbk_gop_skb(struct sk_buff *skb,
> if (data + len > skb_tail_pointer(skb))
> len = skb_tail_pointer(skb) - data;
>
> - netbk_gop_frag_copy(vif, skb, npo,
> - virt_to_page(data), len, offset, &head);
> + if (netbk_gop_frag_copy(vif, skb, npo,
> + virt_to_page(data), len, offset, &head) < 0) {
> +printk(KERN_CRIT "netbk_gop_frag_copy failed: skb head %p-%p\n",
+ skb->>data, skb_tail_pointer);
> +printk(KERN_CRIT "copying from %p-%p, offset %x, len %x\n",
> + data, data+len, offset, len);
> +dump_page(virt_to_page(data));
> +BUG();
> + }
> data += len;
> }
>
> for (i = 0; i < nr_frags; i++) {
> - netbk_gop_frag_copy(vif, skb, npo,
> + if (netbk_gop_frag_copy(vif, skb, npo,
> skb_frag_page(&skb_shinfo(skb)->frags[i]),
> skb_frag_size(&skb_shinfo(skb)->frags[i]),
> skb_shinfo(skb)->frags[i].page_offset,
> - &head);
> + &head) < 0) {
> +printk(KERN_CRIT "netbk_gop_frag_copy failed: skb frag %d page\n", i);
> +printk(KERN_CRIT "copying from offset %x, len %x\n",
> + skb_shinfo(skb)->frags[i].page_offset,
> + skb_frag_size(&skb_shinfo(skb)->frags[i]));
> +dump_page(skb_frag_page(&skb_shinfo(skb)->frags[i]));
> +BUG();
> + }
> }
>
> return npo->meta_prod - old_meta_prod;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |