|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] xennet_start_xmit assumptions
As I was playing around with pf_packet, I accidentally wrote a buggy application program that bzero'ed the msghdr, then set up the msg_name, msg_namelen correctly, and then did a sendmsg on the pf_packet/SOCK_RAW fd. This causes packet_snd to set up an skb with a lot of issues, e.g., skb->len = 0, skb_headlen(skb) is 0, etc. I think we can/should drop the packet in packet_snd if the skb->len is 0, but there may be other driver bugs going on: Turns out that ixgbe and sunvnet handle this problematic skb correctly (they drop it and system remains stable), but it creates a panic in xen_netfront (xennet_start_xmit() hits a null pointer deref when xennet_make_first_txreq() returns NULL) I'm new to the xen driver code, so I'm hoping that the experts can comment here: reading the code in xennet_start_xmit, it seems like it mandatorily requires the skb_headlen() to be non-zero in order to create the first_tx? That may not always be true, how does the code recover for purely non-linear skbs? --Sowmini _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |