Hello.
On 10/19/2015 06:01 PM, Yasushi SHOJI wrote:
In a low memory situation with netdev_alloc_skb() failure,
mdp->rx_skbuff[entry] can be left NULL, however, sh_eth_rx() seems to
access it without checking NULL or not in the following code:
skb = mdp->rx_skbuff[entry];
mdp->rx_skbuff[entry] = NULL;
if (mdp->cd->rpadir)
skb_reserve(skb, NET_IP_ALIGN);
dma_unmap_single(&ndev->dev, rxdesc->addr,
ALIGN(mdp->rx_buf_sz, 16),
DMA_FROM_DEVICE);
I've put BUG_ON() to test skb and got the following backtrace. I can
also enable slub poisoning to see some bad access.
I'm not that familiar with this code base so I'm note including any
patch yet. I appreciate if someone with insight in this code give a
quick look and tell me that it's a real one or not. if this is a real
case, I can take a deep look.
If you got the oops, it's real. Thanks for the reporting. I guess I should
check the new ravb driver as well...
Do you want to try fixing the bug yourself?
BTW, the backtrace is from old 3.4.74+ kernel but the current tip is
very close.
Yeah, this part didn't change in a long time...
Thanks,
MBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
