lkml@xxxxxxxxxxxxxxxx wrote:
hello again,
the last line (filter add) in the "wondershaper" script does sth. to the
kernel, that lets it panic on receiving network packets.
actually, the last _two_ commands set up the kernel for panic. please
see attached script; running should produce this console message:
Fixed by this patch. qdisc_data was only aligned correctly in
qdisc_create_dflt(),
not qdisc_create() which resulted in memory corruption.
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/08/15 18:08:13+02:00 kaber@xxxxxxxxxxxx
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/sched/sch_api.c
# 2004/08/15 18:04:27+02:00 kaber@xxxxxxxxxxxx +13 -8
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
+++ b/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
@@ -389,7 +389,8 @@
{
int err;
struct rtattr *kind = tca[TCA_KIND-1];
- struct Qdisc *sch = NULL;
+ void *p = NULL;
+ struct Qdisc *sch;
struct Qdisc_ops *ops;
int size;
@@ -407,12 +408,18 @@
if (ops == NULL)
goto err_out;
- size = sizeof(*sch) + ops->priv_size;
+ /* ensure that the Qdisc and the private data are 32-byte aligned */
+ size = ((sizeof(*sch) + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST);
+ size += ops->priv_size + QDISC_ALIGN_CONST;
- sch = kmalloc(size, GFP_KERNEL);
+ p = kmalloc(size, GFP_KERNEL);
err = -ENOBUFS;
- if (!sch)
+ if (!p)
goto err_out;
+ memset(p, 0, size);
+ sch = (struct Qdisc *)(((unsigned long)p + QDISC_ALIGN_CONST)
+ & ~QDISC_ALIGN_CONST);
+ sch->padded = (char *)sch - (char *)p;
/* Grrr... Resolve race condition with module unload */
@@ -420,8 +427,6 @@
if (ops != qdisc_lookup_ops(kind))
goto err_out;
- memset(sch, 0, size);
-
INIT_LIST_HEAD(&sch->list);
skb_queue_head_init(&sch->q);
@@ -470,8 +475,8 @@
err_out:
*errp = err;
- if (sch)
- kfree(sch);
+ if (p)
+ kfree(p);
return NULL;
}
|