netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Problem with TCP

from [LOUVET Eric ATOS 7SB K236 p5036] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: Problem with TCP
From: LOUVET Eric ATOS 7SB K236 p5036 <eric.louvet@xxxxxxxxxxxxxx>
Date: Thu, 27 Feb 2003 09:21:15 +0100
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 

Hello to all of you !
   I 'm sorry to disturb you, it is not a spaming mail !

Alan Cox says me netdev@xxxxxxxxxxx is the place to tell my
story.

In case you can help me to undestand something, I would like
to describe a problem I encounter with TCP, under kernel 2.4.20.

Here it is, I use almost successfully the TCP stack in kernel code,
(in a streams driver to be precise).
the only problem I have is this :

I have an established connection, when this connection is local,
I kill the client, or stop it, so it close its socket.

From the server side I'm alerted of that by the state change callback
of my socket, then I detach from it my callbacks fcn -state_change data_ready etc...
and call sock_release .....

I observe this : sock_release call tcp_close, the socket is in TCP_LAST_ACK state !!! tcp_close call tcp_send_fin after that call, something as been inserted
in the backlog queue of the tcp socket.
and then when tcp_close call release_sock, then __release_sock runs
because backlog is not empty, I encounter a crash, due to poisonning
of free slab block.

If poisonning is not active, the kernel crash later at random place .... ;-)

remember __release_sock :


void __release_sock(struct sock *sk)
{
struct sk_buff *skb = sk->backlog.head;
do {
sk->backlog.head = sk->backlog.tail = NULL; <- crashing code !
bh_unlock_sock(sk);
do {
struct sk_buff *next = skb->next;

                       skb->next = NULL;
                       sk->backlog_rcv(sk, skb);
                       skb = next;
               } while (skb != NULL);

bh_lock_sock(sk);
} while((skb = sk->backlog.head) != NULL); }


The crash is due to the value of skb, which is 0x5a5a5a5a (poisonned),
which seems to indicate that sk has been freed ?

How can this be possible ? what are the stuff I forgot to consider ?

In fact, another point of matter is this :
the crash only occur when the connection is local,
when the client is not local, there is no crash.


I hope some of you understand my story,
sorry for my poor english, I hope you can give me ideas
about my problem, that can help me to find what I'm doing wrong.

Best regards to you all.

                       Eric.




[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Problem with TCP, LOUVET Eric ATOS 7SB K236 p5036 <=
Previous by Date:  Re: [PATCH] IPv6: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, David S. Miller
Next by Date:  TCP stalling problems dissipated in 2.5.63, Dave Hansen
Previous by Thread:  locked up 4-port Intel NIC with RH 8.0 and eepro100 driver, Ben Greear
Next by Thread:  TCP stalling problems dissipated in 2.5.63, Dave Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]