netdev
[Top] [All Lists]

Re: Bug in 2.6.11.11 - udp_poll(), fragments + CONFIG_HIGHMEM

To: Steven.Hand@xxxxxxxxxxxx (Steven Hand)
Subject: Re: Bug in 2.6.11.11 - udp_poll(), fragments + CONFIG_HIGHMEM
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 May 2005 07:49:30 +1000
Cc: linux-net@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx, Steven.Hand@xxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <E1DclTK-0002qE-00@mta1.cl.cam.ac.uk>
Organization: Core
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))
Steven Hand <Steven.Hand@xxxxxxxxxxxx> wrote:
> 
> Reconstructed forward trace: 
> 
>   net/ipv4/udp.c:1334   spin_lock_irq() 
>   net/ipv4/udp.c:1336   udp_checksum_complete() 
> net/core/skbuff.c:1069   skb_shinfo(skb)->nr_frags > 1
> net/core/skbuff.c:1086   kunmap_skb_frag()
> net/core/skbuff.h:1087   local_bh_enable()
> kernel/softirq.c:0140   WARN_ON(irqs_disabled());

Thanks for catching this.  The receive queue lock is never taken
in IRQs (and should never be) so we can simply substitute bh for
irq.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -738,7 +738,7 @@ int udp_ioctl(struct sock *sk, int cmd, 
                        unsigned long amount;
 
                        amount = 0;
-                       spin_lock_irq(&sk->sk_receive_queue.lock);
+                       spin_lock_bh(&sk->sk_receive_queue.lock);
                        skb = skb_peek(&sk->sk_receive_queue);
                        if (skb != NULL) {
                                /*
@@ -748,7 +748,7 @@ int udp_ioctl(struct sock *sk, int cmd, 
                                 */
                                amount = skb->len - sizeof(struct udphdr);
                        }
-                       spin_unlock_irq(&sk->sk_receive_queue.lock);
+                       spin_unlock_bh(&sk->sk_receive_queue.lock);
                        return put_user(amount, (int __user *)arg);
                }
 
@@ -848,12 +848,12 @@ csum_copy_err:
        /* Clear queue. */
        if (flags&MSG_PEEK) {
                int clear = 0;
-               spin_lock_irq(&sk->sk_receive_queue.lock);
+               spin_lock_bh(&sk->sk_receive_queue.lock);
                if (skb == skb_peek(&sk->sk_receive_queue)) {
                        __skb_unlink(skb, &sk->sk_receive_queue);
                        clear = 1;
                }
-               spin_unlock_irq(&sk->sk_receive_queue.lock);
+               spin_unlock_bh(&sk->sk_receive_queue.lock);
                if (clear)
                        kfree_skb(skb);
        }
@@ -1334,7 +1334,7 @@ unsigned int udp_poll(struct file *file,
                struct sk_buff_head *rcvq = &sk->sk_receive_queue;
                struct sk_buff *skb;
 
-               spin_lock_irq(&rcvq->lock);
+               spin_lock_bh(&rcvq->lock);
                while ((skb = skb_peek(rcvq)) != NULL) {
                        if (udp_checksum_complete(skb)) {
                                UDP_INC_STATS_BH(UDP_MIB_INERRORS);
@@ -1345,7 +1345,7 @@ unsigned int udp_poll(struct file *file,
                                break;
                        }
                }
-               spin_unlock_irq(&rcvq->lock);
+               spin_unlock_bh(&rcvq->lock);
 
                /* nothing to see, move along */
                if (skb == NULL)

<Prev in Thread] Current Thread [Next in Thread>