Package: kernel-source-2.6.8
Version: 2.6.8-2
Severity: important
Tags: patch
A kernel panic is triggered when loading fiaif with htb scheduler
support.
Please see attached message from lkml with patch for details.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (499, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-zenon
Locale: LANG=en_CA, [EMAIL PROTECTED] (ignored: LC_ALL set to en_US)
Versions of packages kernel-source-2.6.8 depends on:
ii binutils 2.15-1 The GNU assembler, linker and bina
ii bzip2 1.0.2-1 A high-quality block-sorting file
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
-- no debconf information
--
[EMAIL PROTECTED]
--- Begin Message ---
[EMAIL PROTECTED] wrote:
hello again,
the last line (filter add) in the "wondershaper" script does sth. to the
kernel, that lets it panic on receiving network packets.
actually, the last _two_ commands set up the kernel for panic. please
see attached script; running should produce this console message:
Fixed by this patch. qdisc_data was only aligned correctly in
qdisc_create_dflt(),
not qdisc_create() which resulted in memory corruption.
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/08/15 18:08:13+02:00 [EMAIL PROTECTED]
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
# Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
#
# net/sched/sch_api.c
# 2004/08/15 18:04:27+02:00 [EMAIL PROTECTED] +13 -8
# [PKT_SCHED]: cacheline-align qdisc data in qdisc_create()
#
diff -Nru a/net/sched/sch_api.c b/net/sched/sch_api.c
--- a/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
+++ b/net/sched/sch_api.c 2004-08-15 18:09:36 +02:00
@@ -389,7 +389,8 @@
{
int err;
struct rtattr *kind = tca[TCA_KIND-1];
- struct Qdisc *sch = NULL;
+ void *p = NULL;
+ struct Qdisc *sch;
struct Qdisc_ops *ops;
int size;
@@ -407,12 +408,18 @@
if (ops == NULL)
goto err_out;
- size = sizeof(*sch) + ops->priv_size;
+ /* ensure that the Qdisc and the private data are 32-byte aligned */
+ size = ((sizeof(*sch) + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST);
+ size += ops->priv_size + QDISC_ALIGN_CONST;
- sch = kmalloc(size, GFP_KERNEL);
+ p = kmalloc(size, GFP_KERNEL);
err = -ENOBUFS;
- if (!sch)
+ if (!p)
goto err_out;
+ memset(p, 0, size);
+ sch = (struct Qdisc *)(((unsigned long)p + QDISC_ALIGN_CONST)
+ & ~QDISC_ALIGN_CONST);
+ sch->padded = (char *)sch - (char *)p;
/* Grrr... Resolve race condition with module unload */
@@ -420,8 +427,6 @@
if (ops != qdisc_lookup_ops(kind))
goto err_out;
- memset(sch, 0, size);
-
INIT_LIST_HEAD(&sch->list);
skb_queue_head_init(&sch->q);
@@ -470,8 +475,8 @@
err_out:
*errp = err;
- if (sch)
- kfree(sch);
+ if (p)
+ kfree(p);
return NULL;
}
--- End Message ---
