On Tue, Sep 1, 2015 at 2:10 PM, Pravin Shelar <pshe...@nicira.com> wrote: > On Tue, Sep 1, 2015 at 12:55 PM, Tom Herbert <t...@herbertland.com> wrote: >> On Tue, Sep 1, 2015 at 12:20 PM, Pravin Shelar <pshe...@nicira.com> wrote: >>> On Tue, Sep 1, 2015 at 7:19 AM, Tom Herbert <t...@herbertland.com> wrote: >>>> On Mon, Aug 31, 2015 at 10:15 PM, Pravin Shelar <pshe...@nicira.com> wrote: >>>>> On Mon, Aug 31, 2015 at 9:12 PM, Tom Herbert <t...@herbertland.com> wrote: >>>>>> On Mon, Aug 31, 2015 at 3:55 PM, Pravin B Shelar <pshe...@nicira.com> >>>>>> wrote: >>>>>>> VXLAN device can receive skb with checksum partial. But the checksum >>>>>>> offset could be in outer header which is pulled on receive. Such skb >>>>>>> can cause the panic when checksum is calculated on skb. Following patch >>>>>>> fixes the bug by setting checksum unnecessary while pulling outer >>>>>>> header. >>>>>>> >>>>>> Okay, I think I understand what you are doing. I suggest in the >>>>>> openvswitch path, if there is a checksum CHECKSUM_PARTIAL that refers >>>>>> to the outer headers which must have been verified at this point then >>>>>> set to CHECKSUM_NONE-- assuming CHECKSUM_UNNECESSARY on the inner >>>>>> header is not correct in this case. If the CHECKSUM_PARTIAL refers to >>>>>> the inner header then you can call skb_checksum_help to resolve an >>>>>> inner checksum. >>>>>> >>>>> >>>>> That would be OVS specific fix, But I do see skb_checksum_help() >>>>> called in multiple places outside OVS that could result in similar >>>>> kernel panic. Therefore I want to solve it up in networking stack >>>>> rather than in OVS. >>>>> >>>> Please try to reproduce this out of OVS from the top of the tree then >>>> and report down exactly where panic is occurring the code. Unlike most >>>> of the of the other cases where skb_checksum_help() is being called >>>> this in the RX path so skb is probably not pulled over the checksum >>>> offset for those. Even so, if the skb is pulled beyond the checksum >>>> offset then this should result in a negative offset in >>>> skb_checksum_start_offset(skb) which should be okay. It looks like >>>> this in itself should not be causing your panic. >>>> >>> >>> ip_do_fragment() also calls skb_checksum_help() that can results in >>> similar panic. But it is not easy to reproduce it in this case due to >>> call site is in exception path. >>> The negative checksum offset can atleast cause assert failure in >>> skb_checksum_help(). I will send patch to fix that. >> >> Which BUG_ON do you see is hitting? > > BUG_ON(offset >= skb_headlen(skb)); > where skb_headlen() returns unsigned int, therefore negative offset > cast to unsigned int.
Thanks, looks like skb_headlen() needs to be case to int for this comparison. Does this fix your issue? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
