Re: [PATCH] Fix slab corruption with netem (2nd try)

From: Guillaume Chazarain <[EMAIL PROTECTED]> Date: Sun, 16 Jul 2006 23:56:31 +0200 > CONFIG_DEBUG_SLAB found the following bug: > netem_enqueue() in sch_netem.c gets a pointer inside a slab object: > struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; > But then, the slab object may be free

[PATCH] Fix slab corruption with netem (2nd try)

CONFIG_DEBUG_SLAB found the following bug: netem_enqueue() in sch_netem.c gets a pointer inside a slab object: struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; But then, the slab object may be freed: skb = skb_unshare(skb, GFP_ATOMIC) cb is still pointing inside the freed skb, so here is

Re: [PATCH] Fix slab corruption with netem

Guillaume Chazarain wrote: Stephen Hemminger wrote : -struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; +/* We don't fill cb now as skb_unshare() may invalidate it */ +struct netem_skb_cb *cb = NULL; Would rather leave it unitialized, rather than setting to NULL. I find

Re: [PATCH] Fix slab corruption with netem

Stephen Hemminger wrote : -struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; +/* We don't fill cb now as skb_unshare() may invalidate it */ +struct netem_skb_cb *cb = NULL; Would rather leave it unitialized, rather than setting to NULL. I find that strange. If someone mi

Re: [PATCH] Fix slab corruption with netem

Guillaume Chazarain wrote: Hello, CONFIG_DEBUG_SLAB found the following bug: netem_enqueue() in sch_netem.c gets a pointer inside a slab object: struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; But then, the slab object may be freed: skb = skb_unshare(skb, GFP_ATOMIC) cb is still poin

[PATCH] Fix slab corruption with netem

Hello, CONFIG_DEBUG_SLAB found the following bug: netem_enqueue() in sch_netem.c gets a pointer inside a slab object: struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb; But then, the slab object may be freed: skb = skb_unshare(skb, GFP_ATOMIC) cb is still pointing inside the freed skb, s