Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

core: Add list removal in tso segmentation logic

Transmitting a packet without removing it from the segment list causes
the entire chain to be incorrectly transmitted multiple times. Fixes
the following-

 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
 Mem abort info:
   ESR = 0x96000005
   EC = 0x25: DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
   FSC = 0x05: level 1 translation fault
 Data abort info:
   ISV = 0, ISS = 0x00000005
   CM = 0, WnR = 0
 user pgtable: 4k pages, 39-bit VAs, pgdp=00000000b32f8000
 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
 pstate: 42400005 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
 pc : __skb_clone+0xfc/0x144
 lr : __skb_clone+0x24/0x144
 Call trace:
  __skb_clone+0xfc/0x144
  skb_clone+0x94/0xe0
  dev_queue_xmit_nit+0x188/0x40c
  xmit_one+0x60/0x284
  sch_direct_xmit+0x184/0x3dc
  __dev_xmit_skb+0x47c/0x97c
  __dev_queue_xmit+0x2cc/0x774
  dev_queue_xmit+0x14/0x20
  rmnet_egress_handler+0x458/0x608 [rmnet_core]
  rmnet_vnd_start_xmit+0x3a0/0x708 [rmnet_core]
  xmit_one+0xd0/0x284
  sch_direct_xmit+0x184/0x3dc
  __dev_xmit_skb+0x47c/0x97c
  __dev_queue_xmit+0x2cc/0x774
  __bpf_redirect+0x214/0x2a0
  skb_do_redirect+0xe4/0xbbc
  __dev_queue_xmit+0x6bc/0x774
  neigh_connected_output+0xd8/0x110
  ip_finish_output2+0x3c4/0x548
  __ip_finish_output+0x194/0x244
  ip_finish_output+0x4c/0xec
  ip_output+0x114/0x23c
  __ip_queue_xmit+0x50c/0x610
  ip_queue_xmit+0x14/0x20
  __tcp_transmit_skb+0x770/0xc54
  tcp_write_xmit+0x78c/0x1088
  __tcp_push_pending_frames+0x38/0xd0
  tcp_rcv_established+0x3fc/0xa58
  tcp_v4_do_rcv+0x9c/0x2f8
  tcp_v4_rcv+0xbbc/0xeac
  ip_protocol_deliver_rcu+0x6c/0x2b0
  ip_local_deliver+0xd4/0x1e4
  ip_rcv+0x7c/0x15c
  __netif_receive_skb+0xdc/0x174
  process_backlog+0xf0/0x3b4
  __napi_poll+0x48/0x224
  net_rx_action+0x118/0x398
  _stext+0x14c/0x5c0
  __irq_exit_rcu+0x74/0x1f8
  handle_domain_irq+0xb4/0x120
  gic_handle_irq.34241+0x50/0x340
  call_on_irq_stack+0x40/0x70
  do_interrupt_handler+0x3c/0x50
  el1_interrupt+0x30/0x5c
  el1h_64_irq_handler+0x18/0x24
  el1h_64_irq+0x7c/0x80
  cpuidle_enter_state+0x310/0x784
  do_idle+0x304/0x52c
  cpu_startup_entry+0x80/0x8c
  secondary_start_kernel+0x1fc/0x23c
  __secondary_switched+0x98/0x9c

CRs-Fixed: 3328368
Change-Id: I56e29466d7b5883b554b19c3f3b3f5ba73f8d5a6
Signed-off-by: Subash Abhinov Kasiviswanathan <[email protected]>
Subash Abhinov Kasiviswanathan 2 years ago
parent
f41ac5e8ca
commit
652abaa760
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      core/rmnet_vnd.c

+ 2 - 0
core/rmnet_vnd.c
View File 

@@ -160,6 +160,7 @@ static netdev_tx_t rmnet_vnd_start_xmit(struct sk_buff *skb,
 
 				tmp = skb->next;
 
 				skb->dev = dev;
 
 				priv->stats.ll_tso_segs++;
 
+				skb_mark_not_on_list(skb);
 
 				rmnet_egress_handler(skb, low_latency);
 
 			}
 
 		} else if (!low_latency && skb_is_gso(skb)) {
 
@@ -198,6 +199,7 @@ static netdev_tx_t rmnet_vnd_start_xmit(struct sk_buff *skb,
 
 						skb_shinfo(skb)->gso_type = orig_gso_type;
 
 
 						priv->stats.tso_segment_success++;
 
+						skb_mark_not_on_list(skb);
 
 						rmnet_egress_handler(skb, low_latency);
 
 					}
 
 				}