search for: nf_reset

...ice *dev) > } > } > > - if (__netif_subqueue_stopped(dev, qnum) || !skb->xmit_more) > + if (kick || netif_xmit_stopped(txq)) > virtqueue_kick(sq->vq); > > return NETDEV_TX_OK; I must say I am kind of confused by this patch. Why the skb_orphan(skb) & nf_reset(skb) do not have the same issue ? It looks like following patch is needed ? diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index ec2a8b41ed41..17cc42c6a559 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -927,6 +927,10 @@ static netdev_tx_t start_xmit(st...

commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb->xmit_more after the skb has been put in TX VQ. Since some paths process the ring and free the skb immediately, this can cause use after free. Fix by storing xmit_more in a local variable. Cc: David S. Miller <davem at davemloft.net>

commit 0b725a2ca61bedc33a2a63d0451d528b268cf975 net: Remove ndo_xmit_flush netdev operation, use signalling instead. added code that looks at skb->xmit_more after the skb has been put in TX VQ. Since some paths process the ring and free the skb immediately, this can cause use after free. Fix by storing xmit_more in a local variable. Cc: David S. Miller <davem at davemloft.net>

...M and indirect buffers. */ @@ -532,8 +531,11 @@ again: } return NETDEV_TX_BUSY; } - vi->svq->vq_ops->kick(vi->svq); + + /* Put new one in send queue */ + __skb_queue_head(&vi->send, skb); + /* Don't wait up for transmitted skbs to be freed. */ skb_orphan(skb); nf_reset(skb); -- 1.6.5.rc2

...M and indirect buffers. */ @@ -532,8 +531,11 @@ again: } return NETDEV_TX_BUSY; } - vi->svq->vq_ops->kick(vi->svq); + + /* Put new one in send queue */ + __skb_queue_head(&vi->send, skb); + /* Don't wait up for transmitted skbs to be freed. */ skb_orphan(skb); nf_reset(skb); -- 1.6.5.rc2

...acts are. Signed-off-by: Stephen Hemminger <stephen at networkplumber.org> --- a/drivers/net/virtio_net.c 2015-03-24 15:20:25.174671000 -0700 +++ b/drivers/net/virtio_net.c 2015-03-24 16:17:28.478525333 -0700 @@ -939,8 +939,12 @@ static netdev_tx_t start_xmit(struct sk_ skb_orphan(skb); nf_reset(skb); - /* Apparently nice girls don't return TX_BUSY; stop the queue - * before it gets out of hand. Naturally, this wastes entries. */ + /* It is better to stop queue if running out of space + * instead of forcing queuing layer to requeue the skb + * by returning TX_BUSY (and cause a BU...

...acts are. Signed-off-by: Stephen Hemminger <stephen at networkplumber.org> --- a/drivers/net/virtio_net.c 2015-03-24 15:20:25.174671000 -0700 +++ b/drivers/net/virtio_net.c 2015-03-24 16:17:28.478525333 -0700 @@ -939,8 +939,12 @@ static netdev_tx_t start_xmit(struct sk_ skb_orphan(skb); nf_reset(skb); - /* Apparently nice girls don't return TX_BUSY; stop the queue - * before it gets out of hand. Naturally, this wastes entries. */ + /* It is better to stop queue if running out of space + * instead of forcing queuing layer to requeue the skb + * by returning TX_BUSY (and cause a BU...

...(sq); > > /* timestamp packet in software */ > skb_tx_timestamp(skb); > @@ -1152,8 +1183,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) > } > > /* Don't wait up for transmitted skbs to be freed. */ > - skb_orphan(skb); > - nf_reset(skb); > + if (!use_napi) { > + skb_orphan(skb); > + nf_reset(skb); > + } > > /* If running out of space, stop queue to avoid getting packets that we > * are then unable to transmit. > @@ -1167,7 +1200,8 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct ne...

...sq->napi.weight; /* Free up any pending old buffers before queueing new ones. */ free_old_xmit_skbs(sq); @@ -1152,8 +1197,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) } /* Don't wait up for transmitted skbs to be freed. */ - skb_orphan(skb); - nf_reset(skb); + if (!use_napi) { + skb_orphan(skb); + nf_reset(skb); + } /* If running out of space, stop queue to avoid getting packets that we * are then unable to transmit. @@ -1167,7 +1214,8 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) */ if (sq->vq-&gt...

.../* Try to transmit */ > err = xmit_skb(sq, skb); > @@ -941,27 +981,19 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) > return NETDEV_TX_OK; > } > > - /* Don't wait up for transmitted skbs to be freed. */ > - skb_orphan(skb); > - nf_reset(skb); > - > /* Apparently nice girls don't return TX_BUSY; stop the queue > * before it gets out of hand. Naturally, this wastes entries. */ > - if (sq->vq->num_free < 2+MAX_SKB_FRAGS) { > + if (sq->vq->num_free < 2+MAX_SKB_FRAGS) > netif_stop_sub...

.../* Try to transmit */ > err = xmit_skb(sq, skb); > @@ -941,27 +981,19 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) > return NETDEV_TX_OK; > } > > - /* Don't wait up for transmitted skbs to be freed. */ > - skb_orphan(skb); > - nf_reset(skb); > - > /* Apparently nice girls don't return TX_BUSY; stop the queue > * before it gets out of hand. Naturally, this wastes entries. */ > - if (sq->vq->num_free < 2+MAX_SKB_FRAGS) { > + if (sq->vq->num_free < 2+MAX_SKB_FRAGS) > netif_stop_sub...

...s(sq); + if (!use_napi) + free_old_xmit_skbs(sq); /* timestamp packet in software */ skb_tx_timestamp(skb); @@ -1152,8 +1183,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) } /* Don't wait up for transmitted skbs to be freed. */ - skb_orphan(skb); - nf_reset(skb); + if (!use_napi) { + skb_orphan(skb); + nf_reset(skb); + } /* If running out of space, stop queue to avoid getting packets that we * are then unable to transmit. @@ -1167,7 +1200,8 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) */ if (sq->vq-&gt...

As suggested here: http://lists.shorewall.net/pipermail/shorewall-users/2004-October/015097.html I''ve run: adam@shrike:~$ /sbin/iptables -m policy --help iptables v1.2.11 Usage: iptables -[AD] chain rule-specification [options] iptables -[RI] chain rulenum rule-specification [options] iptables -D chain rulenum [options] --snip-- And: adam@shrike:~$ sudo

...This should not happen! */ > if (unlikely(err)) { > @@ -935,22 +1013,26 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) > return NETDEV_TX_OK; > } > > - /* Don't wait up for transmitted skbs to be freed. */ > - skb_orphan(skb); > - nf_reset(skb); > + if (!urgent) { > + skb_orphan(skb); > + nf_reset(skb); > + } > > /* Apparently nice girls don't return TX_BUSY; stop the queue > * before it gets out of hand. Naturally, this wastes entries. */ > if (sq->vq->num_free < 2+MAX_SKB_FRAGS) { &g...

From: Willem de Bruijn <willemb at google.com> Add napi for virtio-net transmit completion processing. Based on previous patchsets by Jason Wang: [RFC V7 PATCH 0/7] enable tx interrupts for virtio-net http://lkml.iu.edu/hypermail/linux/kernel/1505.3/00245.html Changes: RFC -> v1: - dropped vhost interrupt moderation patch: not needed and likely expensive at light

From: Willem de Bruijn <willemb at google.com> Add napi for virtio-net transmit completion processing. Based on previous patchsets by Jason Wang: [RFC V7 PATCH 0/7] enable tx interrupts for virtio-net http://lkml.iu.edu/hypermail/linux/kernel/1505.3/00245.html Changes: RFC -> v1: - dropped vhost interrupt moderation patch: not needed and likely expensive at light

...s(sq); + if (!use_napi) + free_old_xmit_skbs(sq); /* timestamp packet in software */ skb_tx_timestamp(skb); @@ -1152,8 +1196,10 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) } /* Don't wait up for transmitted skbs to be freed. */ - skb_orphan(skb); - nf_reset(skb); + if (!use_napi) { + skb_orphan(skb); + nf_reset(skb); + } /* If running out of space, stop queue to avoid getting packets that we * are then unable to transmit. @@ -1167,7 +1213,8 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) */ if (sq->vq-&gt...

...also works. But for some reasons passive FTP fails. The rewritten answer from the FTP server that contains the rewritten IP and port number to connect arrives at the FTP client with a broken TCP checksum. The kernel is based on 2.6.18-rc7 (+ the latest Fedora XEN patch). Note that I had to add a nf_reset() call to the loopback driver between vif0.0 and int0 or conntrack would miserably fail due to the conntrack stated being held between bridging netfilter and IPv4 netfilter. The bridging netfilter has a NOTRACK in the mangle table, so that effectively conntrack is only done between int0 and eth0. E...

...>> - if (__netif_subqueue_stopped(dev, qnum) || !skb->xmit_more) >> + if (kick || netif_xmit_stopped(txq)) >> virtqueue_kick(sq->vq); >> >> return NETDEV_TX_OK; > I must say I am kind of confused by this patch. > > Why the skb_orphan(skb) & nf_reset(skb) do not have the same issue ? > Since they are called before the possible free_old_xmit_skbs(), skb won't get freed at this time.

...d a Bad Thing? (Does it really BUG_ON?) Thanks, Rusty. > --- a/drivers/net/virtio_net.c 2015-03-24 15:20:25.174671000 -0700 > +++ b/drivers/net/virtio_net.c 2015-03-24 16:17:28.478525333 -0700 > @@ -939,8 +939,12 @@ static netdev_tx_t start_xmit(struct sk_ > skb_orphan(skb); > nf_reset(skb); > > - /* Apparently nice girls don't return TX_BUSY; stop the queue > - * before it gets out of hand. Naturally, this wastes entries. */ > + /* It is better to stop queue if running out of space > + * instead of forcing queuing layer to requeue the skb > + * by ret...