On Fri, 1 Jun 2018, Anton Eidelman wrote:
> I do not have a way of reproducing this decent enough to recommend: I'll
> keep digging.
If you can reproduce it: Could you try the following patch?
Subject: [NET] Fix false positives of skb_can_coalesce
Skb fragments may be slab objects. Two slab objects may reside
in the same slab page. In that case skb_can_coalesce() may return
true althought the skb cannot be expanded because it would
cross a slab boundary.
Enabling slab debugging will avoid the issue since red zones will
be inserted and thus the skb_can_coalesce() check will not detect
neighboring objects and return false.
Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
Index: linux/include/linux/skbuff.h
===================================================================
--- linux.orig/include/linux/skbuff.h
+++ linux/include/linux/skbuff.h
@@ -3010,8 +3010,29 @@ static inline bool skb_can_coalesce(stru
if (i) {
const struct skb_frag_struct *frag = &skb_shinfo(skb)->frags[i - 1];
- return page == skb_frag_page(frag) &&
- off == frag->page_offset + skb_frag_size(frag);
+ if (page != skb_frag_page(frag))
+ return false;
+
+ if (off != frag->page_offset + skb_frag_size(frag))
+ return false;
+
+ /*
+ * This may be a slab page and we may have pointers
+ * to different slab objects in the same page
+ */
+ if (!PageSlab(skb_frag_page(frag)))
+ return true;
+
+ /*
+ * We could still return true if we would check here
+ * if the two fragments are within the same
+ * slab object. But that is complicated and
+ * I guess we would need a new slab function
+ * to check if two pointers are within the same
+ * object.
+ */
+ return false;
+
}
return false;
}
