Re: hi Question about construct the sk_buff

lx <lxlenovostar@xxxxxxxxx> · Sun, 28 Sep 2014 14:34:32 +0800

hi all:   I fix it. I make a error with:
###############################
                        skb_reset_tail_pointer(skb);
			send_skb->end = skb->tail + len + NUM;
			kmemcheck_annotate_bitfield(skb, flags1);
			kmemcheck_annotate_bitfield(skb, flags2);

			//send_skb->ip_summed = CHECKSUM_PARTIAL;	

			struct skb_shared_info *shinfo;
			shinfo = skb_shinfo(skb);
			atomic_set(&shinfo->dataref, 2);
			shinfo->nr_frags  = 0;
			shinfo->gso_size = 0;
			shinfo->gso_segs = 0;
			shinfo->gso_type = 0;
			shinfo->ip6_frag_id = 0;
			shinfo->tx_flags.flags = 0;
			skb_frag_list_init(skb);
###############################

I should use send_skb instead of skb.

2014-09-25 17:58 GMT+08:00 lx <lxlenovostar@xxxxxxxxx>:
hi all:      I have a mmap memory area, so I don't want to use alloc_skb(). I use this way:
1. use kmem_cache_alloc_node() for sk_buff struct.
2. the mmap memory area of "mmap_buf" for data area of packet.

the codes is:

alloc data memory area:
###############################################################
mmap_buf  = vmalloc(mmap_size);
		printk("vmalloc mmap_buf=%p  mmap_size=%ld\n", (void *)mmap_buf, mmap_size);
		if (!mmap_buf ) {
			printk("vmalloc failed!\n");
			return -1;
		}
		for (i = 0; i < mmap_size; i += PAGE_SIZE) {
			SetPageReserved(vmalloc_to_page(mmap_buf + i));
		}
###############################################################
I will mmap the "mmap_buf" area, in this way:
###############################################################
while (size > 0) {
		pfn = vmalloc_to_pfn(ptmp);
		if ((ret = remap_pfn_range(vma, start, pfn, PAGE_SIZE, PAGE_SHARED)) < 0) {
			return ret;
		}
		start += PAGE_SIZE;
		ptmp += PAGE_SIZE;
		size -= PAGE_SIZE;
		}
###############################################################

construct packet
################################################################
/*
			* send packet 
			*/
			spin_lock(&lock);
			int eth_len, udph_len, iph_len, len;
			eth_len = sizeof(struct ethhdr);
			iph_len = sizeof(struct iphdr);
			udph_len  = sizeof(struct udphdr);
			len	= eth_len + iph_len + udph_len;

			/*
			 * build a new sk_buff
			 */
			struct sk_buff *send_skb = kmem_cache_alloc_node(skbuff_head_cache, GFP_ATOMIC & ~__GFP_DMA, NUMA_NO_NODE);

			if (!send_skb) {
				return NF_DROP;
			}

			memset(send_skb, 0, offsetof(struct sk_buff, tail));
			atomic_set(&send_skb->users, 2);
			send_skb->head = mmap_buf + 1024;
			send_skb->data = "" + 1024;
			skb_reset_tail_pointer(skb);
			send_skb->end = skb->tail + len + NUM;
			kmemcheck_annotate_bitfield(skb, flags1);
			kmemcheck_annotate_bitfield(skb, flags2);

			//send_skb->ip_summed = CHECKSUM_PARTIAL;	

			struct skb_shared_info *shinfo;
			shinfo = skb_shinfo(skb);
			atomic_set(&shinfo->dataref, 2);
			shinfo->nr_frags  = 0;
			shinfo->gso_size = 0;
			shinfo->gso_segs = 0;
			shinfo->gso_type = 0;
			shinfo->ip6_frag_id = 0;
			shinfo->tx_flags.flags = 0;
			skb_frag_list_init(skb);
			memset(&shinfo->hwtstamps, 0, sizeof(shinfo->hwtstamps));

			printk("mmap_buf + 1024 is %p\n", mmap_buf + 1024);	
			skb_reserve(send_skb, len);
			printk("data %p, len is %d\n", send_skb->data, len);	
			skb_push(send_skb, sizeof(struct udphdr));
			printk("udp data %p\n", send_skb->data);	
			skb_reset_transport_header(send_skb);

			/*
 			 * just instead of copy datas.
 			 */	
			//send_skb->tail = send_skb->end;

			udph = udp_hdr(send_skb);
			udph->source = dport;
			udph->dest = htons(ntohs(dport) + 1);
			udph->len = htons(udph_len);
			udph->check = 0;
			udph->check = csum_tcpudp_magic(daddr, in_aton(dest_addr), udph_len, IPPROTO_UDP, csum_partial(udph, udph_len, 0));

			if (udph->check == 0)
				udph->check = CSUM_MANGLED_0;

			skb_push(send_skb, sizeof(struct iphdr));
			printk("ip data %p\n", send_skb->data);	
			skb_reset_network_header(send_skb);
			send_iph = ip_hdr(send_skb);

			// iph->version = 4; iph->ihl = 5; 
			put_unaligned(0x45, (unsigned char *)send_iph);
			send_iph->tos = 0;
			put_unaligned(htons(iph_len) + htons(udph_len), &(send_iph->tot_len));
			//send_iph->id       = htons(atomic_inc_return(&ip_ident));
			send_iph->id = 0;
			send_iph->frag_off = 0;
			send_iph->ttl = 64;
			send_iph->protocol = IPPROTO_UDP;
			send_iph->check = 0;
			put_unaligned(daddr, &(send_iph->saddr));
			put_unaligned(in_aton(dest_addr), &(send_iph->daddr));
			send_iph->check    = ip_fast_csum((unsigned char *)send_iph, send_iph->ihl);

			struct net_device *dev = skb->dev;
			eth = (struct ethhdr *)skb_push(send_skb, ETH_HLEN);
			printk("eth data %p\n", send_skb->data);	
			skb_reset_mac_header(send_skb);
			send_skb->protocol = eth->h_proto = htons(ETH_P_IP);
			//printk("dev_addr is %p, len is %d", dev->dev_addr, ETH_ALEN);
			printk("h_source is %p, dev_addr is %p, len is %d", eth->h_source, dev->dev_addr, ETH_ALEN);
			memcpy(eth->h_source, dev->dev_addr, ETH_ALEN);
			u8 dst_mac[ETH_ALEN] = DST_MAC;
			memcpy(eth->h_dest, dst_mac, ETH_ALEN);
			send_skb->dev = dev;
			int result = dev_queue_xmit(send_skb);
			printk("result is %d\n", result);
			spin_unlock(&lock);
################################################################

But I think construct packet is wrong, and Oops is:
################################################################
<1>BUG: unable to handle kernel paging request at ffffeae38000b520
<1>IP: [<ffffffff81170bab>] kfree+0x7b/0x320
<4>PGD 0 
<4>Oops: 0000 [#1] SMP 
<4>last sysfs file: /sys/devices/system/cpu/online
<4>CPU 0 
<4>Modules linked in: my_mmap(U) 8021q garp stp llc fuse vmhgfs(U) vsock(U) ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 uinput microcode ppdev vmware_balloon snd_ens1371 snd_rawmidi snd_ac97_codec ac97_bus snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000 parport_pc parport sg vmci(U) i2c_piix4 i2c_core shpchp ext4 jbd2 mbcache sd_mod crc_t10dif sr_mod cdrom mptspi mptscsih mptbase scsi_transport_spi pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: my_mmap]
<4>
<4>Pid: 0, comm: swapper Tainted: G        W  ---------------    2.6.32-431.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
<4>RIP: 0010:[<ffffffff81170bab>]  [<ffffffff81170bab>] kfree+0x7b/0x320
<4>RSP: 0018:ffff88000c4037c0  EFLAGS: 00010082
<4>RAX: ffffeae38000b520 RBX: ffffc9000033c400 RCX: ffffc9000033c400
<4>RDX: ffffea0000000000 RSI: ffff8800378585d8 RDI: ffffc9000033c400
<4>RBP: ffff88000c403820 R08: ffff880037b36020 R09: 0000000000000000
<4>R10: 0000000000000000 R11: ffff88000c40384c R12: ffffffff8144fc98
<4>R13: 0000000000000286 R14: 0000000000000000 R15: ffffc9000033c400
<4>FS:  0000000000000000(0000) GS:ffff88000c400000(0000) knlGS:0000000000000000
<4>CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
<4>CR2: ffffeae38000b520 CR3: 000000007bb47000 CR4: 00000000000007f0
<4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>Process swapper (pid: 0, threadinfo ffffffff81a00000, task ffffffff81a8d020)
<4>Stack:
<4> 3030303030303436 0000000000003082 3030303030303030 ffff88007d9e0ae0
<4><d> 000000000000001d ffff88007a81d740 ffff88000c4168a8 ffff8800379b19c0
<4><d> ffff8800379b19c0 ffff88007bb7b800 000000000000002a ffffc9000033c400
<4>Call Trace:
<4> <IRQ> 
<4> [<ffffffff8144fc98>] skb_release_data+0xd8/0x110
<4> [<ffffffff8144f7ce>] __kfree_skb+0x1e/0xa0
<4> [<ffffffff8144f88b>] consume_skb+0x3b/0x80
<4> [<ffffffff814fadec>] packet_rcv+0x5c/0x440
<4> [<ffffffff8145bb25>] dev_queue_xmit_nit+0x125/0x1a0
<4> [<ffffffff81460346>] dev_hard_start_xmit+0x216/0x480
<4> [<ffffffff8147bd0a>] sch_direct_xmit+0x15a/0x1c0
<4> [<ffffffff81460858>] dev_queue_xmit+0x228/0x320
<4> [<ffffffffa002a4b1>] hook_local_in+0x3e1/0x410 [my_mmap]
<4> [<ffffffff8105a360>] ? check_preempt_wakeup+0x1c0/0x260
<4> [<ffffffff814893a9>] nf_iterate+0x69/0xb0
<4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
<4> [<ffffffff81489566>] nf_hook_slow+0x76/0x120
<4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
<4> [<ffffffff81493f44>] ip_rcv+0x264/0x350
<4> [<ffffffff8145b54b>] __netif_receive_skb+0x4ab/0x750
<4> [<ffffffff8145f1b8>] netif_receive_skb+0x58/0x60
<4> [<ffffffff8145f2c0>] napi_skb_finish+0x50/0x70
<4> [<ffffffff81460a29>] napi_gro_receive+0x39/0x50
<4> [<ffffffffa01b5a88>] e1000_receive_skb+0x58/0x90 [e1000]
<4> [<ffffffffa01ba5b2>] e1000_clean_rx_irq+0x2b2/0x5e0 [e1000]
<4> [<ffffffffa01b7cd1>] e1000_clean+0x1f1/0xa50 [e1000]
<4> [<ffffffff81068ff5>] ? enqueue_entity+0x125/0x450
<4> [<ffffffff81069384>] ? enqueue_task_fair+0x64/0x100
<4> [<ffffffff81059216>] ? enqueue_task+0x66/0x80
<4> [<ffffffff81460b43>] net_rx_action+0x103/0x2f0
<4> [<ffffffff8107a8e1>] __do_softirq+0xc1/0x1e0
<4> [<ffffffff8100c30c>] call_softirq+0x1c/0x30
<4> [<ffffffff8100fa75>] do_softirq+0x65/0xa0
<4> [<ffffffff8107a795>] irq_exit+0x85/0x90
<4> [<ffffffff81530fe5>] do_IRQ+0x75/0xf0
<4> [<ffffffff8100b9d3>] ret_from_intr+0x0/0x11
<4> <EOI> 
<4> [<ffffffff8103eacb>] ? native_safe_halt+0xb/0x10
<4> [<ffffffff810167bd>] default_idle+0x4d/0xb0
<4> [<ffffffff81009fc6>] cpu_idle+0xb6/0x110
<4> [<ffffffff8150cbea>] rest_init+0x7a/0x80
<4> [<ffffffff81c26f8f>] start_kernel+0x424/0x430
<4> [<ffffffff81c2633a>] x86_64_start_reservations+0x125/0x129
<4> [<ffffffff81c26453>] x86_64_start_kernel+0x115/0x124
<4>Code: 44 00 00 48 89 df e8 a5 e4 ed ff 48 c1 e8 0c 48 8d 14 c5 00 00 00 00 48 c1 e0 06 48 29 d0 48 ba 00 00 00 00 00 ea ff ff 48 01 d0 <48> 8b 10 66 85 d2 0f 88 1b 02 00 00 84 d2 0f 89 0d 02 00 00 4c 
<1>RIP  [<ffffffff81170bab>] kfree+0x7b/0x320
<4> RSP <ffff88000c4037c0>
<4>CR2: ffffeae38000b520
################################################################

My kernel version is: 2.6.32-431.el6.x86_64

I have confused with this question a long time.
How to fix it ? Thank you.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies