Module Name: src
Committed By: jdolecek
Date: Fri Mar 27 16:34:58 UTC 2020
Modified Files:
src/sys/netinet: in_offload.c
Log Message:
fix in4_cksum() panic "in4_cksum: mbuf 14 too short for IP header 20"
triggered by bridge_output() when passing packet originally for
interface supporting hw csum offload to destination interface
not supporting it
problem happens because bridge_output() is called after ether_output()
M_PREPEND() the ether_header into the mbuf chain, if there is not
enough space on the first mbuf of the chain, it ends up prepending
a new short mbuf with just ether_header
triggered by running UDP (IPv4) 'netio -u' benchmark with packet size 2 KB
XXX seems in6_undefer_cksum() should have similar fix, however I was
XXX not able to trigger the problem there
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sys/netinet/in_offload.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/in_offload.c
diff -u src/sys/netinet/in_offload.c:1.13 src/sys/netinet/in_offload.c:1.14
--- src/sys/netinet/in_offload.c:1.13 Wed Dec 12 01:40:20 2018
+++ src/sys/netinet/in_offload.c Fri Mar 27 16:34:58 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: in_offload.c,v 1.13 2018/12/12 01:40:20 rin Exp $ */
+/* $NetBSD: in_offload.c,v 1.14 2020/03/27 16:34:58 jdolecek Exp $ */
/*
* Copyright (c)2005, 2006 YAMAMOTO Takashi,
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_offload.c,v 1.13 2018/12/12 01:40:20 rin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_offload.c,v 1.14 2020/03/27 16:34:58 jdolecek Exp $");
#include <sys/param.h>
#include <sys/mbuf.h>
@@ -197,15 +197,29 @@ ip_tso_output(struct ifnet *ifp, struct
* hardware offloading.
*/
void
-in_undefer_cksum(struct mbuf *m, size_t hdrlen, int csum_flags)
+in_undefer_cksum(struct mbuf *mh, size_t hdrlen, int csum_flags)
{
- const size_t iphdrlen = M_CSUM_DATA_IPv4_IPHL(m->m_pkthdr.csum_data);
+ const size_t iphdrlen = M_CSUM_DATA_IPv4_IPHL(mh->m_pkthdr.csum_data);
uint16_t csum;
uint16_t ip_len;
uint16_t *csump;
+ struct mbuf *m = mh;
- KASSERT(m->m_flags & M_PKTHDR);
- KASSERT((m->m_pkthdr.csum_flags & csum_flags) == csum_flags);
+ KASSERT(mh->m_flags & M_PKTHDR);
+ KASSERT(mh->m_pkthdr.len > hdrlen);
+ KASSERT((mh->m_pkthdr.csum_flags & csum_flags) == csum_flags);
+
+ /*
+ * Deal with prepended frame header as done by e.g. ether_output().
+ * If first mbuf in chain has just the header, use second mbuf
+ * for the actual checksum. in4_csum() expects the passed mbuf
+ * to have the whole (struct ip) area contiguous.
+ */
+ if (m->m_len <= hdrlen) {
+ hdrlen -= m->m_len;
+ m = m->m_next;
+ KASSERT(m != NULL);
+ }
if (__predict_true(hdrlen + sizeof(struct ip) <= m->m_len)) {
struct ip *ip = (struct ip *)(mtod(m, uint8_t *) + hdrlen);
@@ -249,7 +263,7 @@ in_undefer_cksum(struct mbuf *m, size_t
}
}
- m->m_pkthdr.csum_flags ^= csum_flags;
+ mh->m_pkthdr.csum_flags ^= csum_flags;
}
/*
