android_kernel_xiaomi_sm8350/net/core
Shyam Iyer 71b3346d18 net: Fix OOPS in skb_seq_read().
It oopsd for me in skb_seq_read. addr2line said it was
linux-2.6/net/core/skbuff.c:2228, which is this line:


	while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {


I added some printks in there and it looks like we hit this:

        } else if (st->root_skb == st->cur_skb &&
                   skb_shinfo(st->root_skb)->frag_list) {
                 st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
                 st->frag_idx = 0;
                 goto next_skb;
        }



Actually I did some testing and added a few printks and found that the
st->cur_skb->data was 0 and hence the ptr used by iscsi_tcp was null.
This caused the kernel panic.

 	if (abs_offset < block_limit) {
-		*data = st->cur_skb->data + abs_offset;
+		*data = st->cur_skb->data + (abs_offset - st->stepped_offset);

I enabled the debug_tcp and with a few printks found that the code did
not go to the next_skb label and could find that the sequence being
followed was this -

It hit this if condition -

        if (st->cur_skb->next) {
                st->cur_skb = st->cur_skb->next;
                st->frag_idx = 0;
                goto next_skb;

And so, now the st pointer is shifted to the next skb whereas actually
it should have hit the second else if first since the data is in the
frag_list.

        else if (st->root_skb == st->cur_skb &&
                 skb_shinfo(st->root_skb)->frag_list) {
                st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
                goto next_skb;
        }

Reversing the two conditions the attached patch fixes the issue for me
on top of Herbert's patches. 

Signed-off-by: Shyam Iyer <shyam_iyer@dell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-29 16:12:42 -08:00
..
datagram.c
dev_mcast.c
dev.c gro: Fix error handling on extremely short frags 2009-01-20 14:44:02 -08:00
dst.c
ethtool.c ethtool: Add GGRO and SGRO ops 2008-12-15 23:44:31 -08:00
fib_rules.c
filter.c
flow.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
gen_estimator.c pkt_sched: gen_estimator: Optimize gen_estimator_active() 2008-11-26 15:24:32 -08:00
gen_stats.c
iovec.c
kmap_skb.h
link_watch.c Revert "net: Fix for initial link state in 2.6.28" 2009-01-05 16:01:51 -08:00
Makefile
neighbour.c cpumask: prepare for iterators to only go to nr_cpu_ids/nr_cpumask_bits: net 2008-12-29 22:44:47 -08:00
net_namespace.c NET: net_namespace, fix lock imbalance 2009-01-20 14:39:31 -08:00
net-sysfs.c netns: filter out uevent not belonging to init_net 2008-11-25 16:46:37 -08:00
net-sysfs.h
netevent.c
netpoll.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-12-15 20:03:50 -08:00
pktgen.c netns xfrm: finding states in netns 2008-11-25 17:31:51 -08:00
request_sock.c
rtnetlink.c
scm.c
skb_dma_map.c
skbuff.c net: Fix OOPS in skb_seq_read(). 2009-01-29 16:12:42 -08:00
sock.c Revert "net: release skb->dst in sock_queue_rcv_skb()" 2008-12-17 22:11:38 -08:00
stream.c
sysctl_net_core.c netns xfrm: per-netns sysctls 2008-11-25 18:00:48 -08:00
user_dma.c
utils.c