hi Question about construct the sk_buff

lx lxlenovostar at gmail.com
Thu Sep 25 05:58:03 EDT 2014


hi all:
      I have a mmap memory area, so I don't want to use alloc_skb(). I use
this way:
1. use kmem_cache_alloc_node() for sk_buff struct.
2. the mmap memory area of "mmap_buf" for data area of packet.


the codes is:

alloc data memory area:
###############################################################
mmap_buf  = vmalloc(mmap_size);
printk("vmalloc mmap_buf=%p  mmap_size=%ld\n", (void *)mmap_buf, mmap_size);
if (!mmap_buf ) {
printk("vmalloc failed!\n");
return -1;
}
for (i = 0; i < mmap_size; i += PAGE_SIZE) {
SetPageReserved(vmalloc_to_page(mmap_buf + i));
}
###############################################################
I will mmap the "mmap_buf" area, in this way:
###############################################################
while (size > 0) {
pfn = vmalloc_to_pfn(ptmp);
if ((ret = remap_pfn_range(vma, start, pfn, PAGE_SIZE, PAGE_SHARED)) < 0) {
return ret;
}
start += PAGE_SIZE;
ptmp += PAGE_SIZE;
size -= PAGE_SIZE;
}
###############################################################

construct packet
################################################################
/*
* send packet
*/
spin_lock(&lock);
int eth_len, udph_len, iph_len, len;
eth_len = sizeof(struct ethhdr);
iph_len = sizeof(struct iphdr);
udph_len  = sizeof(struct udphdr);
len = eth_len + iph_len + udph_len;
 /*
 * build a new sk_buff
 */
struct sk_buff *send_skb = kmem_cache_alloc_node(skbuff_head_cache,
GFP_ATOMIC & ~__GFP_DMA, NUMA_NO_NODE);
 if (!send_skb) {
return NF_DROP;
}
 memset(send_skb, 0, offsetof(struct sk_buff, tail));
atomic_set(&send_skb->users, 2);
send_skb->head = mmap_buf + 1024;
send_skb->data = mmap_buf + 1024;
skb_reset_tail_pointer(skb);
send_skb->end = skb->tail + len + NUM;
kmemcheck_annotate_bitfield(skb, flags1);
kmemcheck_annotate_bitfield(skb, flags2);

//send_skb->ip_summed = CHECKSUM_PARTIAL;
 struct skb_shared_info *shinfo;
shinfo = skb_shinfo(skb);
atomic_set(&shinfo->dataref, 2);
shinfo->nr_frags  = 0;
shinfo->gso_size = 0;
shinfo->gso_segs = 0;
shinfo->gso_type = 0;
shinfo->ip6_frag_id = 0;
shinfo->tx_flags.flags = 0;
skb_frag_list_init(skb);
memset(&shinfo->hwtstamps, 0, sizeof(shinfo->hwtstamps));

printk("mmap_buf + 1024 is %p\n", mmap_buf + 1024);
skb_reserve(send_skb, len);
printk("data %p, len is %d\n", send_skb->data, len);
skb_push(send_skb, sizeof(struct udphdr));
printk("udp data %p\n", send_skb->data);
skb_reset_transport_header(send_skb);
 /*
  * just instead of copy datas.
  */
//send_skb->tail = send_skb->end;
 udph = udp_hdr(send_skb);
udph->source = dport;
udph->dest = htons(ntohs(dport) + 1);
udph->len = htons(udph_len);
udph->check = 0;
udph->check = csum_tcpudp_magic(daddr, in_aton(dest_addr), udph_len,
IPPROTO_UDP, csum_partial(udph, udph_len, 0));
 if (udph->check == 0)
udph->check = CSUM_MANGLED_0;

skb_push(send_skb, sizeof(struct iphdr));
printk("ip data %p\n", send_skb->data);
skb_reset_network_header(send_skb);
send_iph = ip_hdr(send_skb);

// iph->version = 4; iph->ihl = 5;
put_unaligned(0x45, (unsigned char *)send_iph);
send_iph->tos = 0;
put_unaligned(htons(iph_len) + htons(udph_len), &(send_iph->tot_len));
//send_iph->id       = htons(atomic_inc_return(&ip_ident));
send_iph->id = 0;
send_iph->frag_off = 0;
send_iph->ttl = 64;
send_iph->protocol = IPPROTO_UDP;
send_iph->check = 0;
put_unaligned(daddr, &(send_iph->saddr));
put_unaligned(in_aton(dest_addr), &(send_iph->daddr));
send_iph->check    = ip_fast_csum((unsigned char *)send_iph, send_iph->ihl);

struct net_device *dev = skb->dev;
eth = (struct ethhdr *)skb_push(send_skb, ETH_HLEN);
printk("eth data %p\n", send_skb->data);
skb_reset_mac_header(send_skb);
send_skb->protocol = eth->h_proto = htons(ETH_P_IP);
//printk("dev_addr is %p, len is %d", dev->dev_addr, ETH_ALEN);
printk("h_source is %p, dev_addr is %p, len is %d", eth->h_source,
dev->dev_addr, ETH_ALEN);
memcpy(eth->h_source, dev->dev_addr, ETH_ALEN);
u8 dst_mac[ETH_ALEN] = DST_MAC;
memcpy(eth->h_dest, dst_mac, ETH_ALEN);
send_skb->dev = dev;
int result = dev_queue_xmit(send_skb);
printk("result is %d\n", result);
spin_unlock(&lock);
################################################################

But I think construct packet is wrong, and Oops is:
################################################################
<1>BUG: unable to handle kernel paging request at ffffeae38000b520
<1>IP: [<ffffffff81170bab>] kfree+0x7b/0x320
<4>PGD 0
<4>Oops: 0000 [#1] SMP
<4>last sysfs file: /sys/devices/system/cpu/online
<4>CPU 0
<4>Modules linked in: my_mmap(U) 8021q garp stp llc fuse vmhgfs(U) vsock(U)
ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack
ip6table_filter ip6_tables ipv6 uinput microcode ppdev vmware_balloon
snd_ens1371 snd_rawmidi snd_ac97_codec ac97_bus snd_seq snd_seq_device
snd_pcm snd_timer snd soundcore snd_page_alloc e1000 parport_pc parport sg
vmci(U) i2c_piix4 i2c_core shpchp ext4 jbd2 mbcache sd_mod crc_t10dif
sr_mod cdrom mptspi mptscsih mptbase scsi_transport_spi pata_acpi
ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded:
my_mmap]
<4>
<4>Pid: 0, comm: swapper Tainted: G        W  ---------------
 2.6.32-431.el6.x86_64 #1 VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform
<4>RIP: 0010:[<ffffffff81170bab>]  [<ffffffff81170bab>] kfree+0x7b/0x320
<4>RSP: 0018:ffff88000c4037c0  EFLAGS: 00010082
<4>RAX: ffffeae38000b520 RBX: ffffc9000033c400 RCX: ffffc9000033c400
<4>RDX: ffffea0000000000 RSI: ffff8800378585d8 RDI: ffffc9000033c400
<4>RBP: ffff88000c403820 R08: ffff880037b36020 R09: 0000000000000000
<4>R10: 0000000000000000 R11: ffff88000c40384c R12: ffffffff8144fc98
<4>R13: 0000000000000286 R14: 0000000000000000 R15: ffffc9000033c400
<4>FS:  0000000000000000(0000) GS:ffff88000c400000(0000)
knlGS:0000000000000000
<4>CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
<4>CR2: ffffeae38000b520 CR3: 000000007bb47000 CR4: 00000000000007f0
<4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>Process swapper (pid: 0, threadinfo ffffffff81a00000, task
ffffffff81a8d020)
<4>Stack:
<4> 3030303030303436 0000000000003082 3030303030303030 ffff88007d9e0ae0
<4><d> 000000000000001d ffff88007a81d740 ffff88000c4168a8 ffff8800379b19c0
<4><d> ffff8800379b19c0 ffff88007bb7b800 000000000000002a ffffc9000033c400
<4>Call Trace:
<4> <IRQ>
<4> [<ffffffff8144fc98>] skb_release_data+0xd8/0x110
<4> [<ffffffff8144f7ce>] __kfree_skb+0x1e/0xa0
<4> [<ffffffff8144f88b>] consume_skb+0x3b/0x80
<4> [<ffffffff814fadec>] packet_rcv+0x5c/0x440
<4> [<ffffffff8145bb25>] dev_queue_xmit_nit+0x125/0x1a0
<4> [<ffffffff81460346>] dev_hard_start_xmit+0x216/0x480
<4> [<ffffffff8147bd0a>] sch_direct_xmit+0x15a/0x1c0
<4> [<ffffffff81460858>] dev_queue_xmit+0x228/0x320
<4> [<ffffffffa002a4b1>] hook_local_in+0x3e1/0x410 [my_mmap]
<4> [<ffffffff8105a360>] ? check_preempt_wakeup+0x1c0/0x260
<4> [<ffffffff814893a9>] nf_iterate+0x69/0xb0
<4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
<4> [<ffffffff81489566>] nf_hook_slow+0x76/0x120
<4> [<ffffffff814938a0>] ? ip_rcv_finish+0x0/0x440
<4> [<ffffffff81493f44>] ip_rcv+0x264/0x350
<4> [<ffffffff8145b54b>] __netif_receive_skb+0x4ab/0x750
<4> [<ffffffff8145f1b8>] netif_receive_skb+0x58/0x60
<4> [<ffffffff8145f2c0>] napi_skb_finish+0x50/0x70
<4> [<ffffffff81460a29>] napi_gro_receive+0x39/0x50
<4> [<ffffffffa01b5a88>] e1000_receive_skb+0x58/0x90 [e1000]
<4> [<ffffffffa01ba5b2>] e1000_clean_rx_irq+0x2b2/0x5e0 [e1000]
<4> [<ffffffffa01b7cd1>] e1000_clean+0x1f1/0xa50 [e1000]
<4> [<ffffffff81068ff5>] ? enqueue_entity+0x125/0x450
<4> [<ffffffff81069384>] ? enqueue_task_fair+0x64/0x100
<4> [<ffffffff81059216>] ? enqueue_task+0x66/0x80
<4> [<ffffffff81460b43>] net_rx_action+0x103/0x2f0
<4> [<ffffffff8107a8e1>] __do_softirq+0xc1/0x1e0
<4> [<ffffffff8100c30c>] call_softirq+0x1c/0x30
<4> [<ffffffff8100fa75>] do_softirq+0x65/0xa0
<4> [<ffffffff8107a795>] irq_exit+0x85/0x90
<4> [<ffffffff81530fe5>] do_IRQ+0x75/0xf0
<4> [<ffffffff8100b9d3>] ret_from_intr+0x0/0x11
<4> <EOI>
<4> [<ffffffff8103eacb>] ? native_safe_halt+0xb/0x10
<4> [<ffffffff810167bd>] default_idle+0x4d/0xb0
<4> [<ffffffff81009fc6>] cpu_idle+0xb6/0x110
<4> [<ffffffff8150cbea>] rest_init+0x7a/0x80
<4> [<ffffffff81c26f8f>] start_kernel+0x424/0x430
<4> [<ffffffff81c2633a>] x86_64_start_reservations+0x125/0x129
<4> [<ffffffff81c26453>] x86_64_start_kernel+0x115/0x124
<4>Code: 44 00 00 48 89 df e8 a5 e4 ed ff 48 c1 e8 0c 48 8d 14 c5 00 00 00
00 48 c1 e0 06 48 29 d0 48 ba 00 00 00 00 00 ea ff ff 48 01 d0 <48> 8b 10
66 85 d2 0f 88 1b 02 00 00 84 d2 0f 89 0d 02 00 00 4c
<1>RIP  [<ffffffff81170bab>] kfree+0x7b/0x320
<4> RSP <ffff88000c4037c0>
<4>CR2: ffffeae38000b520
################################################################

My kernel version is: 2.6.32-431.el6.x86_64

I have confused with this question a long time.
How to fix it ? Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140925/f57388f5/attachment-0001.html 


More information about the Kernelnewbies mailing list