Description of problem: When IPsec/ESP is in use the kernel emits a number of skb truesize error messages. Version-Release number of selected component (if applicable): openswan-2.6.14-1.el5_2.1 kernel-2.6.18-128.el5 How reproducible: Randomly frequent Steps to Reproduce: 1. Establish a ESP connection with a remote host 2. 3. Actual results: Messages on the console similar to the following ... "SKB BUG: Invalid truesize (368) len=130, sizeof(sk_buff)=240" "SKB BUG: Invalid truesize (368) len=138, sizeof(sk_buff)=240" Expected results: No messages. Additional info: IPsec configuration files ... [root@gtp126183 ipsec.d]# cat /etc/ipsec.conf # /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes include /etc/ipsec.d/*.conf [root@gtp126183 ipsec.d]# ls policies/ unh-iol.conf unh-iol.secrets [root@gtp126183 ipsec.d]# cat unh-iol.conf ### # UNH IOL USGv6 test event # conn trans-esp-1 type=transport auto=add left=3000::21a:4bff:feeb:fce4 right=3001::215:c5ff:fe5c:d24a ike=3des-sha1-modp1024 pfs=no authby=secret phase2=esp phase2alg=3des-sha1 [root@gtp126183 ipsec.d]# cat unh-iol.secrets ### # UNH IOL USGv6 test event # 3000::21a:4bff:feeb:fce4 3001::215:c5ff:fe5c:d24a : PSK "test"
Created attachment 356456 [details] net: Kill skb_truesize_check(), it only catches false-positives net: Kill skb_truesize_check(), it only catches false-positives. A long time ago we had bugs, primarily in TCP, where we would modify skb->truesize (for TSO queue collapsing) in ways which would corrupt the socket memory accounting. skb_truesize_check() was added in order to try and catch this error more systematically. However this debugging check has morphed into a Frankenstein of sorts and these days it does nothing other than catch false-positives. Signed-off-by: David S. Miller <davem>
Actually this is already fixed as per 474883. *** This bug has been marked as a duplicate of bug 474883 ***
Thanks Herbert, I remembered the patch from netdev and was hoping this BZ would get it backported to RHEL5.x. Unfortunately I don't have permission to view BZ 474883, when did the fix make it into the RHEL5 kernel stream (which kernel revision first had the fix)?
I don't know the exact version where it made it in but 155 definitely has it.
Okay, we were testing RHEL5.3 GA which ships with 2.6.18-128.el5; I assume RHEL5.4 will have the fix?
Yes I'm fairly certain it made it.
Great, thank you.