Bug 511393 - IPsec causes skb truesize errors
IPsec causes skb truesize errors
Status: CLOSED DUPLICATE of bug 474883
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.3
All Linux
low Severity medium
: rc
: ---
Assigned To: Herbert Xu
Red Hat Kernel QE team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-14 18:12 EDT by Paul Moore
Modified: 2009-08-10 13:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-06 09:42:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
net: Kill skb_truesize_check(), it only catches false-positives (2.76 KB, patch)
2009-08-05 23:09 EDT, Herbert Xu
no flags Details | Diff

  None (edit)
Description Paul Moore 2009-07-14 18:12:00 EDT
Description of problem:
When IPsec/ESP is in use the kernel emits a number of skb truesize error messages.

Version-Release number of selected component (if applicable):
openswan-2.6.14-1.el5_2.1
kernel-2.6.18-128.el5

How reproducible:
Randomly frequent

Steps to Reproduce:
1. Establish a ESP connection with a remote host
2.
3.
  
Actual results:

Messages on the console similar to the following ...

      "SKB BUG: Invalid truesize (368) len=130, sizeof(sk_buff)=240"
      "SKB BUG: Invalid truesize (368) len=138, sizeof(sk_buff)=240"

Expected results:
No messages.

Additional info:

IPsec configuration files ...

[root@gtp126183 ipsec.d]# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

include /etc/ipsec.d/*.conf

[root@gtp126183 ipsec.d]# ls
policies/  unh-iol.conf  unh-iol.secrets
[root@gtp126183 ipsec.d]# cat unh-iol.conf
###
# UNH IOL USGv6 test event
#

conn trans-esp-1
        type=transport
        auto=add
        left=3000::21a:4bff:feeb:fce4
        right=3001::215:c5ff:fe5c:d24a
        ike=3des-sha1-modp1024
        pfs=no
        authby=secret
        phase2=esp
        phase2alg=3des-sha1


[root@gtp126183 ipsec.d]# cat unh-iol.secrets
###
# UNH IOL USGv6 test event
#

3000::21a:4bff:feeb:fce4 3001::215:c5ff:fe5c:d24a : PSK "test"
Comment 1 Herbert Xu 2009-08-05 23:09:43 EDT
Created attachment 356456 [details]
net: Kill skb_truesize_check(), it only catches false-positives

net: Kill skb_truesize_check(), it only catches false-positives.
    
A long time ago we had bugs, primarily in TCP, where we would modify
skb->truesize (for TSO queue collapsing) in ways which would corrupt
the socket memory accounting.
    
skb_truesize_check() was added in order to try and catch this error
more systematically.
    
However this debugging check has morphed into a Frankenstein of sorts
and these days it does nothing other than catch false-positives.
    
Signed-off-by: David S. Miller <davem@davemloft.net>
Comment 2 Herbert Xu 2009-08-06 09:42:39 EDT
Actually this is already fixed as per 474883.

*** This bug has been marked as a duplicate of bug 474883 ***
Comment 3 Paul Moore 2009-08-06 10:27:53 EDT
Thanks Herbert, I remembered the patch from netdev and was hoping this BZ would get it backported to RHEL5.x.  Unfortunately I don't have permission to view BZ 474883, when did the fix make it into the RHEL5 kernel stream (which kernel revision first had the fix)?
Comment 4 Herbert Xu 2009-08-06 10:41:20 EDT
I don't know the exact version where it made it in but 155 definitely has it.
Comment 5 Paul Moore 2009-08-06 11:16:34 EDT
Okay, we were testing RHEL5.3 GA which ships with 2.6.18-128.el5; I assume RHEL5.4 will have the fix?
Comment 6 Herbert Xu 2009-08-06 20:23:28 EDT
Yes I'm fairly certain it made it.
Comment 7 Paul Moore 2009-08-07 08:04:46 EDT
Great, thank you.

Note You need to log in before you can comment on or make changes to this bug.