From: Jakub Kicinski <kuba@kernel.org>
To: Stefan Wahren <wahrenst@gmx.net>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Lino Sanfilippo <LinoSanfilippo@gmx.de>,
Florian Fainelli <f.fainelli@gmail.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2 1/3] qca_debug: Prevent crash on TX ring changes
Date: Fri, 1 Dec 2023 20:47:14 -0800 [thread overview]
Message-ID: <20231201204714.21f7124c@kernel.org> (raw)
In-Reply-To: <20231129095241.31302-2-wahrenst@gmx.net>
On Wed, 29 Nov 2023 10:52:39 +0100 Stefan Wahren wrote:
> The qca_spi driver stop and restart the SPI kernel thread
> (via ndo_stop & ndo_open) in case of TX ring changes. This is
> a big issue because it allows userspace to prevent restart of
> the SPI kernel thread (via signals). A subsequent change of
> TX ring wrongly assume a valid spi_thread pointer which result
> in a crash.
>
> So prevent this by stopping the network queue and temporary park
> the SPI thread. Because this could happen during transmission
> we also need to call qcaspi_flush_tx_ring().
>
> Fixes: 291ab06ecf67 ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
> Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Still looks a bit racy.
> diff --git a/drivers/net/ethernet/qualcomm/qca_debug.c b/drivers/net/ethernet/qualcomm/qca_debug.c
> index 6f2fa2a42770..9777dbb17ac2 100644
> --- a/drivers/net/ethernet/qualcomm/qca_debug.c
> +++ b/drivers/net/ethernet/qualcomm/qca_debug.c
> @@ -263,22 +263,29 @@ qcaspi_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ring,
> struct kernel_ethtool_ringparam *kernel_ring,
> struct netlink_ext_ack *extack)
> {
> - const struct net_device_ops *ops = dev->netdev_ops;
> struct qcaspi *qca = netdev_priv(dev);
> + bool queue_active = !netif_queue_stopped(dev);
nothing prevents stopped -> running or running -> stopped
transitions at this point, so this check can be meaningful
> if ((ring->rx_pending) ||
> (ring->rx_mini_pending) ||
> (ring->rx_jumbo_pending))
> return -EINVAL;
>
> - if (netif_running(dev))
> - ops->ndo_stop(dev);
> + if (queue_active)
> + netif_stop_queue(dev);
This doesn't wait for xmit to finish, it just sets a bit.
You probably want something like netif_tx_disable().
Also - the thread may still be running and wake the queue up right after
we stop it.
--
pw-bot: cr
next prev parent reply other threads:[~2023-12-02 4:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 9:52 [PATCH V2 0/3] qca_spi: collection of major fixes Stefan Wahren
2023-11-29 9:52 ` [PATCH V2 1/3] qca_debug: Prevent crash on TX ring changes Stefan Wahren
2023-12-02 4:47 ` Jakub Kicinski [this message]
2023-11-29 9:52 ` [PATCH V2 2/3] qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren
2023-11-29 9:52 ` [PATCH V2 3/3] qca_spi: Fix reset behavior Stefan Wahren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231201204714.21f7124c@kernel.org \
--to=kuba@kernel.org \
--cc=LinoSanfilippo@gmx.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wahrenst@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.