From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yasushi SHOJI Date: Mon, 26 Oct 2015 22:52:11 +0000 Subject: Re: [PATCH RFT v2] sh_eth: fix kernel oops in skb_put() Message-Id: <87pp01jl9g.wl@dns1.atmark-techno.com> List-Id: References: <2611049.bTOQ0T0Nsl@wasted.cogentembedded.com> In-Reply-To: <2611049.bTOQ0T0Nsl@wasted.cogentembedded.com> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1254" Content-Transfer-Encoding: base64 To: sergei.shtylyov@cogentembedded.com Cc: netdev@vger.kernel.org, linux-sh@vger.kernel.org SGkgU2VyZ2VpLAoKVGhhbmsgeW91IGZvciB5b3VyIHBhdGNoIQoKT24gU3VuLCAyNSBPY3QgMjAx NSAwNzo0MjozMyArMDkwMCwKU2VyZ2VpIFNodHlseW92IHdyb3RlOgo+IAo+IEluIGEgbG93IG1l bW9yeSBzaXR1YXRpb24gdGhlIGZvbGxvd2luZyBrZXJuZWwgb29wcyBvY2N1cnM6Cj4gCj4gVW5h YmxlIHRvIGhhbmRsZSBrZXJuZWwgTlVMTCBwb2ludGVyIGRlcmVmZXJlbmNlIGF0IHZpcnR1YWwg YWRkcmVzcyAwMDAwMDA1MAo+IHBnZCA9IDg0OTBjMDAwCj4gWzAwMDAwMDUwXSAqcGdkRjUxZTgz MSwgKnB0ZQAwMDAwMDAsICpwcHRlADAwMDAwMAo+IEludGVybmFsIGVycm9yOiBPb3BzOiAxNyBb IzFdIFBSRUVNUFQgQVJNCj4gTW9kdWxlcyBsaW5rZWQgaW46Cj4gQ1BVOiAwICAgIE5vdCB0YWlu dGVkICAoMy40LWF0MTYgIzkpCj4gUEMgaXMgYXQgc2tiX3B1dCsweDEwLzB4OTgKPiBMUiBpcyBh dCBzaF9ldGhfcG9sbCsweDJjOC8weGExMAo+IHBjIDogWzw4MDM1Zjc4MD5dICAgIGxyIDogWzw4 MDI4YmY1MD5dICAgIHBzcjogNjAwMDAxMTMKPiBzcCA6IDg0ZWIxYTkwICBpcCA6IDg0ZWIxYWM4 ICBmcCA6IDg0ZWIxYWM0Cj4gcjEwOiAwMDAwMDAzZiAgcjkgOiAwMDAwMDVlYSAgcjggOiAwMDAw MDAwMAo+IHI3IDogMDAwMDAwMDAgIHI2IDogOTQwNDUzYjAgIHI1IDogMDAwMzAwMDAgIHI0IDog OTM4MWIxODAKPiByMyA6IDAwMDAwMDAwICByMiA6IDAwMDAwMDAwICByMSA6IDAwMDAwNWVhICBy MCA6IDAwMDAwMDAwCj4gRmxhZ3M6IG5aQ3YgIElSUXMgb24gIEZJUXMgb24gIE1vZGUgU1ZDXzMy ICBJU0EgQVJNICBTZWdtZW50IHVzZXIKPiBDb250cm9sOiAxMGM1M2M3ZCAgVGFibGU6IDQyNDhj MDU5ICBEQUM6IDAwMDAwMDE1Cj4gUHJvY2VzcyBrbG9nZCAocGlkOiAyMDQ2LCBzdGFjayBsaW1p dCA9IDB4ODRlYjAyZTgpCj4gWy4uLl0KPiAKPiBUaGlzIGlzIGJlY2F1c2UgbmV0ZGV2X2FsbG9j X3NrYigpIGZhaWxzIGFuZCAnbWRwLT5yeF9za2J1ZmZbZW50cnldJyBpcyBsZWZ0Cj4gTlVMTCBi dXQgc2hfZXRoX3J4KCkgbGF0ZXIgdXNlcyBpdCB3aXRob3V0IGNoZWNraW5nLiBBZGQgc3VjaCBj aGVjay4uLgo+IAo+IFJlcG9ydGVkLWJ5OiBZYXN1c2hpIFNIT0pJIDx5YXNoaUBhdG1hcmstdGVj aG5vLmNvbT4KPiBTaWduZWQtb2ZmLWJ5OiBTZXJnZWkgU2h0eWx5b3YgPHNlcmdlaS5zaHR5bHlv dkBjb2dlbnRlbWJlZGRlZC5jb20+Cj4gCj4gLS0tCj4gVGhpcyBwYXRjaCBpcyBhZ2FpbnN0IERh dmVNJ3MgJ25ldC5naXQnIHJlcG8uCj4gCj4gIGRyaXZlcnMvbmV0L2V0aGVybmV0L3JlbmVzYXMv c2hfZXRoLmMgfCAgICA0ICsrLS0KPiAgMSBmaWxlIGNoYW5nZWQsIDIgaW5zZXJ0aW9ucygrKSwg MiBkZWxldGlvbnMoLSkKPiAKPiBJbmRleDogbmV0L2RyaXZlcnMvbmV0L2V0aGVybmV0L3JlbmVz YXMvc2hfZXRoLmMKPiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0+IC0tLSBuZXQu b3JpZy9kcml2ZXJzL25ldC9ldGhlcm5ldC9yZW5lc2FzL3NoX2V0aC5jCj4gKysrIG5ldC9kcml2 ZXJzL25ldC9ldGhlcm5ldC9yZW5lc2FzL3NoX2V0aC5jCj4gQEAgLTE0ODEsNiArMTQ4MSw3IEBA IHN0YXRpYyBpbnQgc2hfZXRoX3J4KHN0cnVjdCBuZXRfZGV2aWNlICoKPiAgCQlpZiAobWRwLT5j ZC0+c2hpZnRfcmQwKQo+ICAJCQlkZXNjX3N0YXR1cyA+Pj0gMTY7Cj4gIAo+ICsJCXNrYiA9IG1k cC0+cnhfc2tidWZmW2VudHJ5XTsKPiAgCQlpZiAoZGVzY19zdGF0dXMgJiAoUkRfUkZTMSB8IFJE X1JGUzIgfCBSRF9SRlMzIHwgUkRfUkZTNCB8Cj4gIAkJCQkgICBSRF9SRlM1IHwgUkRfUkZTNiB8 IFJEX1JGUzEwKSkgewo+ICAJCQluZGV2LT5zdGF0cy5yeF9lcnJvcnMrKzsKPiBAQCAtMTQ5Niwx MiArMTQ5NywxMSBAQCBzdGF0aWMgaW50IHNoX2V0aF9yeChzdHJ1Y3QgbmV0X2RldmljZSAqCj4g IAkJCQluZGV2LT5zdGF0cy5yeF9taXNzZWRfZXJyb3JzKys7Cj4gIAkJCWlmIChkZXNjX3N0YXR1 cyAmIFJEX1JGUzEwKQo+ICAJCQkJbmRldi0+c3RhdHMucnhfb3Zlcl9lcnJvcnMrKzsKPiAtCQl9 IGVsc2Ugewo+ICsJCX0gZWxzZQlpZiAoc2tiKSB7Cj4gIAkJCWlmICghbWRwLT5jZC0+aHdfc3dh cCkKPiAgCQkJCXNoX2V0aF9zb2Z0X3N3YXAoCj4gIAkJCQkJcGh5c190b192aXJ0KEFMSUdOKHJ4 ZGVzYy0+YWRkciwgNCkpLAo+ICAJCQkJCXBrdF9sZW4gKyAyKTsKPiAtCQkJc2tiID0gbWRwLT5y eF9za2J1ZmZbZW50cnldOwo+ICAJCQltZHAtPnJ4X3NrYnVmZltlbnRyeV0gPSBOVUxMOwo+ICAJ CQlpZiAobWRwLT5jZC0+cnBhZGlyKQo+ICAJCQkJc2tiX3Jlc2VydmUoc2tiLCBORVRfSVBfQUxJ R04pOwo+IAoKVGhpcyBjZXJ0YWlubHkgcHJldmVudHMgZnJvbSBhIGJhZCBhY2Nlc3MsIGhvd2V2 ZXIsIHNvbWUgb2RkIHRoaW5nIGlzCmdvaW5nIG9uLiAgT25jZSBJIGhpdCBhIGxvdyBtZW1vcnkg c2l0dWF0aW9uIHdpdGggdGhpcyBwYXRjaCwgbmV0d29yawp0aG9yb3VnaC1wdXQgYW5kIHJlc3Bv bnNlIGlzIHZlcnkgYmFkLgoKdGVsbmV0LCBwaW5nLCB3Z2V0IHRha2VzIGxvb25nIHRpbWUuCgpQ SU5HIDE3Mi4xNi4yLjEzICgxNzIuMTYuMi4xMykgNTYoODQpIGJ5dGVzIG9mIGRhdGEuCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxPTUgdHRsZCB0aW1lPTAuMjIzIG1zCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxPTYgdHRsZCB0aW1lPTAuMTk1IG1zCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxPTcgdHRsZCB0aW1lPTAuMjAzIG1zCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxPTggdHRsZCB0aW1lPTAuMjE5IG1zCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxPTkgdHRsZCB0aW1lPTAuMTY1IG1zCjY0IGJ5 dGVzIGZyb20gMTcyLjE2LjIuMTM6IGljbXBfc2VxECB0dGxkIHRpbWU9MC4xNzEgbXMKNjQgYnl0 ZXMgZnJvbSAxNzIuMTYuMi4xMzogaWNtcF9zZXE9MSB0dGxkIHRpbWWQMjMgbXMKNjQgYnl0ZXMg ZnJvbSAxNzIuMTYuMi4xMzogaWNtcF9zZXE9MiB0dGxkIHRpbWWAMjIgbXMKNjQgYnl0ZXMgZnJv bSAxNzIuMTYuMi4xMzogaWNtcF9zZXE9MyB0dGxkIHRpbWVwMTQgbXMKNjQgYnl0ZXMgZnJvbSAx NzIuMTYuMi4xMzogaWNtcF9zZXE9NCB0dGxkIHRpbWVgMDYgbXMKCkknbGwgaW52ZXN0aWdhdGUg aXQuCi0tIAogICAgICAgICAgICAgIHlhc2hpCi0tClRvIHVuc3Vic2NyaWJlIGZyb20gdGhpcyBs aXN0OiBzZW5kIHRoZSBsaW5lICJ1bnN1YnNjcmliZSBsaW51eC1zaCIgaW4KdGhlIGJvZHkgb2Yg YSBtZXNzYWdlIHRvIG1ham9yZG9tb0B2Z2VyLmtlcm5lbC5vcmcKTW9yZSBtYWpvcmRvbW8gaW5m byBhdCAgaHR0cDovL3ZnZXIua2VybmVsLm9yZy9tYWpvcmRvbW8taW5mby5odG1s From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yasushi SHOJI Subject: Re: [PATCH RFT v2] sh_eth: fix kernel oops in skb_put() Date: Tue, 27 Oct 2015 07:52:11 +0900 Message-ID: <87pp01jl9g.wl@dns1.atmark-techno.com> References: <2611049.bTOQ0T0Nsl@wasted.cogentembedded.com> Mime-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Cc: netdev@vger.kernel.org, linux-sh@vger.kernel.org To: sergei.shtylyov@cogentembedded.com Return-path: Received: from p654789.hkidff01.ap.so-net.ne.jp ([121.101.71.137]:45280 "EHLO gw.atmark-techno.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752614AbbJZWwY (ORCPT ); Mon, 26 Oct 2015 18:52:24 -0400 Received: from mail-pa0-f51.google.com (mail-pa0-f51.google.com [209.85.220.51]) by gw.atmark-techno.com (Postfix) with ESMTPS id 399D3202B3 for ; Tue, 27 Oct 2015 07:52:22 +0900 (JST) Received: by pabla5 with SMTP id la5so7891012pab.0 for ; Mon, 26 Oct 2015 15:52:21 -0700 (PDT) In-Reply-To: <2611049.bTOQ0T0Nsl@wasted.cogentembedded.com> Sender: netdev-owner@vger.kernel.org List-ID: Hi Sergei, Thank you for your patch! On Sun, 25 Oct 2015 07:42:33 +0900, Sergei Shtylyov wrote: > > In a low memory situation the following kernel oops occurs: > > Unable to handle kernel NULL pointer dereference at virtual address 00000050 > pgd = 8490c000 > [00000050] *pgd=4651e831, *pte=00000000, *ppte=00000000 > Internal error: Oops: 17 [#1] PREEMPT ARM > Modules linked in: > CPU: 0 Not tainted (3.4-at16 #9) > PC is at skb_put+0x10/0x98 > LR is at sh_eth_poll+0x2c8/0xa10 > pc : [<8035f780>] lr : [<8028bf50>] psr: 60000113 > sp : 84eb1a90 ip : 84eb1ac8 fp : 84eb1ac4 > r10: 0000003f r9 : 000005ea r8 : 00000000 > r7 : 00000000 r6 : 940453b0 r5 : 00030000 r4 : 9381b180 > r3 : 00000000 r2 : 00000000 r1 : 000005ea r0 : 00000000 > Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user > Control: 10c53c7d Table: 4248c059 DAC: 00000015 > Process klogd (pid: 2046, stack limit = 0x84eb02e8) > [...] > > This is because netdev_alloc_skb() fails and 'mdp->rx_skbuff[entry]' is left > NULL but sh_eth_rx() later uses it without checking. Add such check... > > Reported-by: Yasushi SHOJI > Signed-off-by: Sergei Shtylyov > > --- > This patch is against DaveM's 'net.git' repo. > > drivers/net/ethernet/renesas/sh_eth.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > Index: net/drivers/net/ethernet/renesas/sh_eth.c > =================================================================== > --- net.orig/drivers/net/ethernet/renesas/sh_eth.c > +++ net/drivers/net/ethernet/renesas/sh_eth.c > @@ -1481,6 +1481,7 @@ static int sh_eth_rx(struct net_device * > if (mdp->cd->shift_rd0) > desc_status >>= 16; > > + skb = mdp->rx_skbuff[entry]; > if (desc_status & (RD_RFS1 | RD_RFS2 | RD_RFS3 | RD_RFS4 | > RD_RFS5 | RD_RFS6 | RD_RFS10)) { > ndev->stats.rx_errors++; > @@ -1496,12 +1497,11 @@ static int sh_eth_rx(struct net_device * > ndev->stats.rx_missed_errors++; > if (desc_status & RD_RFS10) > ndev->stats.rx_over_errors++; > - } else { > + } else if (skb) { > if (!mdp->cd->hw_swap) > sh_eth_soft_swap( > phys_to_virt(ALIGN(rxdesc->addr, 4)), > pkt_len + 2); > - skb = mdp->rx_skbuff[entry]; > mdp->rx_skbuff[entry] = NULL; > if (mdp->cd->rpadir) > skb_reserve(skb, NET_IP_ALIGN); > This certainly prevents from a bad access, however, some odd thing is going on. Once I hit a low memory situation with this patch, network thorough-put and response is very bad. telnet, ping, wget takes loong time. PING 172.16.2.13 (172.16.2.13) 56(84) bytes of data. 64 bytes from 172.16.2.13: icmp_seq=5 ttl=64 time=0.223 ms 64 bytes from 172.16.2.13: icmp_seq=6 ttl=64 time=0.195 ms 64 bytes from 172.16.2.13: icmp_seq=7 ttl=64 time=0.203 ms 64 bytes from 172.16.2.13: icmp_seq=8 ttl=64 time=0.219 ms 64 bytes from 172.16.2.13: icmp_seq=9 ttl=64 time=0.165 ms 64 bytes from 172.16.2.13: icmp_seq=10 ttl=64 time=0.171 ms 64 bytes from 172.16.2.13: icmp_seq=1 ttl=64 time=9023 ms 64 bytes from 172.16.2.13: icmp_seq=2 ttl=64 time=8022 ms 64 bytes from 172.16.2.13: icmp_seq=3 ttl=64 time=7014 ms 64 bytes from 172.16.2.13: icmp_seq=4 ttl=64 time=6006 ms I'll investigate it. -- yashi