From: Chris Wright <chrisw@sous-sol.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org, jejb@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Mallikarjuna R Chilakala <mallikarjuna.chilakala@intel.com>,
Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
David S Miller <davem@davemloft.net>
Subject: [patch 033/100] ixgbe: Fix potential memory leak/driver panic issue while setting up Tx & Rx ring parameters
Date: Thu, 23 Apr 2009 00:20:53 -0700 [thread overview]
Message-ID: <20090423072426.702063355@sous-sol.org> (raw)
In-Reply-To: 20090423072020.428683652@sous-sol.org
[-- Attachment #1: ixgbe-fix-potential-memory-leak-driver-panic-issue-while-setting-up-tx-rx-ring-parameters.patch --]
[-- Type: text/plain, Size: 5550 bytes --]
-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Mallikarjuna R Chilakala <mallikarjuna.chilakala@intel.com>
upstream commit: f9ed88549e2ec73922b788e3865282d221233662
While setting up the ring parameters using ethtool the driver can
panic or leak memory as ixgbe_open tries to setup tx & rx resources.
The updated logic will use ixgbe_down/up after successful allocation of
tx & rx resources
Signed-off-by: Mallikarjuna R Chilakala <mallikarjuna.chilakala@intel.com>
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
CC: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
drivers/net/ixgbe/ixgbe_ethtool.c | 103 +++++++++++++++++++++-----------------
1 file changed, 59 insertions(+), 44 deletions(-)
--- a/drivers/net/ixgbe/ixgbe_ethtool.c
+++ b/drivers/net/ixgbe/ixgbe_ethtool.c
@@ -691,9 +691,10 @@ static int ixgbe_set_ringparam(struct ne
struct ethtool_ringparam *ring)
{
struct ixgbe_adapter *adapter = netdev_priv(netdev);
- struct ixgbe_ring *temp_ring;
+ struct ixgbe_ring *temp_tx_ring, *temp_rx_ring;
int i, err;
u32 new_rx_count, new_tx_count;
+ bool need_update = false;
if ((ring->rx_mini_pending) || (ring->rx_jumbo_pending))
return -EINVAL;
@@ -712,80 +713,94 @@ static int ixgbe_set_ringparam(struct ne
return 0;
}
- temp_ring = kcalloc(adapter->num_tx_queues,
- sizeof(struct ixgbe_ring), GFP_KERNEL);
- if (!temp_ring)
- return -ENOMEM;
-
while (test_and_set_bit(__IXGBE_RESETTING, &adapter->state))
msleep(1);
- if (new_tx_count != adapter->tx_ring->count) {
+ temp_tx_ring = kcalloc(adapter->num_tx_queues,
+ sizeof(struct ixgbe_ring), GFP_KERNEL);
+ if (!temp_tx_ring) {
+ err = -ENOMEM;
+ goto err_setup;
+ }
+
+ if (new_tx_count != adapter->tx_ring_count) {
+ memcpy(temp_tx_ring, adapter->tx_ring,
+ adapter->num_tx_queues * sizeof(struct ixgbe_ring));
for (i = 0; i < adapter->num_tx_queues; i++) {
- temp_ring[i].count = new_tx_count;
- err = ixgbe_setup_tx_resources(adapter, &temp_ring[i]);
+ temp_tx_ring[i].count = new_tx_count;
+ err = ixgbe_setup_tx_resources(adapter,
+ &temp_tx_ring[i]);
if (err) {
while (i) {
i--;
ixgbe_free_tx_resources(adapter,
- &temp_ring[i]);
+ &temp_tx_ring[i]);
}
goto err_setup;
}
- temp_ring[i].v_idx = adapter->tx_ring[i].v_idx;
+ temp_tx_ring[i].v_idx = adapter->tx_ring[i].v_idx;
}
- if (netif_running(netdev))
- netdev->netdev_ops->ndo_stop(netdev);
- ixgbe_reset_interrupt_capability(adapter);
- ixgbe_napi_del_all(adapter);
- INIT_LIST_HEAD(&netdev->napi_list);
- kfree(adapter->tx_ring);
- adapter->tx_ring = temp_ring;
- temp_ring = NULL;
- adapter->tx_ring_count = new_tx_count;
- }
-
- temp_ring = kcalloc(adapter->num_rx_queues,
- sizeof(struct ixgbe_ring), GFP_KERNEL);
- if (!temp_ring) {
- if (netif_running(netdev))
- netdev->netdev_ops->ndo_open(netdev);
- return -ENOMEM;
+ need_update = true;
}
- if (new_rx_count != adapter->rx_ring->count) {
+ temp_rx_ring = kcalloc(adapter->num_rx_queues,
+ sizeof(struct ixgbe_ring), GFP_KERNEL);
+ if ((!temp_rx_ring) && (need_update)) {
+ for (i = 0; i < adapter->num_tx_queues; i++)
+ ixgbe_free_tx_resources(adapter, &temp_tx_ring[i]);
+ kfree(temp_tx_ring);
+ err = -ENOMEM;
+ goto err_setup;
+ }
+
+ if (new_rx_count != adapter->rx_ring_count) {
+ memcpy(temp_rx_ring, adapter->rx_ring,
+ adapter->num_rx_queues * sizeof(struct ixgbe_ring));
for (i = 0; i < adapter->num_rx_queues; i++) {
- temp_ring[i].count = new_rx_count;
- err = ixgbe_setup_rx_resources(adapter, &temp_ring[i]);
+ temp_rx_ring[i].count = new_rx_count;
+ err = ixgbe_setup_rx_resources(adapter,
+ &temp_rx_ring[i]);
if (err) {
while (i) {
i--;
ixgbe_free_rx_resources(adapter,
- &temp_ring[i]);
+ &temp_rx_ring[i]);
}
goto err_setup;
}
- temp_ring[i].v_idx = adapter->rx_ring[i].v_idx;
+ temp_rx_ring[i].v_idx = adapter->rx_ring[i].v_idx;
}
+ need_update = true;
+ }
+
+ /* if rings need to be updated, here's the place to do it in one shot */
+ if (need_update) {
if (netif_running(netdev))
- netdev->netdev_ops->ndo_stop(netdev);
- ixgbe_reset_interrupt_capability(adapter);
- ixgbe_napi_del_all(adapter);
- INIT_LIST_HEAD(&netdev->napi_list);
- kfree(adapter->rx_ring);
- adapter->rx_ring = temp_ring;
- temp_ring = NULL;
+ ixgbe_down(adapter);
+
+ /* tx */
+ if (new_tx_count != adapter->tx_ring_count) {
+ kfree(adapter->tx_ring);
+ adapter->tx_ring = temp_tx_ring;
+ temp_tx_ring = NULL;
+ adapter->tx_ring_count = new_tx_count;
+ }
- adapter->rx_ring_count = new_rx_count;
+ /* rx */
+ if (new_rx_count != adapter->rx_ring_count) {
+ kfree(adapter->rx_ring);
+ adapter->rx_ring = temp_rx_ring;
+ temp_rx_ring = NULL;
+ adapter->rx_ring_count = new_rx_count;
+ }
}
/* success! */
err = 0;
-err_setup:
- ixgbe_init_interrupt_scheme(adapter);
if (netif_running(netdev))
- netdev->netdev_ops->ndo_open(netdev);
+ ixgbe_up(adapter);
+err_setup:
clear_bit(__IXGBE_RESETTING, &adapter->state);
return err;
}
next prev parent reply other threads:[~2009-04-23 7:38 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-23 7:20 [patch 000/100] 2.6.29.2 -stable review Chris Wright
2009-04-23 7:20 ` [patch 001/100] security/smack: fix oops when setting a size 0 SMACK64 xattr Chris Wright
2009-04-23 7:20 ` [patch 002/100] fbmem: fix fb_info->lock and mm->mmap_sem circular locking dependency Chris Wright
2009-04-23 7:20 ` [patch 003/100] fbdev: fix info->lock deadlock in fbcon_event_notify() Chris Wright
2009-04-23 7:20 ` [patch 004/100] ide: Fix code dealing with sleeping devices in do_ide_request() Chris Wright
2009-04-23 7:20 ` [patch 005/100] PCI/x86: detect host bridge config space size w/o using quirks Chris Wright
2009-04-23 7:20 ` [patch 006/100] MIPS: Compat: Zero upper 32-bit of offset_high and offset_low Chris Wright
2009-04-23 7:20 ` [patch 007/100] ext4: fix typo which causes a memory leak on error path Chris Wright
2009-04-23 7:20 ` [patch 008/100] ext4: fix locking typo in mballoc which could cause soft lockup hangs Chris Wright
2009-04-23 7:20 ` [patch 009/100] rt2x00: Fix SLAB corruption during rmmod Chris Wright
2009-04-23 7:20 ` [patch 010/100] tracing/core: fix early free of cpumasks Chris Wright
2009-04-23 7:20 ` [patch 011/100] x86, setup: mark %esi as clobbered in E820 BIOS call Chris Wright
2009-04-23 7:20 ` [patch 012/100] acpi: fix of pmtimer overflow that make Cx states time incorrect Chris Wright
2009-04-23 9:24 ` Shi, Alex
2009-04-23 9:40 ` Shi, Alex
2009-04-23 7:20 ` [patch 013/100] ACPI: cap off P-state transition latency from buggy BIOSes Chris Wright
2009-04-25 15:59 ` Martin Steigerwald
2009-04-23 7:20 ` [patch 014/100] dock: fix dereference after kfree() Chris Wright
2009-04-23 7:20 ` [patch 015/100] drm/i915: Change DCC tiling detection case to cover only mobile parts Chris Wright
2009-04-23 7:20 ` [patch 016/100] drm/i915: Read the right SDVO register when detecting SVDO/HDMI Chris Wright
2009-04-23 7:20 ` [patch 017/100] drm/i915: Sync crt hotplug detection with intel video driver Chris Wright
2009-04-23 7:20 ` [patch 018/100] drm/i915: Check for dev->primary->master before dereference Chris Wright
2009-04-23 7:20 ` [patch 019/100] drm/i915: check for -EINVAL from vm_insert_pfn Chris Wright
2009-04-23 7:20 ` [patch 020/100] drm: Use pgprot_writecombine in GEM GTT mapping to get the right bits for !PAT Chris Wright
2009-04-23 7:20 ` [patch 021/100] drm/i915: only set TV mode when any property changed Chris Wright
2009-04-23 7:20 ` [patch 022/100] drm/i915: fix TV mode setting in property change Chris Wright
2009-04-23 7:20 ` [patch 023/100] SCSI: sg: fix iovec bugs introduced by the block layer conversion Chris Wright
2009-04-23 7:20 ` [patch 024/100] md/raid1 - dont assume newly allocated bvecs are initialised Chris Wright
2009-04-23 7:20 ` [patch 025/100] r8169: Reset IntrStatus after chip reset Chris Wright
2009-04-23 7:20 ` [patch 026/100] V4L/DVB (10943): cx88: Prevent general protection fault on rmmod Chris Wright
2009-04-23 7:20 ` [patch 027/100] ide: drivers/ide/ide-atapi.c needs <linux/scatterlist.h> Chris Wright
2009-04-23 7:20 ` [patch 028/100] ide-atapi: start DMA after issuing a packet command Chris Wright
2009-04-23 7:20 ` [patch 029/100] cpumask: fix slab corruption caused by alloc_cpumask_var_node() Chris Wright
2009-04-23 7:20 ` [patch 030/100] sysctl: fix suid_dumpable and lease-break-time sysctls Chris Wright
2009-04-23 7:20 ` [patch 031/100] mm: define a UNIQUE value for AS_UNEVICTABLE flag Chris Wright
2009-04-23 7:20 ` [patch 032/100] mm: do_xip_mapping_read: fix length calculation Chris Wright
2009-04-23 7:20 ` Chris Wright [this message]
2009-04-23 7:20 ` [patch 034/100] dm: preserve bi_io_vec when resubmitting bios Chris Wright
2009-04-23 7:20 ` [patch 035/100] vfs: skip I_CLEAR state inodes Chris Wright
2009-04-23 7:20 ` [patch 036/100] dm raid1: switch read_record from kmalloc to slab to save memory Chris Wright
2009-04-23 7:20 ` [patch 037/100] dm io: make sync_io uninterruptible Chris Wright
2009-04-23 7:20 ` [patch 038/100] dm snapshot: refactor __find_pending_exception Chris Wright
2009-04-23 7:20 ` [patch 039/100] dm snapshot: avoid dropping lock in __find_pending_exception Chris Wright
2009-04-23 7:21 ` [patch 040/100] dm snapshot: avoid having two exceptions for the same chunk Chris Wright
2009-04-23 7:21 ` [patch 041/100] dm target: use module refcount directly Chris Wright
2009-04-23 7:21 ` [patch 042/100] dm: path selector " Chris Wright
2009-04-23 7:21 ` [patch 043/100] dm table: fix upgrade mode race Chris Wright
2009-04-23 7:21 ` [patch 044/100] af_rose/x25: Sanity check the maximum user frame size Chris Wright
2009-04-23 7:21 ` [patch 045/100] net/netrom: Fix socket locking Chris Wright
2009-04-23 7:21 ` [patch 046/100] crypto: shash - Fix unaligned calculation with short length Chris Wright
2009-04-23 7:21 ` [patch 047/100] acer-wmi: Blacklist Acer Aspire One Chris Wright
2009-04-23 7:21 ` [patch 048/100] kprobes: Fix locking imbalance in kretprobes Chris Wright
2009-04-23 7:21 ` [patch 049/100] netfilter: {ip, ip6, arp}_tables: fix incorrect loop detection Chris Wright
2009-04-23 7:21 ` [patch 050/100] splice: fix deadlock in splicing to file Chris Wright
2009-04-23 7:21 ` [patch 051/100] ALSA: hda - add missing comma in ad1884_slave_vols Chris Wright
2009-04-23 7:21 ` [patch 052/100] sparc64: Fix bug in ("sparc64: Flush TLB before releasing pages.") Chris Wright
2009-04-23 7:21 ` [patch 053/100] SCSI: libiscsi: fix iscsi pool error path Chris Wright
2009-04-23 7:21 ` [patch 054/100] SCSI: libiscsi: fix iscsi pool error path (fixlet) Chris Wright
2009-04-23 7:21 ` [patch 055/100] cap_prctl: dont set error to 0 at no_change Chris Wright
2009-04-23 7:21 ` [patch 056/100] posixtimers, sched: Fix posix clock monotonicity Chris Wright
2009-04-23 7:21 ` [patch 057/100] posix-timers: fix RLIMIT_CPU && fork() Chris Wright
2009-04-23 20:59 ` Chuck Ebbert
2009-04-23 21:02 ` Oleg Nesterov
2009-04-23 21:11 ` Chris Wright
2009-04-23 7:21 ` [patch 058/100] posix-timers: fix RLIMIT_CPU && setitimer(CPUCLOCK_PROF) Chris Wright
2009-04-23 7:21 ` [patch 059/100] dm kcopyd: prepare for callback race fix Chris Wright
2009-04-23 7:21 ` [patch 060/100] dm kcopyd: fix callback race Chris Wright
2009-04-23 7:21 ` [patch 061/100] sched: do not count frozen tasks toward load Chris Wright
2009-04-23 7:21 ` [patch 062/100] x86: fix broken irq migration logic while cleaning up multiple vectors Chris Wright
2009-04-23 7:21 ` [patch 063/100] hrtimer: fix rq->lock inversion (again) Chris Wright
2009-04-23 7:21 ` [patch 064/100] add some long-missing capabilities to fs_mask Chris Wright
2009-04-23 7:21 ` [patch 065/100] spi: spi_write_then_read() bugfixes Chris Wright
2009-04-23 7:21 ` [patch 066/100] tty: Fix leak in ti-usb Chris Wright
2009-04-23 7:21 ` [patch 067/100] sfc: Match calls to netif_napi_add() and netif_napi_del() Chris Wright
2009-04-23 7:21 ` [patch 068/100] ALSA: hda - Fix the cmd cache keys for amp verbs Chris Wright
2009-04-23 7:21 ` [patch 069/100] powerpc: Fix data-corrupting bug in __futex_atomic_op Chris Wright
2009-04-23 7:21 ` [patch 070/100] hpt366: fix HPT370 DMA timeouts Chris Wright
2009-04-23 7:21 ` [patch 071/100] pata_hpt37x: " Chris Wright
2009-04-23 7:21 ` [patch 072/100] mm: pass correct mm when growing stack Chris Wright
2009-04-23 7:21 ` [patch 073/100] SCSI: sg: fix races during device removal Chris Wright
2009-04-23 7:21 ` [patch 074/100] SCSI: sg: fix races with ioctl(SG_IO) Chris Wright
2009-04-23 7:21 ` [patch 075/100] SCSI: sg: avoid blk_put_request/blk_rq_unmap_user in interrupt Chris Wright
2009-04-23 7:21 ` [patch 076/100] SCSI: sg: fix q->queue_lock on scsi_error_handler path Chris Wright
2009-04-23 7:21 ` [patch 077/100] x86: disable X86_PTRACE_BTS for now Chris Wright
2009-04-23 7:21 ` [patch 078/100] usb gadget: fix ethernet link reports to ethtool Chris Wright
2009-04-23 7:21 ` [patch 079/100] USB: ftdi_sio: add vendor/project id for JETI specbos 1201 spectrometer Chris Wright
2009-04-23 7:21 ` [patch 080/100] USB: fix oops in cdc-wdm in case of malformed descriptors Chris Wright
2009-04-23 7:21 ` [patch 081/100] USB: usb-storage: augment unusual_devs entry for Simple Tech/Datafab Chris Wright
2009-04-23 7:21 ` [patch 082/100] KVM: Fix missing smp tlb flush in invlpg Chris Wright
2009-04-23 7:21 ` [patch 083/100] KVM: Add CONFIG_HAVE_KVM_IRQCHIP Chris Wright
2009-04-23 7:21 ` [patch 084/100] KVM: Interrupt mask notifiers for ioapic Chris Wright
2009-04-23 7:21 ` [patch 085/100] KVM: Reset PIT irq injection logic when the PIT IRQ is unmasked Chris Wright
2009-04-23 7:21 ` [patch 086/100] KVM: MMU: handle compound pages in kvm_is_mmio_pfn Chris Wright
2009-04-23 7:21 ` [patch 087/100] KVM: fix kvm_vm_ioctl_deassign_device Chris Wright
2009-04-23 7:21 ` [patch 088/100] KVM: VMX: Update necessary state when guest enters long mode Chris Wright
2009-04-23 7:21 ` [patch 089/100] KVM: is_long_mode() should check for EFER.LMA Chris Wright
2009-04-23 7:21 ` [patch 090/100] x86, PAT: Remove page granularity tracking for vm_insert_pfn maps Chris Wright
2009-04-23 7:21 ` [patch 091/100] Input: gameport - fix attach driver code Chris Wright
2009-04-23 7:21 ` [patch 092/100] Revert "console ASCII glyph 1:1 mapping" Chris Wright
2009-04-23 7:21 ` [patch 093/100] virtio: fix suspend when using virtio_balloon Chris Wright
2009-04-23 7:21 ` [patch 094/100] agp: zero pages before sending to userspace Chris Wright
2009-04-23 7:21 ` [patch 095/100] gso: Fix support for linear packets Chris Wright
2009-04-23 7:21 ` [patch 096/100] NFS: Fix the XDR iovec calculation in nfs3_xdr_setaclargs Chris Wright
2009-04-23 7:21 ` [patch 097/100] hugetlbfs: return negative error code for bad mount option Chris Wright
2009-04-23 7:21 ` [patch 098/100] scsi: mpt: suppress debugobjects warning Chris Wright
2009-04-23 7:21 ` [patch 099/100] skge: fix occasional BUG during MTU change Chris Wright
2009-04-23 7:22 ` [patch 100/100] Bonding: fix zero address hole bug in arp_ip_target list Chris Wright
2009-04-23 13:47 ` [patch 000/100] 2.6.29.2 -stable review Tvrtko Ursulin
2009-04-23 14:49 ` [stable] " Greg KH
2009-04-23 14:56 ` Tvrtko Ursulin
2009-04-23 15:02 ` Greg KH
2009-04-23 15:08 ` Tvrtko Ursulin
2009-04-23 15:45 ` Greg KH
2009-04-23 16:17 ` Tvrtko Ursulin
2009-04-23 16:25 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090423072426.702063355@sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=eteo@redhat.com \
--cc=jake@lwn.net \
--cc=jeffrey.t.kirsher@intel.com \
--cc=jejb@kernel.org \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mallikarjuna.chilakala@intel.com \
--cc=mkrufky@linuxtv.org \
--cc=peter.p.waskiewicz.jr@intel.com \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox