From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Su Yanjun <suyj.fnst@cn.fujitsu.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 43/73] net: 8139cp: fix a BUG triggered by changing mtu with network traffic
Date: Wed, 12 Dec 2018 23:28:08 -0500 [thread overview]
Message-ID: <20181213042838.75160-43-sashal@kernel.org> (raw)
In-Reply-To: <20181213042838.75160-1-sashal@kernel.org>
From: Su Yanjun <suyj.fnst@cn.fujitsu.com>
[ Upstream commit a5d4a89245ead1f37ed135213653c5beebea4237 ]
When changing mtu many times with traffic, a bug is triggered:
[ 1035.684037] kernel BUG at lib/dynamic_queue_limits.c:26!
[ 1035.684042] invalid opcode: 0000 [#1] SMP
[ 1035.684049] Modules linked in: loop binfmt_misc 8139cp(OE) macsec
tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag tcp_lp
fuse uinput xt_CHECKSUM iptable_mangle ipt_MASQUERADE
nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4
nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun
bridge stp llc ebtable_filter ebtables ip6table_filter devlink
ip6_tables iptable_filter sunrpc snd_hda_codec_generic snd_hda_intel
snd_hda_codec snd_hda_core snd_hwdep ppdev snd_seq iosf_mbi crc32_pclmul
parport_pc snd_seq_device ghash_clmulni_intel parport snd_pcm
aesni_intel joydev lrw snd_timer virtio_balloon sg gf128mul glue_helper
ablk_helper cryptd snd soundcore i2c_piix4 pcspkr ip_tables xfs
libcrc32c sr_mod sd_mod cdrom crc_t10dif crct10dif_generic ata_generic
[ 1035.684102] pata_acpi virtio_console qxl drm_kms_helper syscopyarea
sysfillrect sysimgblt floppy fb_sys_fops crct10dif_pclmul
crct10dif_common ttm crc32c_intel serio_raw ata_piix drm libata 8139too
virtio_pci drm_panel_orientation_quirks virtio_ring virtio mii dm_mirror
dm_region_hash dm_log dm_mod [last unloaded: 8139cp]
[ 1035.684132] CPU: 9 PID: 25140 Comm: if-mtu-change Kdump: loaded
Tainted: G OE ------------ T 3.10.0-957.el7.x86_64 #1
[ 1035.684134] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 1035.684136] task: ffff8f59b1f5a080 ti: ffff8f5a2e32c000 task.ti:
ffff8f5a2e32c000
[ 1035.684149] RIP: 0010:[<ffffffffba3a40d0>] [<ffffffffba3a40d0>]
dql_completed+0x180/0x190
[ 1035.684162] RSP: 0000:ffff8f5a75483e50 EFLAGS: 00010093
[ 1035.684162] RAX: 00000000000000c2 RBX: ffff8f5a6f91c000 RCX:
0000000000000000
[ 1035.684162] RDX: 0000000000000000 RSI: 0000000000000184 RDI:
ffff8f599fea3ec0
[ 1035.684162] RBP: ffff8f5a75483ea8 R08: 00000000000000c2 R09:
0000000000000000
[ 1035.684162] R10: 00000000000616ef R11: ffff8f5a75483b56 R12:
ffff8f599fea3e00
[ 1035.684162] R13: 0000000000000001 R14: 0000000000000000 R15:
0000000000000184
[ 1035.684162] FS: 00007fa8434de740(0000) GS:ffff8f5a75480000(0000)
knlGS:0000000000000000
[ 1035.684162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1035.684162] CR2: 00000000004305d0 CR3: 000000024eb66000 CR4:
00000000001406e0
[ 1035.684162] Call Trace:
[ 1035.684162] <IRQ>
[ 1035.684162] [<ffffffffc08cbaf8>] ? cp_interrupt+0x478/0x580 [8139cp]
[ 1035.684162] [<ffffffffba14a294>]
__handle_irq_event_percpu+0x44/0x1c0
[ 1035.684162] [<ffffffffba14a442>] handle_irq_event_percpu+0x32/0x80
[ 1035.684162] [<ffffffffba14a4cc>] handle_irq_event+0x3c/0x60
[ 1035.684162] [<ffffffffba14db29>] handle_fasteoi_irq+0x59/0x110
[ 1035.684162] [<ffffffffba02e554>] handle_irq+0xe4/0x1a0
[ 1035.684162] [<ffffffffba7795dd>] do_IRQ+0x4d/0xf0
[ 1035.684162] [<ffffffffba76b362>] common_interrupt+0x162/0x162
[ 1035.684162] <EOI>
[ 1035.684162] [<ffffffffba0c2ae4>] ? __wake_up_bit+0x24/0x70
[ 1035.684162] [<ffffffffba1e46f5>] ? do_set_pte+0xd5/0x120
[ 1035.684162] [<ffffffffba1b64fb>] unlock_page+0x2b/0x30
[ 1035.684162] [<ffffffffba1e4879>] do_read_fault.isra.61+0x139/0x1b0
[ 1035.684162] [<ffffffffba1e9134>] handle_pte_fault+0x2f4/0xd10
[ 1035.684162] [<ffffffffba1ebc6d>] handle_mm_fault+0x39d/0x9b0
[ 1035.684162] [<ffffffffba76f5e3>] __do_page_fault+0x203/0x500
[ 1035.684162] [<ffffffffba76f9c6>] trace_do_page_fault+0x56/0x150
[ 1035.684162] [<ffffffffba76ef42>] do_async_page_fault+0x22/0xf0
[ 1035.684162] [<ffffffffba76b788>] async_page_fault+0x28/0x30
[ 1035.684162] Code: 54 c7 47 54 ff ff ff ff 44 0f 49 ce 48 8b 35 48 2f
9c 00 48 89 77 58 e9 fe fe ff ff 0f 1f 80 00 00 00 00 41 89 d1 e9 ef fe
ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 8d 42 ff 48
[ 1035.684162] RIP [<ffffffffba3a40d0>] dql_completed+0x180/0x190
[ 1035.684162] RSP <ffff8f5a75483e50>
It's not the same as in 7fe0ee09 patch described.
As 8139cp uses shared irq mode, other device irq will trigger
cp_interrupt to execute.
cp_change_mtu
-> cp_close
-> cp_open
In cp_close routine just before free_irq(), some interrupt may occur.
In my environment, cp_interrupt exectutes and IntrStatus is 0x4,
exactly TxOk. That will cause cp_tx to wake device queue.
As device queue is started, cp_start_xmit and cp_open will run at same
time which will cause kernel BUG.
For example:
[#] for tx descriptor
At start:
[#][#][#]
num_queued=3
After cp_init_hw->cp_start_hw->netdev_reset_queue:
[#][#][#]
num_queued=0
When 8139cp starts to work then cp_tx will check
num_queued mismatchs the complete_bytes.
The patch will check IntrMask before check IntrStatus in cp_interrupt.
When 8139cp interrupt is disabled, just return.
Signed-off-by: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/realtek/8139cp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c
index 81045dfa1cd8..44f6e4873aad 100644
--- a/drivers/net/ethernet/realtek/8139cp.c
+++ b/drivers/net/ethernet/realtek/8139cp.c
@@ -571,6 +571,7 @@ static irqreturn_t cp_interrupt (int irq, void *dev_instance)
struct cp_private *cp;
int handled = 0;
u16 status;
+ u16 mask;
if (unlikely(dev == NULL))
return IRQ_NONE;
@@ -578,6 +579,10 @@ static irqreturn_t cp_interrupt (int irq, void *dev_instance)
spin_lock(&cp->lock);
+ mask = cpr16(IntrMask);
+ if (!mask)
+ goto out_unlock;
+
status = cpr16(IntrStatus);
if (!status || (status == 0xFFFF))
goto out_unlock;
--
2.19.1
next prev parent reply other threads:[~2018-12-13 4:30 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-13 4:27 [PATCH AUTOSEL 4.19 01/73] mac80211_hwsim: fix module init error paths for netlink Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 02/73] Input: hyper-v - fix wakeup from suspend-to-idle Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 03/73] i2c: rcar: check bus state before reinitializing Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 04/73] scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 05/73] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 06/73] tools/bpf: fix two test_btf unit test cases Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 07/73] tools/bpf: add addition type tests to test_btf Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 08/73] net: ethernet: ave: Replace NET_IP_ALIGN with AVE_FRAME_HEADROOM Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 09/73] net: phy: sfp: correct store of detected link modes Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 10/73] drm/amd/display: Fix 6x4K displays light-up on Vega20 (v2) Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 11/73] x86/earlyprintk/efi: Fix infinite loop on some screen widths Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 12/73] drm/msm: Fix task dump in gpu recovery Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 13/73] drm/msm/gpu: Fix a couple memory leaks in debugfs Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 14/73] drm/msm: fix handling of cmdstream offset Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 15/73] drm/msm/dsi: configure VCO rate for 10nm PLL driver Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 16/73] drm/msm: Grab a vblank reference when waiting for commit_done Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 17/73] drm/ttm: fix LRU handling in ttm_buffer_object_transfer Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 18/73] drm/amdgpu: wait for IB test on first device open Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 19/73] ARC: io.h: Implement reads{x}()/writes{x}() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 20/73] net: stmmac: Move debugfs init/exit to ->probe()/->remove() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 21/73] net: aquantia: fix rx checksum offload bits Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 22/73] bonding: fix 802.3ad state sent to partner when unbinding slave Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 23/73] bpf: Fix verifier log string check for bad alignment Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 24/73] liquidio: read sc->iq_no before release sc Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 25/73] nfs: don't dirty kernel pages read by direct-io Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 26/73] SUNRPC: Fix leak of krb5p encode pages Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 27/73] SUNRPC: Fix a potential race in xprt_connect() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 28/73] sbus: char: add of_node_put() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 29/73] drivers/sbus/char: " Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 30/73] drivers/tty: add missing of_node_put() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 31/73] ide: pmac: add of_node_put() Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 32/73] drm/msm/hdmi: Enable HPD after HDMI IRQ is set up Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 33/73] drm/msm: dpu: Don't set legacy plane->crtc pointer Sasha Levin
2018-12-13 4:27 ` [PATCH AUTOSEL 4.19 34/73] drm/msm: dpu: Fix "WARNING: invalid free of devm_ allocated data" Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 35/73] drm/msm: Fix error return checking Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 36/73] drm/amd/powerplay: issue pre-display settings for display change event Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 37/73] clk: mvebu: Off by one bugs in cp110_of_clk_get() Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 38/73] clk: mmp: Off by one in mmp_clk_add() Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 39/73] Input: synaptics - enable SMBus for HP 15-ay000 Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 40/73] Input: omap-keypad - fix keyboard debounce configuration Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 41/73] libata: whitelist all SAMSUNG MZ7KM* solid-state disks Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 42/73] net: phy: don't allow __set_phy_supported to add unsupported modes Sasha Levin
2018-12-13 4:28 ` Sasha Levin [this message]
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 44/73] net: phy: Fix not to call phy_resume() if PHY is not attached Sasha Levin
2018-12-13 4:48 ` Yoshihiro Shimoda
2018-12-19 13:43 ` Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 45/73] net: phy: micrel: add toggling phy reset " Sasha Levin
2018-12-13 4:44 ` Yoshihiro Shimoda
2018-12-19 13:43 ` Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 46/73] macvlan: return correct error value Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 47/73] mv88e6060: disable hardware level MAC learning Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 48/73] net/mlx4_en: Change min MTU size to ETH_MIN_MTU Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 49/73] net/mlx4_en: Fix build break when CONFIG_INET is off Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 50/73] bpf: check pending signals while verifying programs Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 51/73] ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 52/73] ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 53/73] ARM: 8816/1: dma-mapping: fix potential uninitialized return Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 54/73] ethernet: fman: fix wrong of_node_put() in probe function Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 55/73] thermal: armada: fix legacy validity test sense Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 56/73] net: mvpp2: fix detection of 10G SFP modules Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 57/73] net: mvpp2: fix phylink handling of invalid PHY modes Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 58/73] x86/build: Fix compiler support check for CONFIG_RETPOLINE Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 59/73] drm/amdgpu/vcn: Update vcn.cur_state during suspend Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 60/73] tools/testing/nvdimm: Align test resources to 128M Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 61/73] acpi/nfit: Fix user-initiated ARS to be "ARS-long" rather than "ARS-short" Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 62/73] drm/ast: Fix connector leak during driver unload Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 63/73] cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 64/73] vhost/vsock: fix reset orphans race with close timeout Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 65/73] mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 66/73] i2c: axxia: properly handle master timeout Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 67/73] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 68/73] i2c: uniphier: fix violation of tLOW requirement for Fast-mode Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 69/73] i2c: uniphier-f: " Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 70/73] nvme: validate controller state before rescheduling keep alive Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 71/73] nvmet-rdma: fix response use after free Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 72/73] Revert "net/ibm/emac: wrong bit is used for STA control" Sasha Levin
2018-12-13 4:28 ` [PATCH AUTOSEL 4.19 73/73] net/mlx4_core: Correctly set PFC param if global pause is turned off Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181213042838.75160-43-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=suyj.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox