From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff Kirsher Subject: Re: [PATCH net] e1000: add dummy allocator to fix race condition between mtu change and netpoll Date: Wed, 25 Feb 2015 02:15:22 -0800 Message-ID: <1424859322.2553.50.camel@jtkirshe-mobl> References: <1424858711-22879-1-git-send-email-sd@queasysnail.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-6auOFN9pXIxTni+O/ALT" Cc: linux.nics@intel.com, e1000-devel@lists.sourceforge.net, netdev@vger.kernel.org To: Sabrina Dubroca Return-path: Received: from mga02.intel.com ([134.134.136.20]:15277 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751991AbbBYKPe (ORCPT ); Wed, 25 Feb 2015 05:15:34 -0500 In-Reply-To: <1424858711-22879-1-git-send-email-sd@queasysnail.net> Sender: netdev-owner@vger.kernel.org List-ID: --=-6auOFN9pXIxTni+O/ALT Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-02-25 at 11:05 +0100, Sabrina Dubroca wrote: > There is a race condition between e1000_change_mtu's cleanups and > netpoll, when we change the MTU across jumbo size: >=20 > Changing MTU frees all the rx buffers: > e1000_change_mtu -> e1000_down -> e1000_clean_all_rx_rings -> > e1000_clean_rx_ring >=20 > Then, close to the end of e1000_change_mtu: > pr_info -> ... -> netpoll_poll_dev -> e1000_clean -> > e1000_clean_rx_irq -> e1000_alloc_rx_buffers -> > e1000_alloc_frag >=20 > And when we come back to do the rest of the MTU change: > e1000_up -> e1000_configure -> e1000_configure_rx -> > e1000_alloc_jumbo_rx_buffers >=20 > alloc_jumbo finds the buffers already !=3D NULL, since data (shared with > page in e1000_rx_buffer->rxbuf) has been re-alloc'd, but it's garbage, > or at least not what is expected when in jumbo state. >=20 > This results in an unusable adapter (packets don't get through), and a > NULL pointer dereference on the next call to e1000_clean_rx_ring > (other mtu change, link down, shutdown): >=20 > BUG: unable to handle kernel NULL pointer dereference at > (null) > IP: [] put_compound_page+0x7e/0x330 >=20 > [...] >=20 > Call Trace: > [] put_page+0x55/0x60 > [] e1000_clean_rx_ring+0x134/0x200 > [] e1000_clean_all_rx_rings+0x45/0x60 > [] e1000_down+0x1c0/0x1d0 > [] ? deactivate_slab+0x7f0/0x840 > [] e1000_change_mtu+0xdc/0x170 > [] dev_set_mtu+0xa0/0x140 > [] do_setlink+0x218/0xac0 > [] ? nla_parse+0xb9/0x120 > [] rtnl_newlink+0x6d0/0x890 > [] ? kvm_clock_read+0x20/0x40 > [] ? sched_clock_cpu+0xa8/0x100 > [] rtnetlink_rcv_msg+0x92/0x260 >=20 > By setting the allocator to a dummy version, netpoll can't mess up our > rx buffers. The allocator is set back to a sane value in > e1000_configure_rx. >=20 > Fixes: edbbb3ca1077 ("e1000: implement jumbo receive with partial > descriptors") > Signed-off-by: Sabrina Dubroca > --- > drivers/net/ethernet/intel/e1000/e1000_main.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) Thanks Sabrina, I will add your patch to my queue. It can be viewed at: git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/queue.git https://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/queue.git https://kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/queue.git --=-6auOFN9pXIxTni+O/ALT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJU7aC6AAoJEOVv75VaS+3O74kP/RxCMphyL+IaQfV+A59skFMX Evm5acRUyQ5FjHfvLS1qsyT/HVDLHJoHaPzepIV6tQNSYD0VjLm8DU249ErJsENP G3Vk6LNxhnmdXw1vte3KLLmv20prhw/FjMYrSLFrv5KhQ2IotXN01eB2oUmMxz7o F8p9PYWWmOR1jzl61h0H6Dx3Q9t5xEIZDpkwcK1X7sxNk127ylyJx7b3zhdiOjw/ FDPRT2NbBM9DncHBrE4qHsXwJO/NjaDw50sYD0q+geHWP6muUB4Lehc3/QGybqmL 47ATv3o98lGrpsJhi+yYxoGcKYgOV7yzypdDLQnLaEdumfpJ8l/C8Ek3sJJWeva1 ftiJePRG6U2a4qUu2C2qdg71oAruFOHgngf4tkrjaCjzAM086fVgsuU3CsQRy3Ty wF+LUWFtQwYbjmefIU+ens1VIvamKgQ9jm1PxCH78HjG8FWF2CpbD5WAXnLLQo5s 2nuVddkOT/5Ys+jhqLQrTr5pw4CIo1fGTVesG1JMAIPw43pwMEWYXlyuyzK83Uhf fAjv+c2gD7bd479YyXBphJfcMLCmHDn0YvfNw8EodGWXz/Js34XYLFoctbS2nmbi Umc1aSqIcKpm/b2bEKYus4sbH62ZHHtT8fydx3derrWA590Nl3aHXoa/52fzlfw7 raKEmimEuejIumHeOOtO =1gI5 -----END PGP SIGNATURE----- --=-6auOFN9pXIxTni+O/ALT--