From: Jakub Kicinski <kuba@kernel.org>
To: Stefan Wahren <wahrenst@gmx.net>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Lino Sanfilippo <LinoSanfilippo@gmx.de>,
Florian Fainelli <f.fainelli@gmail.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2 1/3] qca_debug: Prevent crash on TX ring changes
Date: Fri, 1 Dec 2023 20:47:14 -0800 [thread overview]
Message-ID: <20231201204714.21f7124c@kernel.org> (raw)
In-Reply-To: <20231129095241.31302-2-wahrenst@gmx.net>
On Wed, 29 Nov 2023 10:52:39 +0100 Stefan Wahren wrote:
> The qca_spi driver stop and restart the SPI kernel thread
> (via ndo_stop & ndo_open) in case of TX ring changes. This is
> a big issue because it allows userspace to prevent restart of
> the SPI kernel thread (via signals). A subsequent change of
> TX ring wrongly assume a valid spi_thread pointer which result
> in a crash.
>
> So prevent this by stopping the network queue and temporary park
> the SPI thread. Because this could happen during transmission
> we also need to call qcaspi_flush_tx_ring().
>
> Fixes: 291ab06ecf67 ("net: qualcomm: new Ethernet over SPI driver for QCA7000")
> Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Still looks a bit racy.
> diff --git a/drivers/net/ethernet/qualcomm/qca_debug.c b/drivers/net/ethernet/qualcomm/qca_debug.c
> index 6f2fa2a42770..9777dbb17ac2 100644
> --- a/drivers/net/ethernet/qualcomm/qca_debug.c
> +++ b/drivers/net/ethernet/qualcomm/qca_debug.c
> @@ -263,22 +263,29 @@ qcaspi_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ring,
> struct kernel_ethtool_ringparam *kernel_ring,
> struct netlink_ext_ack *extack)
> {
> - const struct net_device_ops *ops = dev->netdev_ops;
> struct qcaspi *qca = netdev_priv(dev);
> + bool queue_active = !netif_queue_stopped(dev);
nothing prevents stopped -> running or running -> stopped
transitions at this point, so this check can be meaningful
> if ((ring->rx_pending) ||
> (ring->rx_mini_pending) ||
> (ring->rx_jumbo_pending))
> return -EINVAL;
>
> - if (netif_running(dev))
> - ops->ndo_stop(dev);
> + if (queue_active)
> + netif_stop_queue(dev);
This doesn't wait for xmit to finish, it just sets a bit.
You probably want something like netif_tx_disable().
Also - the thread may still be running and wake the queue up right after
we stop it.
--
pw-bot: cr
next prev parent reply other threads:[~2023-12-02 4:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 9:52 [PATCH V2 0/3] qca_spi: collection of major fixes Stefan Wahren
2023-11-29 9:52 ` [PATCH V2 1/3] qca_debug: Prevent crash on TX ring changes Stefan Wahren
2023-12-02 4:47 ` Jakub Kicinski [this message]
2023-11-29 9:52 ` [PATCH V2 2/3] qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren
2023-11-29 9:52 ` [PATCH V2 3/3] qca_spi: Fix reset behavior Stefan Wahren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231201204714.21f7124c@kernel.org \
--to=kuba@kernel.org \
--cc=LinoSanfilippo@gmx.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wahrenst@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).