linux/drivers
Maciej Fijalkowski abaf8d51b0 ice: recycle/free all of the fragments from multi-buffer frame
The ice driver caches next_to_clean value at the beginning of
ice_clean_rx_irq() in order to remember the first buffer that has to be
freed/recycled after main Rx processing loop. The end boundary is
indicated by first descriptor of frame that Rx processing loop has ended
its duties. Note that if mentioned loop ended in the middle of gathering
multi-buffer frame, next_to_clean would be pointing to the descriptor in
the middle of the frame BUT freeing/recycling stage will stop at the
first descriptor. This means that next iteration of ice_clean_rx_irq()
will miss the (first_desc, next_to_clean - 1) entries.

 When running various 9K MTU workloads, such splats were observed:

[  540.780716] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  540.787787] #PF: supervisor read access in kernel mode
[  540.793002] #PF: error_code(0x0000) - not-present page
[  540.798218] PGD 0 P4D 0
[  540.800801] Oops: 0000 [#1] PREEMPT SMP NOPTI
[  540.805231] CPU: 18 PID: 3984 Comm: xskxceiver Tainted: G        W          6.3.0-rc7+ #96
[  540.813619] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[  540.824209] RIP: 0010:ice_clean_rx_irq+0x2b6/0xf00 [ice]
[  540.829678] Code: 74 24 10 e9 aa 00 00 00 8b 55 78 41 31 57 10 41 09 c4 4d 85 ff 0f 84 83 00 00 00 49 8b 57 08 41 8b 4f 1c 65 8b 35 1a fa 4b 3f <48> 8b 02 48 c1 e8 3a 39 c6 0f 85 a2 00 00 00 f6 42 08 02 0f 85 98
[  540.848717] RSP: 0018:ffffc9000f42fc50 EFLAGS: 00010282
[  540.854029] RAX: 0000000000000004 RBX: 0000000000000002 RCX: 000000000000fffe
[  540.861272] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff
[  540.868519] RBP: ffff88984a05ac00 R08: 0000000000000000 R09: dead000000000100
[  540.875760] R10: ffff88983fffcd00 R11: 000000000010f2b8 R12: 0000000000000004
[  540.883008] R13: 0000000000000003 R14: 0000000000000800 R15: ffff889847a10040
[  540.890253] FS:  00007f6ddf7fe640(0000) GS:ffff88afdf800000(0000) knlGS:0000000000000000
[  540.898465] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  540.904299] CR2: 0000000000000000 CR3: 000000010d3da001 CR4: 00000000007706e0
[  540.911542] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  540.918789] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  540.926032] PKRU: 55555554
[  540.928790] Call Trace:
[  540.931276]  <TASK>
[  540.933418]  ice_napi_poll+0x4ca/0x6d0 [ice]
[  540.937804]  ? __pfx_ice_napi_poll+0x10/0x10 [ice]
[  540.942716]  napi_busy_loop+0xd7/0x320
[  540.946537]  xsk_recvmsg+0x143/0x170
[  540.950178]  sock_recvmsg+0x99/0xa0
[  540.953729]  __sys_recvfrom+0xa8/0x120
[  540.957543]  ? do_futex+0xbd/0x1d0
[  540.961008]  ? __x64_sys_futex+0x73/0x1d0
[  540.965083]  __x64_sys_recvfrom+0x20/0x30
[  540.969155]  do_syscall_64+0x38/0x90
[  540.972796]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  540.977934] RIP: 0033:0x7f6de5f27934

To fix this, set cached_ntc to first_desc so that at the end, when
freeing/recycling buffers, descriptors from first to ntc are not missed.

Fixes: 2fba7dc515 ("ice: Add support for XDP multi-buffer on Rx side")
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Tested-by: Chandan Kumar Rout <chandanx.rout@intel.com> (A Contingent Worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20230531154457.3216621-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-06-01 09:59:39 -07:00
..
accel Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
accessibility
acpi ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P 2023-05-15 14:21:58 +02:00
amba
android
ata Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
atm
auxdisplay
base driver core: class: properly reference count class_dev_iter() 2023-05-19 11:03:36 +01:00
bcma bcma: Add explicit of_device.h include 2023-04-14 15:32:56 +03:00
block ublk: fix AB-BA lockdep warning 2023-05-18 07:59:08 -06:00
bluetooth Bluetooth: btnxpuart: Fix compiler warnings 2023-05-19 15:38:29 -07:00
bus modules-6.4-rc1 2023-04-27 16:36:55 -07:00
cdrom
cdx cdx: fix build failure due to sysfs 'bus_type' argument needing to be const 2023-04-27 16:21:32 -07:00
char tpm: tpm_tis: Disable interrupts for AEON UPX-i11 2023-05-24 02:50:23 +03:00
clk A couple more patches that would be good to get into -rc1. 2023-05-07 10:31:45 -07:00
clocksource Timekeeping and clocksource/event driver updates the second batch: 2023-04-29 10:24:30 -07:00
comedi
connector
counter - New Drivers 2023-05-02 10:41:31 -07:00
cpufreq cpufreq: ACPI: Prevent a warning when another frequency driver is loaded 2023-05-15 19:59:29 +02:00
cpuidle RISC-V: Align SBI probe implementation with spec 2023-04-29 13:04:50 -07:00
crypto This push fixes the following problems: 2023-05-07 10:57:14 -07:00
cxl cxl: Add missing return to cdat read error path 2023-05-13 00:20:06 -07:00
dax
dca Mainly singleton patches all over the place. Series of note are: 2023-04-27 19:57:00 -07:00
devfreq Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
dio
dma dmaengine updates for v6.4 2023-05-03 11:11:56 -07:00
dma-buf - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
edac Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
eisa
extcon
firewire firewire: net: fix unexpected release of object for asynchronous request packet 2023-05-11 09:06:49 +09:00
firmware Merge tag 'drm-misc-fixes-2023-05-11' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes 2023-05-12 05:32:36 +10:00
fpga Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
fsi
gnss
gpio hte: Changes for v6.4-rc1 2023-05-03 11:00:27 -07:00
gpu Merge tag 'amd-drm-fixes-6.4-2023-05-18' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes 2023-05-19 11:26:21 +10:00
greybus
hid Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
hsi
hte Devicetree updates for v6.4, part 2: 2023-04-27 10:09:05 -07:00
hv hyperv-next for v6.4 2023-04-27 17:17:12 -07:00
hwmon hwmon: (k10temp) Add PCI ID for family 19, model 78h 2023-05-08 11:36:19 +02:00
hwspinlock
hwtracing coresight: Updates for v6.4 2023-04-19 15:08:11 +02:00
i2c i2c: gxp: fix build failure without CONFIG_I2C_SLAVE 2023-05-03 17:27:29 +02:00
i3c i3c: ast2600: set variable ast2600_i3c_ops storage-class-specifier to static 2023-04-30 23:50:26 +02:00
idle intel_idle: mark few variables as __read_mostly 2023-04-27 19:37:36 +02:00
iio Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
infiniband v6.4 merge window RDMA pull request 2023-04-29 17:21:24 -07:00
input Input updates for 6.4 merge window: 2023-05-01 17:18:56 -07:00
interconnect modules-6.4-rc1 2023-04-27 16:36:55 -07:00
iommu drm fixes for 6.4-rc3 2023-05-19 19:11:20 -07:00
ipack
irqchip - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
isdn Including fixes from netfilter. 2023-05-05 19:12:01 -07:00
leds - New Drivers 2023-05-02 10:36:02 -07:00
macintosh powerpc updates for 6.4 2023-04-28 16:24:32 -07:00
mailbox - mailbox api: allow direct registration to a channel 2023-05-07 10:17:33 -07:00
mcb mcb-lpc: Reallocate memory region to avoid memory overlapping 2023-04-20 14:24:01 +02:00
md for-6.4/block-2023-05-06 2023-05-06 08:28:58 -07:00
media media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 2023-05-14 16:04:48 +01:00
memory ARM: SoC drivers for v6.4 2023-04-25 12:02:16 -07:00
memstick
message Objtool changes for v6.4: 2023-04-28 14:02:54 -07:00
mfd - New Drivers 2023-05-02 10:41:31 -07:00
misc Objtool changes for v6.4: 2023-04-28 14:02:54 -07:00
mmc mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works 2023-05-09 11:55:02 +02:00
most
mtd This pull request contains updates for UBI and UBIFS 2023-05-03 18:58:59 -07:00
mux
net ice: recycle/free all of the fragments from multi-buffer frame 2023-06-01 09:59:39 -07:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-05-26 12:18:35 +01:00
ntb
nubus
nvdimm
nvme Merge tag 'nvme-6.4-2023-05-18' of git://git.infradead.org/nvme into block-6.4 2023-05-18 19:46:42 -06:00
nvmem modules-6.4-rc1 2023-04-27 16:36:55 -07:00
of Devicetree fixes for 6.4, part 1: 2023-05-05 13:27:59 -07:00
opp Devicetree updates for v6.4, part 2: 2023-04-27 10:09:05 -07:00
parisc parisc: Replace regular spinlock with spin_trylock on panic path 2023-05-03 17:43:26 +02:00
parport
pci cxl for v6.4 2023-04-30 11:51:51 -07:00
pcmcia
peci
perf RISC-V: Align SBI probe implementation with spec 2023-04-29 13:04:50 -07:00
phy phy fixes for 6.4 2023-05-05 11:57:29 -07:00
pinctrl Pin control bulk changes for the v6.4 kernel: 2023-05-02 15:40:41 -07:00
platform platform/x86/intel/ifs: Annotate work queue on stack so object debug does not complain 2023-05-23 12:55:16 +02:00
pnp
power power: supply: Fix logic checking if system is running from battery 2023-05-16 23:02:56 +02:00
powercap
pps
ps3
ptp Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
pwm pwm: Changes for v6.4-rc1 2023-05-03 11:25:01 -07:00
rapidio Mainly singleton patches all over the place. Series of note are: 2023-04-27 19:57:00 -07:00
ras
regulator regulator: mt6359: add read check for PMIC MT6359 2023-05-18 19:24:47 +09:00
remoteproc Mainly singleton patches all over the place. Series of note are: 2023-04-27 19:57:00 -07:00
reset Nothing looks out of the ordinary in this batch of clk driver updates. There 2023-04-29 17:29:39 -07:00
rpmsg Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
rtc - New Drivers 2023-05-02 10:41:31 -07:00
s390 block-6.4-2023-05-20 2023-05-20 08:48:04 -07:00
sbus Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
scsi scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed 2023-05-16 21:56:35 -04:00
sh
siox
slimbus
soc modules-6.4-rc1 2023-04-27 16:36:55 -07:00
soundwire
spi spi: spi-cadence: Interleave write of TX and read of RX FIFO 2023-05-22 11:41:05 +01:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-04-20 14:16:39 +02:00
ssb
staging modules-6.4-rc1 2023-04-27 16:36:55 -07:00
target
tc
tee Driver core changes for 6.4-rc1 2023-04-27 11:53:57 -07:00
thermal thermal: intel: powerclamp: Fix NULL pointer access issue 2023-05-04 20:30:18 +02:00
thunderbolt thunderbolt: Clear registers properly when auto clear isn't in use 2023-05-09 09:39:03 +03:00
tty vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF 2023-05-13 20:01:13 +09:00
ufs scsi: ufs: core: Fix MCQ nr_hw_queues 2023-05-16 21:07:26 -04:00
uio
usb xhci: Fix incorrect tracking of free space on transfer rings 2023-05-16 16:57:49 +02:00
vdpa virtio,vhost,vdpa: features, fixes, cleanups 2023-04-27 17:05:34 -07:00
vfio VFIO updates for v6.4-rc1 2023-05-02 11:56:43 -07:00
vhost Scheduler changes for v6.4: 2023-04-28 14:53:30 -07:00
video fbdev: stifb: Whitespace cleanups 2023-05-20 22:48:46 +02:00
virt Devicetree updates for v6.4, part 2: 2023-04-27 10:09:05 -07:00
virtio - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
vlynq
w1 Char/Misc drivers for 6.4-rc1 2023-04-27 12:07:50 -07:00
watchdog linux-watchdog 6.4-rc1 tag 2023-05-04 18:33:56 -07:00
xen xen: branch for v6.4-rc1 2023-04-27 17:27:06 -07:00
zorro
Kconfig
Makefile