| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 01 Jun 2014 19:26:13 -0700 (PDT) From: David Miller <davem@...emloft.net> To: wenxiong@...ux.vnet.ibm.com Cc: ariel.elior@...gic.com, netdev@...r.kernel.org, miltonm@....com Subject: Re: [PATCH V2 2/2] bnx2x: Fix kernel crash and data miscompare after EEH recovery From: wenxiong@...ux.vnet.ibm.com Date: Wed, 28 May 2014 10:56:43 -0500 > A rmb() is required to ensure that the CQE is not read before it > is written by the adapter DMA. PCI ordering rules will make sure > the other fields are written before the marker at the end of struct > eth_fast_path_rx_cqe but without rmb() a weakly ordered processor can > process stale data. > > Without the barrier we have observed various crashes including > bnx2x_tpa_start being called on queues not stopped (resulting in message > start of bin not in stop) and NULL pointer exceptions from bnx2x_rx_int. > > Signed-off-by: Milton Miller <miltonm@....com> > Signed-off-by: Wen Xiong <wenxiong@...ux.vnet.ibm.com> > --- > drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > Index: b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > =================================================================== > --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c 2014-05-23 10:34:21.000000000 -0500 > +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c 2014-05-28 10:54:26.627766086 -0500 > @@ -906,6 +906,18 @@ static int bnx2x_rx_int(struct bnx2x_fas > bd_prod = RX_BD(bd_prod); > bd_cons = RX_BD(bd_cons); > > + /* A rmb() is required to ensure that the CQE is not read > + * before it is written by the adapter DMA. PCI ordering > + * rules will make sure the other fields are written before > + * the marker at the end of struct eth_fast_path_rx_cqe > + * but without rmb() a weakly ordered processor can process > + * stale data. Without the barrier TPA state-machine might > + * enter inconsistent state and kernel stack might be > + * provided with incorrect packet description - these lead > + * to various kernel crashed. > + */ Missing a space before the final "*/", this is not formatted correctly. Please fix this and resubmit the whole series. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists