lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8a7b260a-4012-f73e-84e6-c449a73ed0ff@gmail.com>
Date:   Thu, 31 Mar 2022 01:31:19 +0900
From:   Taehee Yoo <ap420073@...il.com>
To:     davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
        netdev@...r.kernel.org, ecree.xilinx@...il.com,
        habetsm.xilinx@...il.com, ast@...nel.org, daniel@...earbox.net,
        hawk@...nel.org, john.fastabend@...il.com,
        cmclachlan@...arflare.com
Subject: Re: [PATCH net] net: sfc: add missing xdp queue reinitialization



On 3/31/22 01:10, Taehee Yoo wrote:
> After rx/tx ring buffer size is changed, kernel panic occurs when
> it acts XDP_TX or XDP_REDIRECT.
> 
> When tx/rx ring buffer size is changed(ethtool -G), sfc driver
> reallocates and reinitializes rx and tx queues and their buffers
> (tx_queue->buffer).
> But it misses reinitializing xdp queues and buffers.
> So, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized
> tx_queue->buffer.
> 
> A new function efx_set_xdp_channels() is separated from efx_set_channels()
> to handle only xdp queues.
> 
> Splat looks like:
>     BUG: kernel NULL pointer dereference, address: 000000000000002a
>     #PF: supervisor write access in kernel mode
>     #PF: error_code(0x0002) - not-present page
>     PGD 0 P4D 0
>     Oops: 0002 [#4] PREEMPT SMP NOPTI
>     RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]
>     CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.17.0+ #55 e8beeee8289528f11357029357cf
>     Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80
>     RSP: 0018:ffff92f121e45c60 EFLAGS: 00010297
>     RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]
>     RAX: 0000000000000040 RBX: ffff92ea506895c0 RCX: ffffffffc0330870
>     RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0
>     RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000
>     R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040
>     R13: 0000000000000018 R14: 00000001139b10ce R15: ffff92ea506895c0
>     FS:  0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000
>     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>     Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80
>     CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0
>     RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297
>     PKRU: 55555554
>     RAX: 0000000000000040 RBX: ffff92ea50689700 RCX: ffffffffc0330870
>     RDX: 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700
>     RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000
>     R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040
>     R13: 0000000000000018 R14: 00000001145a90ce R15: ffff92ea50689700
>     FS:  0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000
>     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>     CR2: 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0
>     PKRU: 55555554
>     Call Trace:
>      <IRQ>
>      efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
>      __efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
>      efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
>      efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
>      ? enqueue_task_fair+0x95/0x550
>      efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
> 
> Fixes: 3990a8fffbda ("sfc: allocate channels for XDP tx queues")
> Signed-off-by: Taehee Yoo <ap420073@...il.com>
> ---
>   drivers/net/ethernet/sfc/efx_channels.c | 147 +++++++++++++-----------
>   1 file changed, 82 insertions(+), 65 deletions(-)
> 
> diff --git a/drivers/net/ethernet/sfc/efx_channels.c b/drivers/net/ethernet/sfc/efx_channels.c
> index d6fdcdc530ca..271f3bdfc141 100644
> --- a/drivers/net/ethernet/sfc/efx_channels.c
> +++ b/drivers/net/ethernet/sfc/efx_channels.c
> @@ -789,6 +789,86 @@ void efx_remove_channels(struct efx_nic *efx)
>   	kfree(efx->xdp_tx_queues);
>   }
>   
> +static inline int efx_set_xdp_tx_queue(struct efx_nic *efx,

I will send v2 patch to remove this inline keywork.

> +				       int xdp_queue_number,
> +				       struct efx_tx_queue *tx_queue)
> +{

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ