From patchwork Mon Jan 28 18:05:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manish Chopra X-Patchwork-Id: 1032114 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=marvell.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43pHfN66wLz9sDB for ; Tue, 29 Jan 2019 05:07:40 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726879AbfA1SHj (ORCPT ); Mon, 28 Jan 2019 13:07:39 -0500 Received: from mail-eopbgr680080.outbound.protection.outlook.com ([40.107.68.80]:3200 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727035AbfA1SHi (ORCPT ); Mon, 28 Jan 2019 13:07:38 -0500 Received: from DM5PR07CA0083.namprd07.prod.outlook.com (2603:10b6:4:ad::48) by CY4PR07MB2901.namprd07.prod.outlook.com (2603:10b6:903:26::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.18; Mon, 28 Jan 2019 18:07:36 +0000 Received: from BY2NAM05FT053.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::209) by DM5PR07CA0083.outlook.office365.com (2603:10b6:4:ad::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1558.18 via Frontend Transport; Mon, 28 Jan 2019 18:07:35 +0000 Authentication-Results: spf=fail (sender IP is 199.233.58.38) smtp.mailfrom=marvell.com; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=fail action=none header.from=marvell.com; Received-SPF: Fail (protection.outlook.com: domain of marvell.com does not designate 199.233.58.38 as permitted sender) receiver=protection.outlook.com; client-ip=199.233.58.38; helo=CAEXCH02.caveonetworks.com; Received: from CAEXCH02.caveonetworks.com (199.233.58.38) by BY2NAM05FT053.mail.protection.outlook.com (10.152.100.190) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.20.1580.2 via Frontend Transport; Mon, 28 Jan 2019 18:07:34 +0000 Received: from dut1171.mv.qlogic.com (10.112.88.18) by CAEXCH02.caveonetworks.com (10.67.98.110) with Microsoft SMTP Server (TLS) id 14.2.347.0; Mon, 28 Jan 2019 10:05:24 -0800 Received: from dut1171.mv.qlogic.com (localhost [127.0.0.1]) by dut1171.mv.qlogic.com (8.14.7/8.14.7) with ESMTP id x0SI5NME009955; Mon, 28 Jan 2019 10:05:23 -0800 Received: (from root@localhost) by dut1171.mv.qlogic.com (8.14.7/8.14.7/Submit) id x0SI5NWb009954; Mon, 28 Jan 2019 10:05:23 -0800 From: Manish Chopra To: CC: , , Subject: [PATCH net 4/5] qed: Fix system crash in ll2 xmit Date: Mon, 28 Jan 2019 10:05:07 -0800 Message-ID: <20190128180508.9902-5-manishc@marvell.com> X-Mailer: git-send-email 2.12.0 In-Reply-To: <20190128180508.9902-1-manishc@marvell.com> References: <20190128180508.9902-1-manishc@marvell.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131931724553437378; (abac79dc-c90b-41ba-8033-08d666125e47); (abac79dc-c90b-41ba-8033-08d666125e47) X-Forefront-Antispam-Report: CIP:199.233.58.38; IPV:CAL; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(396003)(376002)(346002)(136003)(39860400002)(2980300002)(1109001)(1110001)(339900001)(199004)(189003)(105606002)(107886003)(2351001)(76176011)(486006)(2616005)(126002)(476003)(47776003)(6862004)(336012)(51416003)(106466001)(14444005)(50226002)(11346002)(446003)(26005)(85426001)(69596002)(80596001)(16586007)(54906003)(42186006)(305945005)(81156014)(87636003)(8936002)(53936002)(81166006)(316002)(97736004)(2906002)(8676002)(86362001)(26826003)(48376002)(498600001)(4326008)(36756003)(50466002)(68736007)(1076003)(6666004)(356004); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR07MB2901; H:CAEXCH02.caveonetworks.com; FPR:; SPF:Fail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT053; 1:4VFNUceh0aevd7cbrDMAcMDjM1eT4uSbmaAMNpjFpaWMyMJtkdrNU25LLmUIKwdzwr5vHQ5ucaSz39XyzyZiZv5XMOPOVQvrJi+jbGC7rkudBQZuCpfsTaxOmXMLLT1fNBiYcPH/xHrQx+I7S42YmyUzZKBdpJzqmFoyudfNyp4= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3345e38d-42b6-4d18-b48e-08d6854b7b05 X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(5600110)(711020)(4605077)(2017052603328); SRVR:CY4PR07MB2901; X-Microsoft-Exchange-Diagnostics: 1; CY4PR07MB2901; 3:UsJ1fcztsFCnQVtlc9GcfWpJqBPUzaABdAcSC854Tld3oJ8/fprmPTlVb/JdN6b+JEcx+DiiAdWElzW1ck8eIPM4XbOb6pqS7hLkvPt6gE88qyabenEVPQwu7mua4r8cLywWFKMmYreDc87DzW1cm/U1/53Z/0KT4GbWmAYSsVQ2XKhMeE0ULJ5ClNKgLBYJIQ6AHRogjyqy9PDNEhjsrW98Ni3CCD4+jCbR2E8AhFBLKrkVIrs/0d0EacaPT8t1bPW/UpNDCfeKNovJ5nQBFnY6IGsIIGWDa2a1d9Pod8+Ne7f301izYIcTL4YPHPNfz8Pmd/QNeOEVP8FSuWNKuU4TjPKENsHLWAVW7kOR5oaQv7lYqzdp6EfjZhrrc3gV; 25:ILx2nSuHWfFVHUdVWLbVpT2drPZrJWdoTT9HPEH3KKR5BiwVv/RJefF0eLNBOXq+trT3Fi6iG/rmpDd1reEvTGPjCv4ww9ss5ILCJaaFYv1fQ+KvX1Njl4+Cz/oexs47sMqGNs3r1JkYXkpXOkkZDudAVqR9p7mfV2tECRAYdfQiNvct66hhIkjUHme5MWO1TKLAGdTl5Q5ct0jcekEg+YeR+WK8xA4c9At4y5Yp/DffoZgOulPNZWv4TBCI9jivbrLKVTyNixlQ9XNVVoqB+ub0o7Od8afNfA9s6CH8mHhsKxgA4GvFI5tm/Evub7Ths3Sg2YGWKLtCw1UAasiASA== X-MS-TrafficTypeDiagnostic: CY4PR07MB2901: X-Microsoft-Exchange-Diagnostics: 1; CY4PR07MB2901; 31:amoV9SlIUrmK0oat5Hr16qcMEFJcWH7rnWwk3VhuKwjRVEHxDSCXmACP1jwzBFxVrszMYiYGpspmBKKrvvDvxFqM0YFbHbRpxyINfZ5Cjw6cFqgwBSIVSHgzFoqLYUKcg1jI17+FsSMu9GAkJ7MQlZvtZdC6T9RyNeEAcUptohwAeBebroC/KX77KJMmrulnekiCFUDdYjrp8mvSyjALcPOxe7lLANfjlSjOuEuxQTs=; 4:ufF5AnnxQTFSAbzbNUjBdK/qLP396JtEb53/zagA2PVMBynFuujQJ0WvQCg9mff5Jr2WyphGyrSba/6QS1uWk5ad1itx4ZaVBPdgFi3WwBtoAJZdEbj2r6H9cPhv1AR4QGK9rvoylDpjmXQoBGJhVlVogCmD5ZIoaTwUMHF2m/3jWKiFsBRQEv65X3Xam5ea0T7w/0ndQyJEenMAv2Qfg5vOaXnW+mMogfCO/DUiaItDFG07gOx5aD0eubw9xVdYxm9vtjDhQvqSsHCMb8nXqq48QGPn8RQJJ0lUxve4toA= X-Microsoft-Antispam-PRVS: X-Forefront-PRVS: 0931CB1479 X-Microsoft-Exchange-Diagnostics: 1; CY4PR07MB2901; 23:dcSHQSSmeQq8zRyhchFkCNXPGgyc0cnZW4wjl4IZDF9dZD1Daw/0dZYLMn2pPzXROCRA1YmBV3oPQxtYAWCca5t9btXV//HOIEK8FGdkKab+sDcTM0g2uWXu2Qm+9M8hNsV7ZbkQtl2iFfR967Opg5UVO5obNtn6yVXFx962LtTctQbTRqMwHBXxcL9jFpCFDm9Hv+/RoBoY3gCzp80AztSGoaWAUFX6mltfSSxWnQygT2oW9f+sUYYOSzpBbowrevD3vdoKAvOWvhdGYRvsfbk93Y8xhCbvDQogMiRDfx9RvZS9bgMb7C1hmL4qsNqY5fZUZXyN448ZgxJsvjkGm5MwqEGDoXSlP1KPeKrxvKSnO2aOvKtHhK9ydHNtl97mHHtNEX6FaoC0Z/cheW9DldS45RTYAoMWq25tAFWGWbAXhbT1ljsMUu7bYwFbo4RiEkI7c6/Ck+Xh67dSletbJ4jnBm2aojXBUPbzB9Kt4mQdZfycTLnUWhjqMOGLRgpUwaiu0NChy9md7l99htesll4Sn/NYO9XHkDVwlu0+R40j6Z4tRaTkJFKTo1FTosJPhxw1KYWjPGLCR+1G+4ddo4k0j1PSE6iIdZSmHFckMfy8wMETAQQgYPXnJy5d4yeYeLAs8nhQpNdpZvk0wekyWSTn0yoyrgRYbdZa5CyJRNmPEWD0yoME09N9gnkRP6noXMEnWDY95nVc/a7qwWEOQey+Tx0TniGUJXDv+AXoQ3M0fHSiIWRcXV1skkXKMAOJ0O0rAkDUI05VWCSAFwlxkbrQVMkOMd3lwT/6R9tseruqJDz5/9sv7L7gxFbKiNEyLlL5tjCYpF+1J8i+mjW8ypJm7rj6+YSdPDp3jUZUAX5PgflhbUCwphci94zTqrMX50ja/0w+RKaFfdSmaUKxq002BlUIK17uSKZwzM2LNIW1bZWH8xXG657rE2a1sAXeuJKNeZtz5FS6fZM+pO/C6jHJ/++XpWWqBFzZv8XKUwDfv78cMbywCbYlBJVpnCGqstLuVEO5iWX/xCkYoiaEiejwb4kVhSSajFn1WAi9KXZa1DqLUlZnpIHKS9s65Q2hFPjjIhGrfO9oRi85ACBJoXJqmgS+drByvWiHpxtaKhvzXQ1IhGOCJJCe9c2ctU/fuj/RlxWhgIDQP+8mYqBNX7UKz5o999Sc0fv/jcWbS8UkdZUN+MLqsmKMhisNe1lwX0DQnSwCrrAg+xqihxXux2h8Ec7lNWX7nE0dFBuWV1Q= X-Microsoft-Antispam-Message-Info: 6868dCo9rrbk1gwpIkkXy5RADHj74YZItNM7Q+O4AiWTE9qSlc01uiXEeKDgvnbSvVAzucrLN9NP+p8bfwS4pn0hj3U/4hyVv3hbGlgOOiIQyKC3Kafm8ieiuxYLafOUTvgVtU8TPgOWIEy+44kLNcRa81U7F7PHOnx78OgKUy/f4Nv2ClGtvuTpuX9zH6WZu1TNTgfKC0bngRePucJr2dggTKmGZwMfzRzBBPvo+vx7LcD5a83wLweTT6xBvwu2EHL+Hk1mstlZaTa3FQ9Ftt1cFbBTA1+vPrk7XmwuTNLCqN9gfoQn9LWNYMFCGXca4yoC0XeiROGzjhjNFo6RRMQpCGKTd1VOQFIaBo0Z0Ls/L3uhqhbw8O11AMFDpWWtDFz4Mk2w7VtHOhS1t3Yr1p0EXNpdyCEHLbRFeOfXCKs= X-Microsoft-Exchange-Diagnostics: 1; CY4PR07MB2901; 6:S+ZGnI1mdhbVJdrmJ830QkYCmQZvKhYV+kP8Y9SiUPY1MTxWDLAsjy9ltVgm6PlE5nLmWwaS7oq9NeFGleMyGjlU1QsncK1Bx0cuQ0OMFTIePJ0+eM+0I3hINjQZxEt0blAhMbDvLK93I8hFzQF/AEVCAJ0amG8wpGB2FHxLivJjpwv0sqldiddf+DYVJetiZbqmvZvd9ga7I2jM2MjI4rbDvk8dCkYac/zKbrEGD6clI+YRJ6kezO0M5cDNNSbDnN8PZghF3QkBd9t6XBYcQaTb+UjR12u4BPofkqvD4dcQPBHiShVU4sIZluPaRSE1C9TbcgPexh/rktLyvDJ/UIAE4ECHf99XU0htQ8wK9RWrChgtxSBd38nG0pv/y2jVscNzly1PjnaY2iuLOeCI0d4YOYfJ4kYK5E6kEXSObc+003kg8Peb51/NyqYUNPkunorJo72ygLZ/JPC9AzbW6Q==; 5:nJGhJVopNYMZGXDVwrkj/rYF6oJNMYHDBcd2xEOU22RR+BhvC9V/bSNFbMhet+SqOnYQFYXJcZiWuCB/zyifLX3qzT1nSCFw76mxEjUPao8ZIgXk5etszFDgk1LUTrCz8nLrDp1Xy4TZ9iVMqcYlz+xeZC0go1YijAwCW41c/kBcZNkBfwiZMzRuDRSGWCHs8VBpZeE45OB6sF3AFxK1ng==; 7:hEAcoZQclelWQzruRC9cmGGTE76dnv/LgKNsYggVrPbL8/KzeAUw6n/OJiv2OQdVBLBgrN6N4EqU3MdCbLH/8FnRkpDQiZdVUf6Bqm1HMwdBkhNihXEYUoM4LLfGOIApR1KE59fVa23dYOnLeVYhUw== X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jan 2019 18:07:34.8603 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3345e38d-42b6-4d18-b48e-08d6854b7b05 X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[199.233.58.38]; Helo=[CAEXCH02.caveonetworks.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR07MB2901 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Cache number of fragments in the skb locally as in case of linear skb (with zero fragments), tx completion (or freeing of skb) may happen before driver tries to get number of frgaments from the skb which could lead to stale access to an already freed skb. Signed-off-by: Manish Chopra Signed-off-by: Ariel Elior --- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_ll2.c b/drivers/net/ethernet/qlogic/qed/qed_ll2.c index d9237c6..b5f419b 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_ll2.c +++ b/drivers/net/ethernet/qlogic/qed/qed_ll2.c @@ -2451,19 +2451,24 @@ static int qed_ll2_start_xmit(struct qed_dev *cdev, struct sk_buff *skb, { struct qed_ll2_tx_pkt_info pkt; const skb_frag_t *frag; + u8 flags = 0, nr_frags; int rc = -EINVAL, i; dma_addr_t mapping; u16 vlan = 0; - u8 flags = 0; if (unlikely(skb->ip_summed != CHECKSUM_NONE)) { DP_INFO(cdev, "Cannot transmit a checksummed packet\n"); return -EINVAL; } - if (1 + skb_shinfo(skb)->nr_frags > CORE_LL2_TX_MAX_BDS_PER_PACKET) { + /* Cache number of fragments from SKB since SKB may be freed by + * the completion routine after calling qed_ll2_prepare_tx_packet() + */ + nr_frags = skb_shinfo(skb)->nr_frags; + + if (1 + nr_frags > CORE_LL2_TX_MAX_BDS_PER_PACKET) { DP_ERR(cdev, "Cannot transmit a packet with %d fragments\n", - 1 + skb_shinfo(skb)->nr_frags); + 1 + nr_frags); return -EINVAL; } @@ -2485,7 +2490,7 @@ static int qed_ll2_start_xmit(struct qed_dev *cdev, struct sk_buff *skb, } memset(&pkt, 0, sizeof(pkt)); - pkt.num_of_bds = 1 + skb_shinfo(skb)->nr_frags; + pkt.num_of_bds = 1 + nr_frags; pkt.vlan = vlan; pkt.bd_flags = flags; pkt.tx_dest = QED_LL2_TX_DEST_NW; @@ -2496,12 +2501,17 @@ static int qed_ll2_start_xmit(struct qed_dev *cdev, struct sk_buff *skb, test_bit(QED_LL2_XMIT_FLAGS_FIP_DISCOVERY, &xmit_flags)) pkt.remove_stag = true; + /* qed_ll2_prepare_tx_packet() may actually send the packet if + * there are no fragments in the skb and subsequently the completion + * routine may run and free the SKB, so no dereferencing the SKB + * beyond this point unless skb has any fragments. + */ rc = qed_ll2_prepare_tx_packet(&cdev->hwfns[0], cdev->ll2->handle, &pkt, 1); if (rc) goto err; - for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { + for (i = 0; i < nr_frags; i++) { frag = &skb_shinfo(skb)->frags[i]; mapping = skb_frag_dma_map(&cdev->pdev->dev, frag, 0,