[PATCH 3.16 009/294] net: bcmgenet: check harder for out of memory conditions

From: Ben Hutchings
Date: Mon Nov 06 2017 - 20:15:03 EST

Next message: lei yang: "Re: [PATCH] selftests: fix compile error for sync"
Previous message: Ben Hutchings: "[PATCH 3.16 006/294] net: bridge: fix dest lookup when vlan proto doesn't match"
In reply to: Ben Hutchings: "[PATCH 3.16 006/294] net: bridge: fix dest lookup when vlan proto doesn't match"
Next in thread: Ben Hutchings: "[PATCH 3.16 005/294] perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.50-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Florian Fainelli <f.fainelli@xxxxxxxxx>

commit b629be5c8399d7c423b92135eb43a86c924d1cbc upstream.

There is a potential case where we might be failing to refill a
control block, leaving it with both a NULL skb pointer *and* a NULL
dma_unmap_addr.

The way we process incoming packets, by first calling
dma_unmap_single(), and then only checking for a potential NULL skb can
lead to situations where do pass a NULL dma_unmap_addr() to
dma_unmap_single(), resulting in an oops.

Fix this my moving the NULL skb check earlier, since no backing skb
also means no corresponding DMA mapping for this packet.

Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 33 +++++++++++++++-----------
1 file changed, 19 insertions(+), 14 deletions(-)

--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -1351,12 +1351,29 @@ static unsigned int bcmgenet_desc_rx(str
while ((rxpktprocessed < rxpkttoprocess) &&
(rxpktprocessed < budget)) {

+ cb = &priv->rx_cbs[priv->rx_read_ptr];
+ skb = cb->skb;
+
+ rxpktprocessed++;
+
+ priv->rx_read_ptr++;
+ priv->rx_read_ptr &= (priv->num_rx_bds - 1);
+
+ /* We do not have a backing SKB, so we do not have a
+ * corresponding DMA mapping for this incoming packet since
+ * bcmgenet_rx_refill always either has both skb and mapping or
+ * none.
+ */
+ if (unlikely(!skb)) {
+ dev->stats.rx_dropped++;
+ dev->stats.rx_errors++;
+ goto refill;
+ }
+
/* Unmap the packet contents such that we can use the
* RSV from the 64 bytes descriptor when enabled and save
* a 32-bits register read
*/
- cb = &priv->rx_cbs[priv->rx_read_ptr];
- skb = cb->skb;
dma_unmap_single(kdev, dma_unmap_addr(cb, dma_addr),
priv->rx_buf_len, DMA_FROM_DEVICE);

@@ -1382,18 +1399,6 @@ static unsigned int bcmgenet_desc_rx(str
__func__, p_index, priv->rx_c_index, priv->rx_read_ptr,
dma_length_status);

- rxpktprocessed++;
-
- priv->rx_read_ptr++;
- priv->rx_read_ptr &= (priv->num_rx_bds - 1);
-
- /* out of memory, just drop packets at the hardware level */
- if (unlikely(!skb)) {
- dev->stats.rx_dropped++;
- dev->stats.rx_errors++;
- goto refill;
- }
-
if (unlikely(!(dma_flag & DMA_EOP) || !(dma_flag & DMA_SOP))) {
netif_err(priv, rx_status, dev,
"Droping fragmented packet!\n");

Next message: lei yang: "Re: [PATCH] selftests: fix compile error for sync"
Previous message: Ben Hutchings: "[PATCH 3.16 006/294] net: bridge: fix dest lookup when vlan proto doesn't match"
In reply to: Ben Hutchings: "[PATCH 3.16 006/294] net: bridge: fix dest lookup when vlan proto doesn't match"
Next in thread: Ben Hutchings: "[PATCH 3.16 005/294] perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]