e100 REGRESSION in 2.6.32 (PATCH)

Message ID	200912171414.16846.roger.oksanen@cs.helsinki.fi
State	Superseded, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 8DC0FB6F2B for <patchwork-incoming@ozlabs.org>; Thu, 17 Dec 2009 23:15:48 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1764569AbZLQMPG (ORCPT <rfc822;patchwork-incoming@ozlabs.org>); Thu, 17 Dec 2009 07:15:06 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754341AbZLQMPF (ORCPT <rfc822; netdev-outgoing>); Thu, 17 Dec 2009 07:15:05 -0500 Received: from courier.cs.helsinki.fi ([128.214.9.1]:46557 "EHLO mail.cs.helsinki.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753424AbZLQMPE (ORCPT <rfc822;netdev@vger.kernel.org>); Thu, 17 Dec 2009 07:15:04 -0500 Received: from ironman.localnet (cs181132152.pp.htv.fi [82.181.132.152]) (AUTH: PLAIN raoksane, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by mail.cs.helsinki.fi with esmtp; Thu, 17 Dec 2009 14:15:00 +0200 id 0008C62D.4B2A20C4.00001E58 From: Roger Oksanen <roger.oksanen@cs.helsinki.fi> To: Alan Stern <stern@rowland.harvard.edu> Subject: Re: e100 REGRESSION in 2.6.32 (PATCH) Date: Thu, 17 Dec 2009 14:14:16 +0200 User-Agent: KMail/1.12.4 (Linux/2.6.32-ironman-1; KDE/4.3.4; i686; ; ) Cc: "Brandeburg, Jesse" <jesse.brandeburg@intel.com>, "Kirsher, Jeffrey T" <jeffrey.t.kirsher@intel.com>, "Allan, Bruce W" <bruce.w.allan@intel.com>, "Waskiewicz Jr, Peter P" <peter.p.waskiewicz.jr@intel.com>, "Ronciak, John" <john.ronciak@intel.com>, "e1000-devel@lists.sourceforge.net" <e1000-devel@lists.sourceforge.net>, Kernel development list <linux-kernel@vger.kernel.org>, netdev@vger.kernel.org, David Miller <davem@davemloft.net>, Roger Oksanen <roger.oksanen@cs.helsinki.fi> References: <Pine.LNX.4.44L0.0912161447260.2643-100000@iolanthe.rowland.org> In-Reply-To: <Pine.LNX.4.44L0.0912161447260.2643-100000@iolanthe.rowland.org> MIME-Version: 1.0 Message-Id: <200912171414.16846.roger.oksanen@cs.helsinki.fi> Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: <netdev.vger.kernel.org> X-Mailing-List: netdev@vger.kernel.org

Message ID

200912171414.16846.roger.oksanen@cs.helsinki.fi

State

Superseded, archived

Delegated to:

David Miller

Headers

From: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
To: Alan Stern <stern@rowland.harvard.edu>
Subject: Re: e100 REGRESSION in 2.6.32 (PATCH)
Date: Thu, 17 Dec 2009 14:14:16 +0200
User-Agent: KMail/1.12.4 (Linux/2.6.32-ironman-1; KDE/4.3.4; i686; ; )
Cc: "Brandeburg, Jesse" <jesse.brandeburg@intel.com>,
	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@intel.com>,
	"Allan, Bruce W" <bruce.w.allan@intel.com>,
	"Waskiewicz Jr, Peter P" <peter.p.waskiewicz.jr@intel.com>,
	"Ronciak, John" <john.ronciak@intel.com>,
	"e1000-devel@lists.sourceforge.net" <e1000-devel@lists.sourceforge.net>,
	Kernel development list <linux-kernel@vger.kernel.org>,
	netdev@vger.kernel.org, David Miller <davem@davemloft.net>,
	Roger Oksanen <roger.oksanen@cs.helsinki.fi>
References: <Pine.LNX.4.44L0.0912161447260.2643-100000@iolanthe.rowland.org>
In-Reply-To: <Pine.LNX.4.44L0.0912161447260.2643-100000@iolanthe.rowland.org>
MIME-Version: 1.0
Message-Id: <200912171414.16846.roger.oksanen@cs.helsinki.fi>
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Roger Oksanen Dec. 17, 2009, 12:14 p.m. UTC

On Wednesday 16 December 2009 21:50:38 Alan Stern wrote:
> On Wed, 16 Dec 2009, Brandeburg, Jesse wrote:
> 
> > copied the netdev mailing list.
> 
> Oops.  With all the other CC's I forgot to include netdev.  Shame, 
> shame...
> 
> >  Alan thanks for the report, I wonder if 
> > you can revert 98468efddb101f8a29af974101c17ba513b07be1 and see if that 
> > fixes it?
> 
> It does indeed.  Thanks for the quick response.
> 
> > Roger on the To: line made that change, which may have broken e100 for 
> > your system.
> 
> It looks simple enough, but obviously something is wrong with it.

Well it took a while, and it seems that I had missed the undocumented(?) fact
that pci_alloc_consistent returns zeroed memory (and pci_pool doesn't), and 
the alloc_cbs doesn't explicitly zero the cb->status field when allocating. So
here is a patch against v2.6.32:
(David: 98468efddb101f8a29af974101c17ba513b07be1 should be removed from
the -stable queue and replaced by a patch that includes this fix)

e100: Fix broken cbs accounting due to missing memset.

Alan Stern noticed that e100 caused slab corruption.
commit 98468efddb101f8a29af974101c17ba513b07be1 changed
the allocation of cbs to use dma pools that don't return zeroed memory,
especially the cb->status field used to track which cb to clean, causing
(the visible) double freeing of skbs and a wrong free cbs count.

Now the cbs are explicitly zeroed at allocation time.

Reported-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
---
 drivers/net/e100.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Alan Stern Dec. 17, 2009, 3:47 p.m. UTC | #1

On Thu, 17 Dec 2009, Roger Oksanen wrote:

> e100: Fix broken cbs accounting due to missing memset.
> 
> Alan Stern noticed that e100 caused slab corruption.
> commit 98468efddb101f8a29af974101c17ba513b07be1 changed
> the allocation of cbs to use dma pools that don't return zeroed memory,
> especially the cb->status field used to track which cb to clean, causing
> (the visible) double freeing of skbs and a wrong free cbs count.
> 
> Now the cbs are explicitly zeroed at allocation time.
> 
> Reported-by: Alan Stern <stern@rowland.harvard.edu>
> Signed-off-by: Roger Oksanen <roger.oksanen@cs.helsinki.fi>
> ---
>  drivers/net/e100.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/net/e100.c b/drivers/net/e100.c
> index d269a68..29a8840 100644
> --- a/drivers/net/e100.c
> +++ b/drivers/net/e100.c
> @@ -1815,6 +1815,7 @@ static int e100_alloc_cbs(struct nic *nic)
>  
>  	nic->cbs = pci_pool_alloc(nic->cbs_pool, GFP_KERNEL,
>  				  &nic->cbs_dma_addr);
> +	memset(nic->cbs, 0, count * sizeof(struct cb));
>  	if (!nic->cbs)
>  		return -ENOMEM;
>  
> @@ -1825,7 +1826,6 @@ static int e100_alloc_cbs(struct nic *nic)
>  		cb->dma_addr = nic->cbs_dma_addr + i * sizeof(struct cb);
>  		cb->link = cpu_to_le32(nic->cbs_dma_addr +
>  			((i+1) % count) * sizeof(struct cb));
> -		cb->skb = NULL;
>  	}
>  
>  	nic->cb_to_use = nic->cb_to_send = nic->cb_to_clean = nic->cbs;

Clearly the memset() belongs after the "if" test, not before.  Apart 
from that, I confirm that this patch fixes the problem in 2.6.32.

Tested-by: Alan Stern <stern@rowland.harvard.edu>

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/net/e100.c b/drivers/net/e100.c
index d269a68..29a8840 100644
--- a/drivers/net/e100.c
+++ b/drivers/net/e100.c
@@ -1815,6 +1815,7 @@  static int e100_alloc_cbs(struct nic *nic)
 
 	nic->cbs = pci_pool_alloc(nic->cbs_pool, GFP_KERNEL,
 				  &nic->cbs_dma_addr);
+	memset(nic->cbs, 0, count * sizeof(struct cb));
 	if (!nic->cbs)
 		return -ENOMEM;
 
@@ -1825,7 +1826,6 @@  static int e100_alloc_cbs(struct nic *nic)
 		cb->dma_addr = nic->cbs_dma_addr + i * sizeof(struct cb);
 		cb->link = cpu_to_le32(nic->cbs_dma_addr +
 			((i+1) % count) * sizeof(struct cb));
-		cb->skb = NULL;
 	}
 
 	nic->cb_to_use = nic->cb_to_send = nic->cb_to_clean = nic->cbs;

e100 REGRESSION in 2.6.32 (PATCH)

Commit Message

Comments

Patch