net: arc_emac: fix arc_emac_rx() error paths

arc_emac_rx() has some issues found by code review.

In case netdev_alloc_skb_ip_align() or dma_map_single() failure
rx fifo entry will not be returned to EMAC.

In case dma_map_single() failure previously allocated skb became
lost to driver. At the same time address of newly allocated skb
will not be provided to EMAC.

Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
---
 drivers/net/ethernet/arc/emac_main.c |   53 ++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 22 deletions(-)

From: Alexander Kochetkov <al.kochet@gmail.com>
Date: Fri, 15 Dec 2017 20:20:06 +0300

> arc_emac_rx() has some issues found by code review.
> 
> In case netdev_alloc_skb_ip_align() or dma_map_single() failure
> rx fifo entry will not be returned to EMAC.
> 
> In case dma_map_single() failure previously allocated skb became
> lost to driver. At the same time address of newly allocated skb
> will not be provided to EMAC.
> 
> Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>

This patch adds quite a few bugs, here is one which shows this is not
functionally tested:

> -		/* receive_skb only if new skb was allocated to avoid holes */
> -		netif_receive_skb(skb);
> -
> -		addr = dma_map_single(&ndev->dev, (void *)rx_buff->skb->data,
> +		addr = dma_map_single(&ndev->dev, (void *)skb->data,
>  				      EMAC_BUFFER_SIZE, DMA_FROM_DEVICE);

Map the new SKB.

>  		if (dma_mapping_error(&ndev->dev, addr)) {
>  			if (net_ratelimit())
> -				netdev_err(ndev, "cannot dma map\n");
> -			dev_kfree_skb(rx_buff->skb);
> +				netdev_err(ndev, "cannot map dma buffer\n");
> +			dev_kfree_skb(skb);
> +			/* Return ownership to EMAC */
> +			rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE);
>  			stats->rx_errors++;
> +			stats->rx_dropped++;
>  			continue;
>  		}
> +
> +		/* unmap previosly mapped skb */
> +		dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr),
> +				 dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE);

And then you unmap it.  "addr" is the new DMA mapping, not the old one.

> 19 дек. 2017 г., в 18:22, David Miller <davem@davemloft.net> написал(а):
> 
> From: Alexander Kochetkov <al.kochet@gmail.com>
> Date: Fri, 15 Dec 2017 20:20:06 +0300
> 
>> arc_emac_rx() has some issues found by code review.
>> 
>> In case netdev_alloc_skb_ip_align() or dma_map_single() failure
>> rx fifo entry will not be returned to EMAC.
>> 
>> In case dma_map_single() failure previously allocated skb became
>> lost to driver. At the same time address of newly allocated skb
>> will not be provided to EMAC.
>> 
>> Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
> 
> This patch adds quite a few bugs, here is one which shows this is not
> functionally tested:

May be I don’t understand correctly, but I don’t see bug here.

Wrong dma mapping usage should immediately manifest itself (kernel
instability, koops and so on). The patch was tested on rk3188 and work fine for me.
Also I did simulations of netdev_alloc_skb_ip_align() and dma_map_single()
faults and can confirm that new error handling work.

Could someone else with ARC EMAC test the patch? I would be very grateful for the help.
Florian or Eric, can you test it on your hardware?

>> +
>> +		/* unmap previosly mapped skb */
>> +		dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr),
>> +				 dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE);
> 
> And then you unmap it.  "addr" is the new DMA mapping, not the old one.

The old mapping should be unmapped here. It refer to old skb what contains already
received packet. Because buffer doesn’t belong to EMAC anymore.
That old mapping point to old skb buffer. And netif_receive_skb() will be
called for old skb after that.

The new mapping «addr" will be unmapped then EMAC receive
new packet. Later by the code (after netif_receive_skb()) there are lines for
saving «addr» value:

    rx_buff->skb = skb;
    dma_unmap_addr_set(rx_buff, addr, addr);
    dma_unmap_len_set(rx_buff, len, EMAC_BUFFER_SIZE);

Regards,
Alexander.

From: Alexander Kochetkov <al.kochet@gmail.com>

Date: Tue, 19 Dec 2017 18:49:48 +0300

>> And then you unmap it.  "addr" is the new DMA mapping, not the old one.

> 

> The old mapping should be unmapped here. It refer to old skb what contains already

> received packet. Because buffer doesn’t belong to EMAC anymore.

> That old mapping point to old skb buffer. And netif_receive_skb() will be

> called for old skb after that.


I misread the code, sorry.  I saw the dma_unmap_addr(xxx, addr) and just
considered 'addr' as the local variable.  It's not, it's in fact the
TX struct member.

Let me look at this some more. ;-)

On 12/19/2017 07:49 AM, Alexander Kochetkov wrote:
> 
>> 19 дек. 2017 г., в 18:22, David Miller <davem@davemloft.net> написал(а):
>>
>> From: Alexander Kochetkov <al.kochet@gmail.com>
>> Date: Fri, 15 Dec 2017 20:20:06 +0300
>>
>>> arc_emac_rx() has some issues found by code review.
>>>
>>> In case netdev_alloc_skb_ip_align() or dma_map_single() failure
>>> rx fifo entry will not be returned to EMAC.
>>>
>>> In case dma_map_single() failure previously allocated skb became
>>> lost to driver. At the same time address of newly allocated skb
>>> will not be provided to EMAC.
>>>
>>> Signed-off-by: Alexander Kochetkov <al.kochet@gmail.com>
>>
>> This patch adds quite a few bugs, here is one which shows this is not
>> functionally tested:
> 
> May be I don’t understand correctly, but I don’t see bug here.
> 
> Wrong dma mapping usage should immediately manifest itself (kernel
> instability, koops and so on). The patch was tested on rk3188 and work fine for me.
> Also I did simulations of netdev_alloc_skb_ip_align() and dma_map_single()
> faults and can confirm that new error handling work.
> 
> Could someone else with ARC EMAC test the patch? I would be very grateful for the help.
> Florian or Eric, can you test it on your hardware?

I don't actually have access to this hardware, the only change I did to
this driver was to use a standard Device Tree property :)