| Message ID | 20220112091947.132769-1-karen.sornek@intel.com |
|---|---|
| State | Accepted |
| Delegated to: | Anthony Nguyen |
| Headers | show |
| Series | [net,v1] i40e: Fix reset path while removing the driver | expand |
> -----Original Message----- > From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of > Karen Sornek > Sent: Wednesday, January 12, 2022 2:50 PM > To: intel-wired-lan@lists.osuosl.org > Cc: Laba, SlawomirX <slawomirx.laba@intel.com>; Sornek, Karen > <karen.sornek@intel.com>; Sylwester Dziedziuch > <sylwesterx.dziedziuch@intel.com> > Subject: [Intel-wired-lan] [PATCH net v1] i40e: Fix reset path while removing > the driver > > Fix the crash in kernel while dereferencing the NULL pointer, when the driver > is unloaded and simultaneously the vsi rings are being stopped. > > The hardware requires 50msec in order to finish RX queues disable. For this > purpose the driver spins in mdelay function for the operation to be > completed. > > For example changing number of queues which requires reset would fail in > the following call stack: > > 1) i40e_prep_for_reset > 2) i40e_pf_quiesce_all_vsi > 3) i40e_quiesce_vsi > 4) i40e_vsi_close > 5) i40e_down > 6) i40e_vsi_stop_rings > 7) i40e_vsi_control_rx -> disable requires the delay of 50msecs > 8) continue back in i40e_down function where > i40e_clean_tx_ring(vsi->tx_rings[i]) is going to crash > > When the driver was spinning vsi_release called i40e_vsi_free_arrays where > the vsi->tx_rings resources were freed and the pointer was set to NULL. > > Fixes: 5b6d4a7f20b0 ("i40e: Fix crash during removing i40e driver") > Signed-off-by: Slawomir Laba <slawomirx.laba@intel.com> > Signed-off-by: Sylwester Dziedziuch <sylwesterx.dziedziuch@intel.com> > Signed-off-by: Karen Sornek <karen.sornek@intel.com> > --- > drivers/net/ethernet/intel/i40e/i40e.h | 1 + > drivers/net/ethernet/intel/i40e/i40e_main.c | 19 ++++++++++++++++++- > 2 files changed, 19 insertions(+), 1 deletion(-) > Tested-by: Gurucharan G <gurucharanx.g@intel.com> (A Contingent worker at Intel)
diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h index 7f40f87a5f57..c7d3355be9f6 100644 --- a/drivers/net/ethernet/intel/i40e/i40e.h +++ b/drivers/net/ethernet/intel/i40e/i40e.h @@ -144,6 +144,7 @@ enum i40e_state_t { __I40E_VIRTCHNL_OP_PENDING, __I40E_RECOVERY_MODE, __I40E_VF_RESETS_DISABLED, /* disable resets during i40e_remove */ + __I40E_IN_REMOVE, __I40E_VFS_RELEASING, /* This must be last as it determines the size of the BITMAP */ __I40E_STATE_SIZE__, diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 40c22bc0d409..fb6ad32bc74b 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -10900,6 +10900,9 @@ static void i40e_reset_and_rebuild(struct i40e_pf *pf, bool reinit, bool lock_acquired) { int ret; + + if (test_bit(__I40E_IN_REMOVE, pf->state)) + return; /* Now we wait for GRST to settle out. * We don't have to delete the VEBs or VSIs from the hw switch * because the reset will make them disappear. @@ -12259,6 +12262,8 @@ int i40e_reconfig_rss_queues(struct i40e_pf *pf, int queue_count) vsi->req_queue_pairs = queue_count; i40e_prep_for_reset(pf); + if (test_bit(__I40E_IN_REMOVE, pf->state)) + return pf->alloc_rss_size; pf->alloc_rss_size = new_rss_size; @@ -13085,6 +13090,10 @@ static int i40e_xdp_setup(struct i40e_vsi *vsi, struct bpf_prog *prog, if (need_reset) i40e_prep_for_reset(pf); + /* VSI shall be deleted in a moment, just return EINVAL */ + if (test_bit(__I40E_IN_REMOVE, pf->state)) + return -EINVAL; + old_prog = xchg(&vsi->xdp_prog, prog); if (need_reset) { @@ -15975,8 +15984,13 @@ static void i40e_remove(struct pci_dev *pdev) i40e_write_rx_ctl(hw, I40E_PFQF_HENA(0), 0); i40e_write_rx_ctl(hw, I40E_PFQF_HENA(1), 0); - while (test_bit(__I40E_RESET_RECOVERY_PENDING, pf->state)) + /* Grab __I40E_RESET_RECOVERY_PENDING and set __I40E_IN_REMOVE + * flags, once they are set, i40e_rebuild should not be called as + * i40e_prep_for_reset always returns early. + */ + while (test_and_set_bit(__I40E_RESET_RECOVERY_PENDING, pf->state)) usleep_range(1000, 2000); + set_bit(__I40E_IN_REMOVE, pf->state); if (pf->flags & I40E_FLAG_SRIOV_ENABLED) { set_bit(__I40E_VF_RESETS_DISABLED, pf->state); @@ -16175,6 +16189,9 @@ static void i40e_pci_error_reset_done(struct pci_dev *pdev) { struct i40e_pf *pf = pci_get_drvdata(pdev); + if (test_bit(__I40E_IN_REMOVE, pf->state)) + return; + i40e_reset_and_rebuild(pf, false, false); }
Fix the crash in kernel while dereferencing the NULL pointer, when the driver is unloaded and simultaneously the vsi rings are being stopped. The hardware requires 50msec in order to finish RX queues disable. For this purpose the driver spins in mdelay function for the operation to be completed. For example changing number of queues which requires reset would fail in the following call stack: 1) i40e_prep_for_reset 2) i40e_pf_quiesce_all_vsi 3) i40e_quiesce_vsi 4) i40e_vsi_close 5) i40e_down 6) i40e_vsi_stop_rings 7) i40e_vsi_control_rx -> disable requires the delay of 50msecs 8) continue back in i40e_down function where i40e_clean_tx_ring(vsi->tx_rings[i]) is going to crash When the driver was spinning vsi_release called i40e_vsi_free_arrays where the vsi->tx_rings resources were freed and the pointer was set to NULL. Fixes: 5b6d4a7f20b0 ("i40e: Fix crash during removing i40e driver") Signed-off-by: Slawomir Laba <slawomirx.laba@intel.com> Signed-off-by: Sylwester Dziedziuch <sylwesterx.dziedziuch@intel.com> Signed-off-by: Karen Sornek <karen.sornek@intel.com> --- drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-)