github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e60e4dc082
linux/drivers
History
Sabrina Dubroca 9923e74aef e1000: add dummy allocator to fix race condition between mtu change and netpoll 
commit 08e8331654 upstream.

There is a race condition between e1000_change_mtu's cleanups and
netpoll, when we change the MTU across jumbo size:

Changing MTU frees all the rx buffers:
    e1000_change_mtu -> e1000_down -> e1000_clean_all_rx_rings ->
        e1000_clean_rx_ring

Then, close to the end of e1000_change_mtu:
    pr_info -> ... -> netpoll_poll_dev -> e1000_clean ->
        e1000_clean_rx_irq -> e1000_alloc_rx_buffers -> e1000_alloc_frag

And when we come back to do the rest of the MTU change:
    e1000_up -> e1000_configure -> e1000_configure_rx ->
        e1000_alloc_jumbo_rx_buffers

alloc_jumbo finds the buffers already != NULL, since data (shared with
page in e1000_rx_buffer->rxbuf) has been re-alloc'd, but it's garbage,
or at least not what is expected when in jumbo state.

This results in an unusable adapter (packets don't get through), and a
NULL pointer dereference on the next call to e1000_clean_rx_ring
(other mtu change, link down, shutdown):

BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffff81194d6e>] put_compound_page+0x7e/0x330

    [...]

Call Trace:
 [<ffffffff81195445>] put_page+0x55/0x60
 [<ffffffff815d9f44>] e1000_clean_rx_ring+0x134/0x200
 [<ffffffff815da055>] e1000_clean_all_rx_rings+0x45/0x60
 [<ffffffff815df5e0>] e1000_down+0x1c0/0x1d0
 [<ffffffff811e2260>] ? deactivate_slab+0x7f0/0x840
 [<ffffffff815e21bc>] e1000_change_mtu+0xdc/0x170
 [<ffffffff81647050>] dev_set_mtu+0xa0/0x140
 [<ffffffff81664218>] do_setlink+0x218/0xac0
 [<ffffffff814459e9>] ? nla_parse+0xb9/0x120
 [<ffffffff816652d0>] rtnl_newlink+0x6d0/0x890
 [<ffffffff8104f000>] ? kvm_clock_read+0x20/0x40
 [<ffffffff810a2068>] ? sched_clock_cpu+0xa8/0x100
 [<ffffffff81663802>] rtnetlink_rcv_msg+0x92/0x260

By setting the allocator to a dummy version, netpoll can't mess up our
rx buffers.  The allocator is set back to a sane value in
e1000_configure_rx.

Fixes: edbbb3ca10 ("e1000: implement jumbo receive with partial descriptors")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-05-06 21:56:28 +02:00
..
accessibility
acpi cpuidle: ACPI: do not overwrite name and description of C0 2015-04-19 10:10:49 +02:00
amba
ata sata_dwc_460ex: fix resource leak on error path 2015-01-29 17:40:56 -08:00
atm atm: idt77252: fix dev refcnt leak 2013-12-08 07:29:25 -08:00
auxdisplay
base driver core: Fix unbalanced device reference in drivers_probe 2015-01-16 06:59:01 -08:00
bcma bcma: add more core IDs 2013-05-17 14:31:05 -04:00
block nbd: fix possible memory leak 2015-04-19 10:10:47 +02:00
bluetooth Bluetooth: Ignore isochronous endpoints for Intel USB bootloader 2015-04-29 10:33:59 +02:00
bus bus: mvebu-mbus: fix support of MBus window 13 2015-01-29 17:40:56 -08:00
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2013-07-13 11:42:26 -07:00
char tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send 2015-03-26 15:00:58 +01:00
clk clk: sunxi: Support factor clocks with N factor starting not from 0 2015-03-18 13:22:34 +01:00
clocksource clocksource: exynos_mct: Fix bitmask regression for exynos4_mct_write 2015-01-29 17:40:56 -08:00
connector net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
cpufreq cpufreq: speedstep-smi: enable interrupts when waiting 2015-03-06 14:40:48 -08:00
cpuidle cpuidle: Check the result of cpuidle_get_driver() against NULL 2014-04-14 06:42:15 -07:00
crypto crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
dca
devfreq
dio
dma dmaengine: omap-dma: Fix memory leak when terminating running transfer 2015-04-19 10:10:49 +02:00
edac sb_edac: avoid INTERNAL ERROR message in EDAC with unspecified channel 2015-04-29 10:34:01 +02:00
eisa Revert "EISA: Initialize device before its resources" 2014-02-13 13:47:59 -08:00
extcon extcon: max77693: Fix two NULL pointer exceptions on missing pdata 2014-07-06 18:54:15 -07:00
firewire firewire: cdev: prevent kernel stack leaking into ioctl arguments 2014-11-21 09:22:53 -08:00
firmware efi-pstore: Make efi-pstore return a unique id 2015-02-05 22:35:40 -08:00
gpio gpio: tps65912: fix wrong container_of arguments 2015-03-06 14:40:52 -08:00
gpu drm/i915: cope with large i2c transfers 2015-05-06 21:56:27 +02:00
hid HID: fixup the conflicting keyboard mappings quirk 2015-03-18 13:22:35 +01:00
hsi
hv Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open() 2015-05-06 21:56:26 +02:00
hwmon hwmon: (dme1737) Prevent overflow problem when writing large limits 2014-09-05 16:28:35 -07:00
hwspinlock
i2c i2c: core: Export bus recovery functions 2015-05-06 21:56:27 +02:00
ide
idle x86 idle: Repair large-server 50-watt idle-power regression 2014-01-09 12:24:21 -08:00
iio iio: imu: Use iio_trigger_get for indio_dev->trig assignment 2015-04-19 10:10:49 +02:00
infiniband IB/mlx4: Fix WQE LSO segment calculation 2015-05-06 21:56:27 +02:00
input Input: elantech - fix absolute mode setting on some ASUS laptops 2015-05-06 21:56:24 +02:00
iommu iommu/vt-d: Fix an off-by-one bug in __domain_mapping() 2015-01-16 06:59:01 -08:00
ipack
irqchip irqchip: gic: Fix core ID calculation when topology is read from DT 2014-07-28 08:00:06 -07:00
isdn isdnloop: several buffer overflows 2014-04-14 06:42:18 -07:00
leds leds: leds-pwm: properly clean up after probe failure 2014-06-07 13:25:34 -07:00
lguest x86, flags: Rename X86_EFLAGS_BIT1 to X86_EFLAGS_FIXED 2014-11-14 08:47:54 -08:00
macintosh powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31) 2013-08-11 18:35:20 -07:00
mailbox
md dm: hold suspend_lock while suspending device during device deletion 2015-04-13 14:02:12 +02:00
media stk1160: Make sure current buffer is released 2015-05-06 21:56:27 +02:00
memory drivers/memory: don't check resource with devm_ioremap_resource 2013-05-18 11:55:52 +02:00
memstick
message mptfusion: enable no_write_same for vmware scsi disks 2014-10-30 09:35:10 -07:00
mfd mfd: tc6393xb: Fail ohci suspend if full state restore is required 2015-01-08 09:58:15 -08:00
misc mei: bus: fix possible boundaries violation 2014-11-21 09:22:55 -08:00
mmc mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles 2015-03-06 14:40:49 -08:00
mtd UBI: fix check for "too many bytes" 2015-05-06 21:56:26 +02:00
net e1000: add dummy allocator to fix race condition between mtu change and netpoll 2015-05-06 21:56:28 +02:00
nfc NFC: microread: Potential overflows in microread_target_discovered() 2014-10-05 14:54:12 -07:00
ntb NTB: Correct debugfs to work with more than 1 NTB Device 2013-11-13 12:05:35 +09:00
nubus
of of/base: Fix PowerPC address parsing hack 2014-12-06 15:05:47 -08:00
oprofile
parisc parisc: Fix interrupt routing for C8000 serial ports 2013-08-11 18:35:21 -07:00
parport drivers: parport: Kconfig: exclude arm64 for PARPORT_PC 2015-05-06 21:56:26 +02:00
pci PCI: Fix infinite loop with ROM image of size 0 2015-03-06 14:40:48 -08:00
pcmcia pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status 2013-07-21 18:21:25 -07:00
pinctrl pinctrl: Fix two deadlocks 2015-01-29 17:40:55 -08:00
platform hp_accel: Add support for HP ZBook 15 2015-01-27 07:52:31 -08:00
pnp PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures 2014-03-23 21:38:22 -07:00
power power_supply: lp8788-charger: Fix leaked power supply on probe fail 2015-05-06 21:56:21 +02:00
pps
ps3
ptp ptp_pch: fix error handling in pch_probe() 2013-05-25 21:24:15 -07:00
pwm drivers/pwm: don't check resource with devm_ioremap_resource 2013-05-18 11:55:58 +02:00
rapidio rapidio/tsi721_dma: fix failure to obtain transaction descriptor 2014-08-07 14:30:25 -07:00
regulator regulator: core: Fix enable GPIO reference counting 2015-03-26 15:00:59 +01:00
remoteproc
reset
rpmsg
rtc rtc: rtc-at91rm9200: fix infinite wait for ACKUPD irq 2014-06-26 15:12:37 -04:00
s390 crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
sbus bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 2014-08-14 09:24:16 +08:00
scsi mvsas: fix panic on expander attached SATA devices 2015-05-06 21:56:27 +02:00
sfi
sh
sn
spi spi: spidev: fix possible arithmetic overflow for multi-transfer message 2015-05-06 21:56:21 +02:00
ssb - Lots of cleanups from Artem, including deletion of some obsolete drivers 2013-05-09 10:15:46 -07:00
ssbi
staging vt6655: RFbSetPower fix missing rate RATE_12M 2015-04-13 14:02:12 +02:00
target iscsi target: fix oops when adding reject pdu 2015-04-19 10:10:50 +02:00
tc
thermal drivers/thermal: don't check resource with devm_ioremap_resource 2013-05-18 11:57:30 +02:00
tty serial: 8250_dw: Fix deadlock in LCR workaround 2015-04-29 10:33:57 +02:00
uio Fix a few incorrectly checked [io_]remap_pfn_range() calls 2013-11-13 12:05:33 +09:00
usb usb: core: hub: use new USB_RESUME_TIMEOUT 2015-05-06 21:56:23 +02:00
uwb
vfio vfio-pci: Fix the check on pci device type in vfio_pci_probe() 2015-01-27 07:52:32 -08:00
vhost vhost-scsi: Add missing virtio-scsi -> TCM attribute conversion 2015-02-05 22:35:40 -08:00
video video: vgacon: Don't build on arm64 2015-05-06 21:56:25 +02:00
virt
virtio virtio_pci: fix virtio spec compliance on restore 2014-11-14 08:47:55 -08:00
vlynq
vme VME: Correct read/write alignment algorithm 2014-02-22 12:41:28 -08:00
w1 w1: fix w1_send_slave dropping a slave id 2014-05-06 07:55:28 -07:00
watchdog watchdog: ath79_wdt: avoid spurious restarts on AR934x 2014-07-06 18:54:14 -07:00
xen xen-pciback: limit guest control of command register 2015-03-26 15:00:59 +01:00
zorro
Kconfig
Makefile