From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7EFBCA04B1 for ; Fri, 28 Aug 2020 12:13:57 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7510F1C11A; Fri, 28 Aug 2020 12:13:57 +0200 (CEST) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by dpdk.org (Postfix) with ESMTP id 61421A3 for ; Fri, 28 Aug 2020 12:13:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598609635; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NBkTyRYq/aDWgyUdoRCfyyX0Tvf6M+uBXe01+YMxjJU=; b=NbPulwQzY5e6tgzVPtATB1L2hlX4D1tZYNS6jxYNl2OxBxSiBYSgKb5Ty2R3gabZGajcPU 9uQWVgYTcVMeZxtci7w+mf73IpH2KaazgTsG6cNc3zYkUOiDvAdBIjAUETGT4e0zdV5Y6H /pwLZvoXWU5zTKCNKPwm4JsAeHSDbx8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-99-ATz_-OQjMquCBWVxjffBYA-1; Fri, 28 Aug 2020 06:13:52 -0400 X-MC-Unique: ATz_-OQjMquCBWVxjffBYA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AFE291DDFF; Fri, 28 Aug 2020 10:13:51 +0000 (UTC) Received: from rh.redhat.com (unknown [10.33.36.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id C3D0A19D7D; Fri, 28 Aug 2020 10:13:50 +0000 (UTC) From: Kevin Traynor To: Jeff Guo Cc: Wei Zhao , dpdk stable Date: Fri, 28 Aug 2020 11:12:39 +0100 Message-Id: <20200828101308.223767-13-ktraynor@redhat.com> In-Reply-To: <20200828101308.223767-1-ktraynor@redhat.com> References: <20200828101308.223767-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'net/e1000: fix crash on Tx done clean up' has been queued to LTS release 18.11.10 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 09/02/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/8df3f28ce362ad3ccd68af91e584971893c34005 Thanks. Kevin. --- >From 8df3f28ce362ad3ccd68af91e584971893c34005 Mon Sep 17 00:00:00 2001 From: Jeff Guo Date: Thu, 16 Jul 2020 17:24:38 +0800 Subject: [PATCH] net/e1000: fix crash on Tx done clean up [ upstream commit 4237be2b9e250d431d465b81a0abbe5fb559d2c8 ] As tx mbuf is not set for some advanced descriptors, if there is no mbuf checking before rte_pktmbuf_free_seg() function be called on the process of tx done clean up, that will cause a segfault. So add a NULL pointer check to fix it. Bugzilla ID: 501 Fixes: 8d907d2b79f7 ("net/igb: free consumed Tx buffers on demand") Signed-off-by: Jeff Guo Reviewed-by: Wei Zhao --- drivers/net/e1000/igb_rxtx.c | 188 +++++++++++++++++------------------ 1 file changed, 91 insertions(+), 97 deletions(-) diff --git a/drivers/net/e1000/igb_rxtx.c b/drivers/net/e1000/igb_rxtx.c index 54b38ad4db..86934836a8 100644 --- a/drivers/net/e1000/igb_rxtx.c +++ b/drivers/net/e1000/igb_rxtx.c @@ -1293,111 +1293,105 @@ igb_tx_done_cleanup(struct igb_tx_queue *txq, uint32_t free_cnt) uint16_t tx_last; /* Last segment in the current packet. */ uint16_t tx_next; /* First segment of the next packet. */ - int count; - - if (txq != NULL) { - count = 0; - sw_ring = txq->sw_ring; - txr = txq->tx_ring; - - /* - * tx_tail is the last sent packet on the sw_ring. Goto the end - * of that packet (the last segment in the packet chain) and - * then the next segment will be the start of the oldest segment - * in the sw_ring. This is the first packet that will be - * attempted to be freed. - */ - - /* Get last segment in most recently added packet. */ - tx_first = sw_ring[txq->tx_tail].last_id; - - /* Get the next segment, which is the oldest segment in ring. */ - tx_first = sw_ring[tx_first].next_id; - - /* Set the current index to the first. */ - tx_id = tx_first; - - /* - * Loop through each packet. For each packet, verify that an - * mbuf exists and that the last segment is free. If so, free - * it and move on. - */ - while (1) { - tx_last = sw_ring[tx_id].last_id; - - if (sw_ring[tx_last].mbuf) { - if (txr[tx_last].wb.status & - E1000_TXD_STAT_DD) { - /* - * Increment the number of packets - * freed. - */ - count++; - - /* Get the start of the next packet. */ - tx_next = sw_ring[tx_last].next_id; - - /* - * Loop through all segments in a - * packet. - */ - do { - rte_pktmbuf_free_seg(sw_ring[tx_id].mbuf); + int count = 0; + + if (!txq) + return -ENODEV; + + sw_ring = txq->sw_ring; + txr = txq->tx_ring; + + /* tx_tail is the last sent packet on the sw_ring. Goto the end + * of that packet (the last segment in the packet chain) and + * then the next segment will be the start of the oldest segment + * in the sw_ring. This is the first packet that will be + * attempted to be freed. + */ + + /* Get last segment in most recently added packet. */ + tx_first = sw_ring[txq->tx_tail].last_id; + + /* Get the next segment, which is the oldest segment in ring. */ + tx_first = sw_ring[tx_first].next_id; + + /* Set the current index to the first. */ + tx_id = tx_first; + + /* Loop through each packet. For each packet, verify that an + * mbuf exists and that the last segment is free. If so, free + * it and move on. + */ + while (1) { + tx_last = sw_ring[tx_id].last_id; + + if (sw_ring[tx_last].mbuf) { + if (txr[tx_last].wb.status & + E1000_TXD_STAT_DD) { + /* Increment the number of packets + * freed. + */ + count++; + + /* Get the start of the next packet. */ + tx_next = sw_ring[tx_last].next_id; + + /* Loop through all segments in a + * packet. + */ + do { + if (sw_ring[tx_id].mbuf) { + rte_pktmbuf_free_seg( + sw_ring[tx_id].mbuf); sw_ring[tx_id].mbuf = NULL; sw_ring[tx_id].last_id = tx_id; + } - /* Move to next segemnt. */ - tx_id = sw_ring[tx_id].next_id; - - } while (tx_id != tx_next); - - if (unlikely(count == (int)free_cnt)) - break; - } else - /* - * mbuf still in use, nothing left to - * free. - */ - break; - } else { - /* - * There are multiple reasons to be here: - * 1) All the packets on the ring have been - * freed - tx_id is equal to tx_first - * and some packets have been freed. - * - Done, exit - * 2) Interfaces has not sent a rings worth of - * packets yet, so the segment after tail is - * still empty. Or a previous call to this - * function freed some of the segments but - * not all so there is a hole in the list. - * Hopefully this is a rare case. - * - Walk the list and find the next mbuf. If - * there isn't one, then done. - */ - if (likely((tx_id == tx_first) && (count != 0))) - break; - - /* - * Walk the list and find the next mbuf, if any. - */ - do { /* Move to next segemnt. */ tx_id = sw_ring[tx_id].next_id; - if (sw_ring[tx_id].mbuf) - break; + } while (tx_id != tx_next); - } while (tx_id != tx_first); - - /* - * Determine why previous loop bailed. If there - * is not an mbuf, done. + if (unlikely(count == (int)free_cnt)) + break; + } else { + /* mbuf still in use, nothing left to + * free. */ - if (sw_ring[tx_id].mbuf == NULL) - break; + break; } + } else { + /* There are multiple reasons to be here: + * 1) All the packets on the ring have been + * freed - tx_id is equal to tx_first + * and some packets have been freed. + * - Done, exit + * 2) Interfaces has not sent a rings worth of + * packets yet, so the segment after tail is + * still empty. Or a previous call to this + * function freed some of the segments but + * not all so there is a hole in the list. + * Hopefully this is a rare case. + * - Walk the list and find the next mbuf. If + * there isn't one, then done. + */ + if (likely(tx_id == tx_first && count != 0)) + break; + + /* Walk the list and find the next mbuf, if any. */ + do { + /* Move to next segemnt. */ + tx_id = sw_ring[tx_id].next_id; + + if (sw_ring[tx_id].mbuf) + break; + + } while (tx_id != tx_first); + + /* Determine why previous loop bailed. If there + * is not an mbuf, done. + */ + if (!sw_ring[tx_id].mbuf) + break; } - } else - count = -ENODEV; + } return count; -- 2.26.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-08-28 11:03:26.284609293 +0100 +++ 0013-net-e1000-fix-crash-on-Tx-done-clean-up.patch 2020-08-28 11:03:25.940955587 +0100 @@ -1 +1 @@ -From 4237be2b9e250d431d465b81a0abbe5fb559d2c8 Mon Sep 17 00:00:00 2001 +From 8df3f28ce362ad3ccd68af91e584971893c34005 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 4237be2b9e250d431d465b81a0abbe5fb559d2c8 ] + @@ -13 +14,0 @@ -Cc: stable@dpdk.org @@ -22 +23 @@ -index 6411924e03..dd520cd82c 100644 +index 54b38ad4db..86934836a8 100644 @@ -25 +26 @@ -@@ -1296,111 +1296,105 @@ igb_tx_done_cleanup(struct igb_tx_queue *txq, uint32_t free_cnt) +@@ -1293,111 +1293,105 @@ igb_tx_done_cleanup(struct igb_tx_queue *txq, uint32_t free_cnt)