• Vince Bridgers's avatar
    stmmac: Fix kernel crashes for jumbo frames · 2618abb7
    Vince Bridgers authored
    These changes correct the following issues with jumbo frames on the
    stmmac driver:
    
    1) The Synopsys EMAC can be configured to support different FIFO
    sizes at core configuration time. There's no way to query the
    controller and know the FIFO size, so the driver needs to get this
    information from the device tree in order to know how to correctly
    handle MTU changes and setting up dma buffers. The default
    max-frame-size is as currently used, which is the size of a jumbo
    frame.
    
    2) The driver was enabling Jumbo frames by default, but was not allocating
    dma buffers of sufficient size to handle the maximum possible packet
    size that could be received. This led to memory corruption since DMAs were
    occurring beyond the extent of the allocated receive buffers for certain types
    of network traffic.
    
    kernel BUG at net/core/skbuff.c:126!
    Internal error: Oops - BUG: 0 [#1] SMP ARM
    Modules linked in:
    CPU: 0 PID: 563 Comm: sockperf Not tainted 3.13.0-rc6-01523-gf7111b9 #31
    task: ef35e580 ti: ef252000 task.ti: ef252000
    PC is at skb_panic+0x60/0x64
    LR is at skb_panic+0x60/0x64
    pc : [<c03c7c3c>]    lr : [<c03c7c3c>]    psr: 60000113
    sp : ef253c18  ip : 60000113  fp : 00000000
    r10: ef3a5400  r9 : 00000ebc  r8 : ef3a546c
    r7 : ee59f000  r6 : ee59f084  r5 : ee59ff40  r4 : ee59f140
    r3 : 000003e2  r2 : 00000007  r1 : c0b9c420  r0 : 0000007d
    Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
    Control: 10c5387d  Table: 2e8ac04a  DAC: 00000015
    Process sockperf (pid: 563, stack limit = 0xef252248)
    Stack: (0xef253c18 to 0xef254000)
    3c00:                                                       00000ebc ee59f000
    3c20: ee59f084 ee59ff40 ee59f140 c04a9cd8 ee8c50c0 00000ebc ee59ff40 00000000
    3c40: ee59f140 c02d0ef0 00000056 ef1eda80 ee8c50c0 00000ebc 22bbef29 c0318f8c
    3c60: 00000056 ef3a547c ffe2c716 c02c9c90 c0ba1298 ef3a5838 ef3a5838 ef3a5400
    3c80: 000020c0 ee573840 000055cb ef3f2050 c053f0e0 c0319214 22b9b085 22d92813
    3ca0: 00001c80 004b8e00 ef3a5400 ee573840 ef3f2064 22d92813 ef3f2064 000055cb
    3cc0: ef3f2050 c031a19c ef252000 00000000 00000000 c0561bc0 00000000 ff00ffff
    3ce0: c05621c0 ef3a5400 ef3f2064 ee573840 00000020 ef3f2064 000055cb ef3f2050
    3d00: c053f0e0 c031cad0 c053e740 00000e60 00000000 00000000 ee573840 ef3a5400
    3d20: ef0a6e00 00000000 ef3f2064 c032507c 00010000 00000020 c0561bc0 c0561bc0
    3d40: ee599850 c032799c 00000000 ee573840 c055a380 ef3a5400 00000000 ef3f2064
    3d60: ef3f2050 c032799c 0101c7c0 2b6755cb c059a280 c030e4d8 000055cb ffffffff
    3d80: ee574fc0 c055a380 ee574000 ee573840 00002b67 ee573840 c03fe9c4 c053fa68
    3da0: c055a380 00001f6f 00000000 ee573840 c053f0e0 c0304fdc ef0a6e01 ef3f2050
    3dc0: ee573858 ef031000 ee573840 c03055d8 c0ba0c40 ef000f40 00100100 c053f0dc
    3de0: c053ffdc c053f0f0 00000008 00000000 ef031000 c02da948 00001140 00000000
    3e00: c0563c78 ef253e5f 00000020 ee573840 00000020 c053f0f0 ef313400 ee573840
    3e20: c053f0e0 00000000 00000000 c05380c0 ef313400 00001000 00000015 c02df280
    3e40: ee574000 ef001e00 00000000 00001080 00000042 005cd980 ef031500 ef031500
    3e60: 00000000 c02df824 ef031500 c053e390 c0541084 f00b1e00 c05925e8 c02df864
    3e80: 00001f5c ef031440 c053e390 c0278524 00000002 00000000 c0b9eb48 c02df280
    3ea0: ee8c7180 00000100 c0542ca8 00000015 00000040 ef031500 ef031500 ef031500
    3ec0: c027803c ef252000 00000040 000000ec c05380c0 c0b9eb40 c0b9eb48 c02df940
    3ee0: ef060780 ffffa4dd c0564a9c c056343c 002e80a8 00000080 ef031500 00000001
    3f00: c053808c ef252000 fffec100 00000003 00000004 002e80a8 0000000c c00258f0
    3f20: 002e80a8 c005e704 00000005 00000100 c05634d0 c0538080 c05333e0 00000000
    3f40: 0000000a c0565580 c05380c0 ffffa4dc c05434f4 00400100 00000004 c0534cd4
    3f60: 00000098 00000000 fffec100 002e80a8 00000004 002e80a8 002a20e0 c0025da8
    3f80: c0534cd4 c000f020 fffec10c c053ea60 ef253fb0 c0008530 0000ffe2 b6ef67f4
    3fa0: 40000010 ffffffff 00000124 c0012f3c 0000ffe2 002e80f0 0000ffe2 00004000
    3fc0: becb6338 becb6334 00000004 00000124 002e80a8 00000004 002e80a8 002a20e0
    3fe0: becb6300 becb62f4 002773bb b6ef67f4 40000010 ffffffff 00000000 00000000
    [<c03c7c3c>] (skb_panic+0x60/0x64) from [<c02d0ef0>] (skb_put+0x4c/0x50)
    [<c02d0ef0>] (skb_put+0x4c/0x50) from [<c0318f8c>] (tcp_collapse+0x314/0x3ec)
    [<c0318f8c>] (tcp_collapse+0x314/0x3ec) from [<c0319214>]
    (tcp_try_rmem_schedule+0x1b0/0x3c4)
    [<c0319214>] (tcp_try_rmem_schedule+0x1b0/0x3c4) from [<c031a19c>]
    (tcp_data_queue+0x480/0xe6c)
    [<c031a19c>] (tcp_data_queue+0x480/0xe6c) from [<c031cad0>]
    (tcp_rcv_established+0x180/0x62c)
    [<c031cad0>] (tcp_rcv_established+0x180/0x62c) from [<c032507c>]
    (tcp_v4_do_rcv+0x13c/0x31c)
    [<c032507c>] (tcp_v4_do_rcv+0x13c/0x31c) from [<c032799c>]
    (tcp_v4_rcv+0x718/0x73c)
    [<c032799c>] (tcp_v4_rcv+0x718/0x73c) from [<c0304fdc>]
    (ip_local_deliver+0x98/0x274)
    [<c0304fdc>] (ip_local_deliver+0x98/0x274) from [<c03055d8>]
    (ip_rcv+0x420/0x758)
    [<c03055d8>] (ip_rcv+0x420/0x758) from [<c02da948>]
    (__netif_receive_skb_core+0x44c/0x5bc)
    [<c02da948>] (__netif_receive_skb_core+0x44c/0x5bc) from [<c02df280>]
    (netif_receive_skb+0x48/0xb4)
    [<c02df280>] (netif_receive_skb+0x48/0xb4) from [<c02df824>]
    (napi_gro_flush+0x70/0x94)
    [<c02df824>] (napi_gro_flush+0x70/0x94) from [<c02df864>]
    (napi_complete+0x1c/0x34)
    [<c02df864>] (napi_complete+0x1c/0x34) from [<c0278524>]
    (stmmac_poll+0x4e8/0x5c8)
    [<c0278524>] (stmmac_poll+0x4e8/0x5c8) from [<c02df940>]
    (net_rx_action+0xc4/0x1e4)
    [<c02df940>] (net_rx_action+0xc4/0x1e4) from [<c00258f0>]
    (__do_softirq+0x12c/0x2e8)
    [<c00258f0>] (__do_softirq+0x12c/0x2e8) from [<c0025da8>] (irq_exit+0x78/0xac)
    [<c0025da8>] (irq_exit+0x78/0xac) from [<c000f020>] (handle_IRQ+0x44/0x90)
    [<c000f020>] (handle_IRQ+0x44/0x90) from [<c0008530>]
    (gic_handle_irq+0x2c/0x5c)
    [<c0008530>] (gic_handle_irq+0x2c/0x5c) from [<c0012f3c>]
    (__irq_usr+0x3c/0x60)
    
    3) The driver was setting the dma buffer size after allocating dma buffers,
    which caused a system panic when changing the MTU.
    
    BUG: Bad page state in process ifconfig  pfn:2e850
    page:c0b72a00 count:0 mapcount:0 mapping:  (null) index:0x0
    page flags: 0x200(arch_1)
    Modules linked in:
    CPU: 0 PID: 566 Comm: ifconfig Not tainted 3.13.0-rc6-01523-gf7111b9 #29
    [<c001547c>] (unwind_backtrace+0x0/0xf8) from [<c00122dc>]
    (show_stack+0x10/0x14)
    [<c00122dc>] (show_stack+0x10/0x14) from [<c03c793c>] (dump_stack+0x70/0x88)
    [<c03c793c>] (dump_stack+0x70/0x88) from [<c00b2620>] (bad_page+0xc8/0x118)
    [<c00b2620>] (bad_page+0xc8/0x118) from [<c00b302c>]
    (get_page_from_freelist+0x744/0x870)
    [<c00b302c>] (get_page_from_freelist+0x744/0x870) from [<c00b40f4>]
    (__alloc_pages_nodemask+0x118/0x86c)
    [<c00b40f4>] (__alloc_pages_nodemask+0x118/0x86c) from [<c00b4858>]
    (__get_free_pages+0x10/0x54)
    [<c00b4858>] (__get_free_pages+0x10/0x54) from [<c00cba1c>]
    (kmalloc_order_trace+0x24/0xa0)
    [<c00cba1c>] (kmalloc_order_trace+0x24/0xa0) from [<c02d199c>]
    (__kmalloc_reserve.isra.21+0x24/0x70)
    [<c02d199c>] (__kmalloc_reserve.isra.21+0x24/0x70) from [<c02d240c>]
    (__alloc_skb+0x68/0x13c)
    [<c02d240c>] (__alloc_skb+0x68/0x13c) from [<c02d3930>]
    (__netdev_alloc_skb+0x3c/0xe8)
    [<c02d3930>] (__netdev_alloc_skb+0x3c/0xe8) from [<c0279378>]
    (stmmac_open+0x63c/0x1024)
    [<c0279378>] (stmmac_open+0x63c/0x1024) from [<c02e18cc>]
    (__dev_open+0xa0/0xfc)
    [<c02e18cc>] (__dev_open+0xa0/0xfc) from [<c02e1b40>]
    (__dev_change_flags+0x94/0x158)
    [<c02e1b40>] (__dev_change_flags+0x94/0x158) from [<c02e1c24>]
    (dev_change_flags+0x18/0x48)
    [<c02e1c24>] (dev_change_flags+0x18/0x48) from [<c0337bc0>]
    (devinet_ioctl+0x638/0x700)
    [<c0337bc0>] (devinet_ioctl+0x638/0x700) from [<c02c7aec>]
    (sock_ioctl+0x64/0x290)
    [<c02c7aec>] (sock_ioctl+0x64/0x290) from [<c0100890>]
    (do_vfs_ioctl+0x78/0x5b8)
    [<c0100890>] (do_vfs_ioctl+0x78/0x5b8) from [<c0100e0c>] (SyS_ioctl+0x3c/0x5c)
    [<c0100e0c>] (SyS_ioctl+0x3c/0x5c) from [<c000e760>]
    
    The fixes have been verified using reproducible, automated testing.
    Signed-off-by: default avatarVince Bridgers <vbridgers2013@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    2618abb7
stmmac_main.c 83.4 KB