* [BUG] bnx2x: bnx2x_set_pbd_csum() random accesses
@ 2011-04-19 16:11 Eric Dumazet
2011-04-20 7:31 ` [PATCH] bnx2x: dont dereference tcp header on non tcp frames Eric Dumazet
0 siblings, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2011-04-19 16:11 UTC (permalink / raw)
To: Dmitry Kravkov, Eilon Greenstein; +Cc: netdev
Hi guys
bnx2x_set_pbd_csum() / bnx2x_set_pbd_csum_e2() seem to read
tcp_hdrlen(skb) even for non TCP frames ?
Also, (skb_network_header(skb) - skb->data) is signed, so
(skb_network_header(skb) - skb->data) / 2 is a bit expensive...
Thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] bnx2x: dont dereference tcp header on non tcp frames
2011-04-19 16:11 [BUG] bnx2x: bnx2x_set_pbd_csum() random accesses Eric Dumazet
@ 2011-04-20 7:31 ` Eric Dumazet
2011-04-20 8:46 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2011-04-20 7:31 UTC (permalink / raw)
To: Dmitry Kravkov, David Miller; +Cc: Eilon Greenstein, netdev
Le mardi 19 avril 2011 à 18:11 +0200, Eric Dumazet a écrit :
> Hi guys
>
> bnx2x_set_pbd_csum() / bnx2x_set_pbd_csum_e2() seem to read
> tcp_hdrlen(skb) even for non TCP frames ?
>
> Also, (skb_network_header(skb) - skb->data) is signed, so
> (skb_network_header(skb) - skb->data) / 2 is a bit expensive...
>
I managed to trigger a kmemcheck fault using netperf -t UDP_RR
02:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM57711E 10Gigabit PCIe
[ 341.246514] WARNING: kmemcheck: Caught 8-bit read from uninitialized memory (ffff88011800ec30)
[ 341.247155] c0a8146ea907c4550009aa456ed2000008000400040000001400030000000000
[ 341.249789] i i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u
[ 341.252425] ^
[ 341.252773]
[ 341.252937] Pid: 4122, comm: netperf Not tainted 2.6.39-rc4-00237-ge3de956-dirty #549 HP ProLiant BL460c G6
[ 341.253768] RIP: 0010:[<ffffffff812f5224>] [<ffffffff812f5224>] bnx2x_start_xmit+0xce4/0x13f0
[ 341.254476] RSP: 0018:ffff8801158b38b8 EFLAGS: 00010286
[ 341.254879] RAX: ffff88011800ec24 RBX: ffff880118e44820 RCX: 0000000000000007
[ 341.255400] RDX: 000000000000000a RSI: ffff880118e44820 RDI: ffff88011800ec40
[ 341.255918] RBP: ffff8801158b39b8 R08: ffff88011800ec40 R09: ffff88011800ec00
[ 341.256439] R10: 0000000000000000 R11: 000000006e14a8c0 R12: ffff880118f4db00
[ 341.256958] R13: 0000000000000481 R14: 0000000000000040 R15: ffff880118ff18e0
[ 341.257479] FS: 0000000000000000(0000) GS:ffff88011fc00000(0063) knlGS:00000000f77e16c0
[ 341.258081] CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
[ 341.258511] CR2: ffff880119856058 CR3: 0000000115879000 CR4: 00000000000006f0
[ 341.259033] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 341.259551] DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[ 341.260072] [<ffffffff8137fac5>] dev_hard_start_xmit+0x365/0x690
[ 341.260593] [<ffffffff81398bf7>] sch_direct_xmit+0xb7/0x1c0
[ 341.261091] [<ffffffff81383da8>] dev_queue_xmit+0x1a8/0x5d0
[ 341.261583] [<ffffffff813c2842>] ip_finish_output+0x122/0x2f0
[ 341.262122] [<ffffffff813c163e>] ip_output+0x7e/0xc0
[ 341.262609] [<ffffffff813c1194>] ip_local_out+0x24/0x30
[ 341.263114] [<ffffffff813c11b6>] ip_send_skb+0x16/0x70
[ 341.263611] [<ffffffff813e1326>] udp_send_skb+0x126/0x380
[ 341.264129] [<ffffffff813e300c>] udp_sendmsg+0x2cc/0x790
[ 341.264637] [<ffffffff813eaf44>] inet_sendmsg+0x84/0xc0
[ 341.265143] [<ffffffff8136d98b>] sock_sendmsg+0xbb/0xf0
[ 341.265646] [<ffffffff8136e1e5>] sys_sendto+0x105/0x140
[ 341.266151] [<ffffffff8136e22f>] sys_send+0xf/0x20
[ 341.266625] [<ffffffff813969fd>] compat_sys_socketcall+0xfd/0x1f0
[ 341.267186] [<ffffffff8146b8e9>] sysenter_dispatch+0x7/0x27
[PATCH] bnx2x: dont dereference tcp header on non tcp frames
bnx2x_set_pbd_csum() & bnx2x_set_pbd_csum_e2() use
tcp_hdrlen(skb) even for non TCP frames
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dmitry Kravkov <dmitry@broadcom.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
---
drivers/net/bnx2x/bnx2x_cmn.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/bnx2x/bnx2x_cmn.c b/drivers/net/bnx2x/bnx2x_cmn.c
index e83ac6d..a16a638 100644
--- a/drivers/net/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/bnx2x/bnx2x_cmn.c
@@ -2019,7 +2019,9 @@ static inline void bnx2x_set_pbd_gso(struct sk_buff *skb,
static inline u8 bnx2x_set_pbd_csum_e2(struct bnx2x *bp, struct sk_buff *skb,
u32 *parsing_data, u32 xmit_type)
{
- *parsing_data |= ((tcp_hdrlen(skb)/4) <<
+ u8 tcphlen = (xmit_type & XMIT_CSUM_TCP) ? tcp_hdrlen(skb) : 0;
+
+ *parsing_data |= ((tcphlen/4) <<
ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW_SHIFT) &
ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW;
@@ -2027,7 +2029,7 @@ static inline u8 bnx2x_set_pbd_csum_e2(struct bnx2x *bp, struct sk_buff *skb,
ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W_SHIFT) &
ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W;
- return skb_transport_header(skb) + tcp_hdrlen(skb) - skb->data;
+ return skb_transport_header(skb) + tcphlen - skb->data;
}
/**
@@ -2044,6 +2046,7 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
u32 xmit_type)
{
u8 hlen = (skb_network_header(skb) - skb->data) / 2;
+ u8 tcphlen = (xmit_type & XMIT_CSUM_TCP) ? tcp_hdrlen(skb) : 0;
/* for now NS flag is not used in Linux */
pbd->global_data =
@@ -2053,7 +2056,7 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
pbd->ip_hlen_w = (skb_transport_header(skb) -
skb_network_header(skb)) / 2;
- hlen += pbd->ip_hlen_w + tcp_hdrlen(skb) / 2;
+ hlen += pbd->ip_hlen_w + tcphlen / 2;
pbd->total_hlen_w = cpu_to_le16(hlen);
hlen = hlen*2;
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] bnx2x: dont dereference tcp header on non tcp frames
2011-04-20 7:31 ` [PATCH] bnx2x: dont dereference tcp header on non tcp frames Eric Dumazet
@ 2011-04-20 8:46 ` David Miller
2011-04-20 9:40 ` Dmitry Kravkov
0 siblings, 1 reply; 6+ messages in thread
From: David Miller @ 2011-04-20 8:46 UTC (permalink / raw)
To: eric.dumazet; +Cc: dmitry, eilong, netdev
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 20 Apr 2011 09:31:53 +0200
> [PATCH] bnx2x: dont dereference tcp header on non tcp frames
>
> bnx2x_set_pbd_csum() & bnx2x_set_pbd_csum_e2() use
> tcp_hdrlen(skb) even for non TCP frames
>
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Broadcom folks please review.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] bnx2x: dont dereference tcp header on non tcp frames
2011-04-20 8:46 ` David Miller
@ 2011-04-20 9:40 ` Dmitry Kravkov
2011-04-20 15:08 ` Dmitry Kravkov
2011-04-22 0:20 ` David Miller
0 siblings, 2 replies; 6+ messages in thread
From: Dmitry Kravkov @ 2011-04-20 9:40 UTC (permalink / raw)
To: David Miller; +Cc: eric.dumazet, Eilon Greenstein, netdev
On Wed, 2011-04-20 at 01:46 -0700, David Miller wrote:
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Wed, 20 Apr 2011 09:31:53 +0200
>
> > [PATCH] bnx2x: dont dereference tcp header on non tcp frames
> >
> > bnx2x_set_pbd_csum() & bnx2x_set_pbd_csum_e2() use
> > tcp_hdrlen(skb) even for non TCP frames
> >
> > Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
>
> Broadcom folks please review.
>
Following patch fixes udp checksum offload flow and also addresses
issues raised by Eric. We are testing it now.
From: Vladislav Zolotarov <vladz@broadcom.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
---
drivers/net/bnx2x/bnx2x_cmn.c | 34 ++++++++++++++++++++++++----------
1 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/drivers/net/bnx2x/bnx2x_cmn.c b/drivers/net/bnx2x/bnx2x_cmn.c
index e83ac6d..16581df 100644
--- a/drivers/net/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/bnx2x/bnx2x_cmn.c
@@ -2019,15 +2019,23 @@ static inline void bnx2x_set_pbd_gso(struct sk_buff *skb,
static inline u8 bnx2x_set_pbd_csum_e2(struct bnx2x *bp, struct sk_buff *skb,
u32 *parsing_data, u32 xmit_type)
{
- *parsing_data |= ((tcp_hdrlen(skb)/4) <<
- ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW_SHIFT) &
- ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW;
+ *parsing_data |=
+ ((((u8 *)skb_transport_header(skb) - skb->data) >> 1) <<
+ ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W_SHIFT) &
+ ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W;
- *parsing_data |= ((((u8 *)tcp_hdr(skb) - skb->data) / 2) <<
- ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W_SHIFT) &
- ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W;
+ if (xmit_type & XMIT_CSUM_TCP) {
+ *parsing_data |= ((tcp_hdrlen(skb) / 4) <<
+ ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW_SHIFT) &
+ ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW;
- return skb_transport_header(skb) + tcp_hdrlen(skb) - skb->data;
+ return skb_transport_header(skb) + tcp_hdrlen(skb) - skb->data;
+ } else
+ /* We support checksum offload for TCP and UDP only.
+ * No need to pass the UDP header length - it's a constant.
+ */
+ return skb_transport_header(skb) +
+ sizeof(struct udphdr) - skb->data;
}
/**
@@ -2043,7 +2051,7 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
struct eth_tx_parse_bd_e1x *pbd,
u32 xmit_type)
{
- u8 hlen = (skb_network_header(skb) - skb->data) / 2;
+ u8 hlen = (skb_network_header(skb) - skb->data) >> 1;
/* for now NS flag is not used in Linux */
pbd->global_data =
@@ -2051,9 +2059,15 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
ETH_TX_PARSE_BD_E1X_LLC_SNAP_EN_SHIFT));
pbd->ip_hlen_w = (skb_transport_header(skb) -
- skb_network_header(skb)) / 2;
+ skb_network_header(skb)) >> 1;
- hlen += pbd->ip_hlen_w + tcp_hdrlen(skb) / 2;
+ hlen += pbd->ip_hlen_w;
+
+ /* We support checksum offload for TCP and UDP only */
+ if (xmit_type & XMIT_CSUM_TCP)
+ hlen += tcp_hdrlen(skb) / 2;
+ else
+ hlen += sizeof(struct udphdr) / 2;
pbd->total_hlen_w = cpu_to_le16(hlen);
hlen = hlen*2;
--
1.7.2.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] bnx2x: dont dereference tcp header on non tcp frames
2011-04-20 9:40 ` Dmitry Kravkov
@ 2011-04-20 15:08 ` Dmitry Kravkov
2011-04-22 0:20 ` David Miller
1 sibling, 0 replies; 6+ messages in thread
From: Dmitry Kravkov @ 2011-04-20 15:08 UTC (permalink / raw)
To: David Miller; +Cc: eric.dumazet, Eilon Greenstein, netdev
On Wed, 2011-04-20 at 02:40 -0700, Dmitry Kravkov wrote:
> Following patch fixes udp checksum offload flow and also addresses
> issues raised by Eric. We are testing it now.
It passed local regression, i was also unable to reproduce kmemcheck
warning.
I hit this one (on net-2.6 from today) not sure if it's related:
INFO: rcu_sched_state detected stall on CPU 0 (t=60000 jiffies)
sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU 0
Modules linked in: bnx2x nfs fscache nfsd nfs_acl auth_rpcgss autofs4
bluetooth rfkill lockd sunrpc ipv6 loop dm_mirror dm_multipath scsi_dh
video sbs sbshc power_meter battery acpi_memhotplug ac parport_pc lp
parport ide_cd_mod cdrom serio_raw option usb_wwan usbserial button b
nx2 tpm_tis tpm tpm_bios ipmi_si ipmi_msghandler hpilo mdio rtc_cmos
pcspkr rtc_core i5k_amb hwmon i5000_edac edac_core rtc_lib
dm_region_hash dm_log dm_mod ata_piix libata shpchp cciss sd_mod
scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd [last unloaded: bnx2x]
Pid: 3441, comm: kworker/0:3 Not tainted 2.6.39-rc2test+ #2 HP ProLiant
DL380 G5
RIP: 0010:[<ffffffff811cbf65>] [<ffffffff811cbf65>] delay_tsc+0x15/0x60
RSP: 0018:ffff88023fc03e78 EFLAGS: 00000803
RAX: 00000000ddf79987 RBX: 0000000000000001 RCX: ffffffff817894e0
RDX: 00000000000001aa RSI: 00000000000000ff RDI: 00000000002dc788
RBP: ffff88023fc03e78 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000000a R12: ffff88023fc0e5e0
R13: ffff88023497cf60 R14: ffffffff81729900 R15: ffffffff81729a00
FS: 0000000000000000(0000) GS:ffff88023fc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f24456760a0 CR3: 0000000001713000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Process kworker/0:3 (pid: 3441, threadinfo ffff88021fe74000, task
ffff88023497cf60)
Stack:
ffff88023fc03e88 ffffffff811cbf1a ffff88023fc03e98 ffffffff811cbf47
ffff88023fc03eb8 ffffffff8101d155 0000000000000000 ffffffff81729900
ffff88023fc03ef8 ffffffff81092b9c 000000004daf0bb9 0000000000000000
Call Trace:
<IRQ>
[<ffffffff811cbf1a>] __delay+0xa/0x10
[<ffffffff811cbf47>] __const_udelay+0x27/0x30
[<ffffffff8101d155>] arch_trigger_all_cpu_backtrace+0x75/0xb0
[<ffffffff81092b9c>] __rcu_pending+0x9c/0x370
[<ffffffff81092efd>] rcu_check_callbacks+0x8d/0xd0
[<ffffffff810530c1>] update_process_times+0x41/0x80
[<ffffffff81070c07>] tick_periodic+0x27/0x70
[<ffffffff81070c71>] tick_handle_periodic+0x21/0x80
[<ffffffff8101cbd6>] smp_apic_timer_interrupt+0x66/0xa0
[<ffffffff813c1993>] apic_timer_interrupt+0x13/0x20
<EOI>
[<ffffffff811b1964>] ? blk_delay_work+0x34/0x40
[<ffffffff8105d449>] process_one_work+0xf9/0x390
[<ffffffff811b1930>] ? submit_bio+0xd0/0xd0
[<ffffffff8105fa45>] worker_thread+0xe5/0x270
[<ffffffff8105f960>] ? gcwq_mayday_timeout+0x80/0x80
[<ffffffff810638e6>] kthread+0x96/0xa0
[<ffffffff813c20d4>] kernel_thread_helper+0x4/0x10
[<ffffffff81063850>] ? kthread_stop+0xd0/0xd0
[<ffffffff813c20d0>] ? gs_change+0xb/0xb
Code: 89 e5 f7 e2 48 8d 7a 01 e8 c9 ff ff ff c9 c3 0f 1f 80 00 00 00 00
55 65 44 8b 0c 25 68 c5 00 00 48 89 e5 66 66 90 0f ae e8 0f 31
89 c0 44 89 ce eb 11 0f 1f 00 f3 90 65 8b 0c 25 68 c5 00 00
Call Trace:
<IRQ> [<ffffffff811cbf1a>] __delay+0xa/0x10
[<ffffffff811cbf47>] __const_udelay+0x27/0x30
[<ffffffff8101d155>] arch_trigger_all_cpu_backtrace+0x75/0xb0
[<ffffffff81092b9c>] __rcu_pending+0x9c/0x370
[<ffffffff81092efd>] rcu_check_callbacks+0x8d/0xd0
[<ffffffff810530c1>] update_process_times+0x41/0x80
[<ffffffff81070c07>] tick_periodic+0x27/0x70
[<ffffffff81070c71>] tick_handle_periodic+0x21/0x80
[<ffffffff8101cbd6>] smp_apic_timer_interrupt+0x66/0xa0
[<ffffffff813c1993>] apic_timer_interrupt+0x13/0x20
<EOI> [<ffffffff811b1964>] ? blk_delay_work+0x34/0x40
[<ffffffff8105d449>] process_one_work+0xf9/0x390
[<ffffffff811b1930>] ? submit_bio+0xd0/0xd0
[<ffffffff8105fa45>] worker_thread+0xe5/0x270
[<ffffffff8105f960>] ? gcwq_mayday_timeout+0x80/0x80
[<ffffffff810638e6>] kthread+0x96/0xa0
[<ffffffff813c20d4>] kernel_thread_helper+0x4/0x10
[<ffffffff81063850>] ? kthread_stop+0xd0/0xd0
[<ffffffff813c20d0>] ? gs_change+0xb/0xb
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] bnx2x: dont dereference tcp header on non tcp frames
2011-04-20 9:40 ` Dmitry Kravkov
2011-04-20 15:08 ` Dmitry Kravkov
@ 2011-04-22 0:20 ` David Miller
1 sibling, 0 replies; 6+ messages in thread
From: David Miller @ 2011-04-22 0:20 UTC (permalink / raw)
To: dmitry; +Cc: eric.dumazet, eilong, netdev
From: "Dmitry Kravkov" <dmitry@broadcom.com>
Date: Wed, 20 Apr 2011 12:40:10 +0300
> On Wed, 2011-04-20 at 01:46 -0700, David Miller wrote:
>> From: Eric Dumazet <eric.dumazet@gmail.com>
>> Date: Wed, 20 Apr 2011 09:31:53 +0200
>>
>> > [PATCH] bnx2x: dont dereference tcp header on non tcp frames
>> >
>> > bnx2x_set_pbd_csum() & bnx2x_set_pbd_csum_e2() use
>> > tcp_hdrlen(skb) even for non TCP frames
>> >
>> > Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
>>
>> Broadcom folks please review.
>>
>
> Following patch fixes udp checksum offload flow and also addresses
> issues raised by Eric. We are testing it now.
>
> From: Vladislav Zolotarov <vladz@broadcom.com>
>
> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
> Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Can you guys please wrap this up and formally submit this patch?
Please remember to add appropriate tags for Eric, probably both
"Reported-by: " and "Tested-by: ".
Thank you!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-04-22 0:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-19 16:11 [BUG] bnx2x: bnx2x_set_pbd_csum() random accesses Eric Dumazet
2011-04-20 7:31 ` [PATCH] bnx2x: dont dereference tcp header on non tcp frames Eric Dumazet
2011-04-20 8:46 ` David Miller
2011-04-20 9:40 ` Dmitry Kravkov
2011-04-20 15:08 ` Dmitry Kravkov
2011-04-22 0:20 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.