From: "Nguyen, Anthony L" <anthony.l.nguyen@intel.com>
To: "alexander.duyck@gmail.com" <alexander.duyck@gmail.com>,
"kuba@kernel.org" <kuba@kernel.org>
Cc: lkp <lkp@intel.com>,
"Karlsson, Magnus" <magnus.karlsson@intel.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"Lobakin, Alexandr" <alexandr.lobakin@intel.com>,
"Fijalkowski, Maciej" <maciej.fijalkowski@intel.com>,
"dan.carpenter@oracle.com" <dan.carpenter@oracle.com>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"G, GurucharanX" <gurucharanx.g@intel.com>
Subject: Re: [PATCH net 1/3] ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
Date: Wed, 16 Mar 2022 19:00:39 +0000 [thread overview]
Message-ID: <e0d1a5caf1714f303ae89c909dfa4d04ebdde3e4.camel@intel.com> (raw)
In-Reply-To: <20220315202941.64319c5e@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
On Tue, 2022-03-15 at 20:29 -0700, Jakub Kicinski wrote:
> On Tue, 15 Mar 2022 14:12:23 -0700 Tony Nguyen wrote:
> > From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> >
> > It is possible to do NULL pointer dereference in routine that
> > updates
> > Tx ring stats. Currently only stats and bytes are updated when ring
>
> s/stats/packets/ ?
Will fix.
>
> > pointer is valid, but later on ring is accessed to propagate
> > gathered Tx
> > stats onto VSI stats.
> >
> > Change the existing logic to move to next ring when ring is NULL.
> >
> > Fixes: e72bba21355d ("ice: split ice_ring onto Tx/Rx separate
> > structs")
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> > Acked-by: Alexander Lobakin <alexandr.lobakin@intel.com>
> > Tested-by: Gurucharan G <gurucharanx.g@intel.com> (A Contingent
> > worker at Intel)
> > Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
> > ---
> > drivers/net/ethernet/intel/ice/ice_main.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/intel/ice/ice_main.c
> > b/drivers/net/ethernet/intel/ice/ice_main.c
> > index 493942e910be..d4a7c39fd078 100644
> > --- a/drivers/net/ethernet/intel/ice/ice_main.c
> > +++ b/drivers/net/ethernet/intel/ice/ice_main.c
> > @@ -5962,8 +5962,9 @@ ice_update_vsi_tx_ring_stats(struct ice_vsi
> > *vsi,
> > u64 pkts = 0, bytes = 0;
> >
> > ring = READ_ONCE(rings[i]);
>
> Not really related to this patch but why is there a read_once() here?
> Aren't stats read under rtnl_lock? What is this protecting against?
It looks like it was based on a patch from i40e [1]. From the commit, I
gather this is the reason:
"Previously the stats were 64 bit but highly racy due to the fact that
64 bit transactions are not atomic on 32 bit systems."
Thanks,
Tony
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=980e9b1186424fa3eb766d59fc91003d0ed1ed6a
(Resending as some non-text formatting snuck in to my reply. Sorry for
the spam)
next prev parent reply other threads:[~2022-03-16 19:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-15 21:12 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2022-03-15 Tony Nguyen
2022-03-15 21:12 ` [PATCH net 1/3] ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() Tony Nguyen
2022-03-16 3:29 ` Jakub Kicinski
2022-03-16 19:00 ` Nguyen, Anthony L [this message]
2022-03-16 20:24 ` Alexander Duyck
2022-03-16 20:46 ` Tony Nguyen
2022-03-15 21:12 ` [PATCH net 2/3] ice: destroy flow director filter mutex after releasing VSIs Tony Nguyen
2022-03-16 3:32 ` Jakub Kicinski
2022-03-16 18:45 ` Tony Nguyen
2022-03-15 21:12 ` [PATCH net 3/3] iavf: Fix double free in iavf_reset_task Tony Nguyen
2022-03-16 3:30 ` Jakub Kicinski
2022-03-16 18:46 ` Tony Nguyen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0d1a5caf1714f303ae89c909dfa4d04ebdde3e4.camel@intel.com \
--to=anthony.l.nguyen@intel.com \
--cc=alexander.duyck@gmail.com \
--cc=alexandr.lobakin@intel.com \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=gurucharanx.g@intel.com \
--cc=kuba@kernel.org \
--cc=lkp@intel.com \
--cc=maciej.fijalkowski@intel.com \
--cc=magnus.karlsson@intel.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.