mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-08 17:49:45 +00:00
ch_ktls: Fix kernel panic
commit1a73e427b8
upstream. Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take tx_ctx lock for the complete skb transmit, to avoid page cleanup if ACK received in middle. Fixes:5a4b9fe7fe
("cxgb4/chcr: complete record tx handling") Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com> Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
976da1b087
commit
8d5a9dbd21
1 changed files with 5 additions and 19 deletions
|
@ -2015,12 +2015,11 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
|
|||
* we will send the complete record again.
|
||||
*/
|
||||
|
||||
spin_lock_irqsave(&tx_ctx->base.lock, flags);
|
||||
|
||||
do {
|
||||
int i;
|
||||
|
||||
cxgb4_reclaim_completed_tx(adap, &q->q, true);
|
||||
/* lock taken */
|
||||
spin_lock_irqsave(&tx_ctx->base.lock, flags);
|
||||
/* fetch the tls record */
|
||||
record = tls_get_record(&tx_ctx->base, tcp_seq,
|
||||
&tx_info->record_no);
|
||||
|
@ -2079,11 +2078,11 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
|
|||
tls_end_offset, skb_offset,
|
||||
0);
|
||||
|
||||
spin_unlock_irqrestore(&tx_ctx->base.lock, flags);
|
||||
if (ret) {
|
||||
/* free the refcount taken earlier */
|
||||
if (tls_end_offset < data_len)
|
||||
dev_kfree_skb_any(skb);
|
||||
spin_unlock_irqrestore(&tx_ctx->base.lock, flags);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -2093,16 +2092,6 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
|
|||
continue;
|
||||
}
|
||||
|
||||
/* increase page reference count of the record, so that there
|
||||
* won't be any chance of page free in middle if in case stack
|
||||
* receives ACK and try to delete the record.
|
||||
*/
|
||||
for (i = 0; i < record->num_frags; i++)
|
||||
__skb_frag_ref(&record->frags[i]);
|
||||
/* lock cleared */
|
||||
spin_unlock_irqrestore(&tx_ctx->base.lock, flags);
|
||||
|
||||
|
||||
/* if a tls record is finishing in this SKB */
|
||||
if (tls_end_offset <= data_len) {
|
||||
ret = chcr_end_part_handler(tx_info, skb, record,
|
||||
|
@ -2127,13 +2116,9 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
|
|||
data_len = 0;
|
||||
}
|
||||
|
||||
/* clear the frag ref count which increased locally before */
|
||||
for (i = 0; i < record->num_frags; i++) {
|
||||
/* clear the frag ref count */
|
||||
__skb_frag_unref(&record->frags[i]);
|
||||
}
|
||||
/* if any failure, come out from the loop. */
|
||||
if (ret) {
|
||||
spin_unlock_irqrestore(&tx_ctx->base.lock, flags);
|
||||
if (th->fin)
|
||||
dev_kfree_skb_any(skb);
|
||||
|
||||
|
@ -2148,6 +2133,7 @@ static int chcr_ktls_xmit(struct sk_buff *skb, struct net_device *dev)
|
|||
|
||||
} while (data_len > 0);
|
||||
|
||||
spin_unlock_irqrestore(&tx_ctx->base.lock, flags);
|
||||
atomic64_inc(&port_stats->ktls_tx_encrypted_packets);
|
||||
atomic64_add(skb_data_len, &port_stats->ktls_tx_encrypted_bytes);
|
||||
|
||||
|
|
Loading…
Reference in a new issue