mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-06 08:46:46 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Vince Bridgers 2618abb73c stmmac: Fix kernel crashes for jumbo frames 
These changes correct the following issues with jumbo frames on the
stmmac driver:

1) The Synopsys EMAC can be configured to support different FIFO
sizes at core configuration time. There's no way to query the
controller and know the FIFO size, so the driver needs to get this
information from the device tree in order to know how to correctly
handle MTU changes and setting up dma buffers. The default
max-frame-size is as currently used, which is the size of a jumbo
frame.

2) The driver was enabling Jumbo frames by default, but was not allocating
dma buffers of sufficient size to handle the maximum possible packet
size that could be received. This led to memory corruption since DMAs were
occurring beyond the extent of the allocated receive buffers for certain types
of network traffic.

kernel BUG at net/core/skbuff.c:126!
Internal error: Oops - BUG: 0 [#1] SMP ARM
Modules linked in:
CPU: 0 PID: 563 Comm: sockperf Not tainted 3.13.0-rc6-01523-gf7111b9 #31
task: ef35e580 ti: ef252000 task.ti: ef252000
PC is at skb_panic+0x60/0x64
LR is at skb_panic+0x60/0x64
pc : [<c03c7c3c>]    lr : [<c03c7c3c>]    psr: 60000113
sp : ef253c18  ip : 60000113  fp : 00000000
r10: ef3a5400  r9 : 00000ebc  r8 : ef3a546c
r7 : ee59f000  r6 : ee59f084  r5 : ee59ff40  r4 : ee59f140
r3 : 000003e2  r2 : 00000007  r1 : c0b9c420  r0 : 0000007d
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 2e8ac04a  DAC: 00000015
Process sockperf (pid: 563, stack limit = 0xef252248)
Stack: (0xef253c18 to 0xef254000)
3c00:                                                       00000ebc ee59f000
3c20: ee59f084 ee59ff40 ee59f140 c04a9cd8 ee8c50c0 00000ebc ee59ff40 00000000
3c40: ee59f140 c02d0ef0 00000056 ef1eda80 ee8c50c0 00000ebc 22bbef29 c0318f8c
3c60: 00000056 ef3a547c ffe2c716 c02c9c90 c0ba1298 ef3a5838 ef3a5838 ef3a5400
3c80: 000020c0 ee573840 000055cb ef3f2050 c053f0e0 c0319214 22b9b085 22d92813
3ca0: 00001c80 004b8e00 ef3a5400 ee573840 ef3f2064 22d92813 ef3f2064 000055cb
3cc0: ef3f2050 c031a19c ef252000 00000000 00000000 c0561bc0 00000000 ff00ffff
3ce0: c05621c0 ef3a5400 ef3f2064 ee573840 00000020 ef3f2064 000055cb ef3f2050
3d00: c053f0e0 c031cad0 c053e740 00000e60 00000000 00000000 ee573840 ef3a5400
3d20: ef0a6e00 00000000 ef3f2064 c032507c 00010000 00000020 c0561bc0 c0561bc0
3d40: ee599850 c032799c 00000000 ee573840 c055a380 ef3a5400 00000000 ef3f2064
3d60: ef3f2050 c032799c 0101c7c0 2b6755cb c059a280 c030e4d8 000055cb ffffffff
3d80: ee574fc0 c055a380 ee574000 ee573840 00002b67 ee573840 c03fe9c4 c053fa68
3da0: c055a380 00001f6f 00000000 ee573840 c053f0e0 c0304fdc ef0a6e01 ef3f2050
3dc0: ee573858 ef031000 ee573840 c03055d8 c0ba0c40 ef000f40 00100100 c053f0dc
3de0: c053ffdc c053f0f0 00000008 00000000 ef031000 c02da948 00001140 00000000
3e00: c0563c78 ef253e5f 00000020 ee573840 00000020 c053f0f0 ef313400 ee573840
3e20: c053f0e0 00000000 00000000 c05380c0 ef313400 00001000 00000015 c02df280
3e40: ee574000 ef001e00 00000000 00001080 00000042 005cd980 ef031500 ef031500
3e60: 00000000 c02df824 ef031500 c053e390 c0541084 f00b1e00 c05925e8 c02df864
3e80: 00001f5c ef031440 c053e390 c0278524 00000002 00000000 c0b9eb48 c02df280
3ea0: ee8c7180 00000100 c0542ca8 00000015 00000040 ef031500 ef031500 ef031500
3ec0: c027803c ef252000 00000040 000000ec c05380c0 c0b9eb40 c0b9eb48 c02df940
3ee0: ef060780 ffffa4dd c0564a9c c056343c 002e80a8 00000080 ef031500 00000001
3f00: c053808c ef252000 fffec100 00000003 00000004 002e80a8 0000000c c00258f0
3f20: 002e80a8 c005e704 00000005 00000100 c05634d0 c0538080 c05333e0 00000000
3f40: 0000000a c0565580 c05380c0 ffffa4dc c05434f4 00400100 00000004 c0534cd4
3f60: 00000098 00000000 fffec100 002e80a8 00000004 002e80a8 002a20e0 c0025da8
3f80: c0534cd4 c000f020 fffec10c c053ea60 ef253fb0 c0008530 0000ffe2 b6ef67f4
3fa0: 40000010 ffffffff 00000124 c0012f3c 0000ffe2 002e80f0 0000ffe2 00004000
3fc0: becb6338 becb6334 00000004 00000124 002e80a8 00000004 002e80a8 002a20e0
3fe0: becb6300 becb62f4 002773bb b6ef67f4 40000010 ffffffff 00000000 00000000
[<c03c7c3c>] (skb_panic+0x60/0x64) from [<c02d0ef0>] (skb_put+0x4c/0x50)
[<c02d0ef0>] (skb_put+0x4c/0x50) from [<c0318f8c>] (tcp_collapse+0x314/0x3ec)
[<c0318f8c>] (tcp_collapse+0x314/0x3ec) from [<c0319214>]
(tcp_try_rmem_schedule+0x1b0/0x3c4)
[<c0319214>] (tcp_try_rmem_schedule+0x1b0/0x3c4) from [<c031a19c>]
(tcp_data_queue+0x480/0xe6c)
[<c031a19c>] (tcp_data_queue+0x480/0xe6c) from [<c031cad0>]
(tcp_rcv_established+0x180/0x62c)
[<c031cad0>] (tcp_rcv_established+0x180/0x62c) from [<c032507c>]
(tcp_v4_do_rcv+0x13c/0x31c)
[<c032507c>] (tcp_v4_do_rcv+0x13c/0x31c) from [<c032799c>]
(tcp_v4_rcv+0x718/0x73c)
[<c032799c>] (tcp_v4_rcv+0x718/0x73c) from [<c0304fdc>]
(ip_local_deliver+0x98/0x274)
[<c0304fdc>] (ip_local_deliver+0x98/0x274) from [<c03055d8>]
(ip_rcv+0x420/0x758)
[<c03055d8>] (ip_rcv+0x420/0x758) from [<c02da948>]
(__netif_receive_skb_core+0x44c/0x5bc)
[<c02da948>] (__netif_receive_skb_core+0x44c/0x5bc) from [<c02df280>]
(netif_receive_skb+0x48/0xb4)
[<c02df280>] (netif_receive_skb+0x48/0xb4) from [<c02df824>]
(napi_gro_flush+0x70/0x94)
[<c02df824>] (napi_gro_flush+0x70/0x94) from [<c02df864>]
(napi_complete+0x1c/0x34)
[<c02df864>] (napi_complete+0x1c/0x34) from [<c0278524>]
(stmmac_poll+0x4e8/0x5c8)
[<c0278524>] (stmmac_poll+0x4e8/0x5c8) from [<c02df940>]
(net_rx_action+0xc4/0x1e4)
[<c02df940>] (net_rx_action+0xc4/0x1e4) from [<c00258f0>]
(__do_softirq+0x12c/0x2e8)
[<c00258f0>] (__do_softirq+0x12c/0x2e8) from [<c0025da8>] (irq_exit+0x78/0xac)
[<c0025da8>] (irq_exit+0x78/0xac) from [<c000f020>] (handle_IRQ+0x44/0x90)
[<c000f020>] (handle_IRQ+0x44/0x90) from [<c0008530>]
(gic_handle_irq+0x2c/0x5c)
[<c0008530>] (gic_handle_irq+0x2c/0x5c) from [<c0012f3c>]
(__irq_usr+0x3c/0x60)

3) The driver was setting the dma buffer size after allocating dma buffers,
which caused a system panic when changing the MTU.

BUG: Bad page state in process ifconfig  pfn:2e850
page:c0b72a00 count:0 mapcount:0 mapping:  (null) index:0x0
page flags: 0x200(arch_1)
Modules linked in:
CPU: 0 PID: 566 Comm: ifconfig Not tainted 3.13.0-rc6-01523-gf7111b9 #29
[<c001547c>] (unwind_backtrace+0x0/0xf8) from [<c00122dc>]
(show_stack+0x10/0x14)
[<c00122dc>] (show_stack+0x10/0x14) from [<c03c793c>] (dump_stack+0x70/0x88)
[<c03c793c>] (dump_stack+0x70/0x88) from [<c00b2620>] (bad_page+0xc8/0x118)
[<c00b2620>] (bad_page+0xc8/0x118) from [<c00b302c>]
(get_page_from_freelist+0x744/0x870)
[<c00b302c>] (get_page_from_freelist+0x744/0x870) from [<c00b40f4>]
(__alloc_pages_nodemask+0x118/0x86c)
[<c00b40f4>] (__alloc_pages_nodemask+0x118/0x86c) from [<c00b4858>]
(__get_free_pages+0x10/0x54)
[<c00b4858>] (__get_free_pages+0x10/0x54) from [<c00cba1c>]
(kmalloc_order_trace+0x24/0xa0)
[<c00cba1c>] (kmalloc_order_trace+0x24/0xa0) from [<c02d199c>]
(__kmalloc_reserve.isra.21+0x24/0x70)
[<c02d199c>] (__kmalloc_reserve.isra.21+0x24/0x70) from [<c02d240c>]
(__alloc_skb+0x68/0x13c)
[<c02d240c>] (__alloc_skb+0x68/0x13c) from [<c02d3930>]
(__netdev_alloc_skb+0x3c/0xe8)
[<c02d3930>] (__netdev_alloc_skb+0x3c/0xe8) from [<c0279378>]
(stmmac_open+0x63c/0x1024)
[<c0279378>] (stmmac_open+0x63c/0x1024) from [<c02e18cc>]
(__dev_open+0xa0/0xfc)
[<c02e18cc>] (__dev_open+0xa0/0xfc) from [<c02e1b40>]
(__dev_change_flags+0x94/0x158)
[<c02e1b40>] (__dev_change_flags+0x94/0x158) from [<c02e1c24>]
(dev_change_flags+0x18/0x48)
[<c02e1c24>] (dev_change_flags+0x18/0x48) from [<c0337bc0>]
(devinet_ioctl+0x638/0x700)
[<c0337bc0>] (devinet_ioctl+0x638/0x700) from [<c02c7aec>]
(sock_ioctl+0x64/0x290)
[<c02c7aec>] (sock_ioctl+0x64/0x290) from [<c0100890>]
(do_vfs_ioctl+0x78/0x5b8)
[<c0100890>] (do_vfs_ioctl+0x78/0x5b8) from [<c0100e0c>] (SyS_ioctl+0x3c/0x5c)
[<c0100e0c>] (SyS_ioctl+0x3c/0x5c) from [<c000e760>]

The fixes have been verified using reproducible, automated testing.

Signed-off-by: Vince Bridgers <vbridgers2013@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-01-21 17:05:27 -08:00
..
accessibility
acpi Merge branches 'acpi-battery' and 'pm-cpufreq' 2014-01-06 22:49:08 +01:00
amba DMA-API: amba: get rid of separate dma_mask 2013-10-31 14:48:38 +00:00
ata Merge branch 'for-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2014-01-09 09:08:23 +08:00
atm atm: slight optimization of addr compare 2013-12-26 13:31:34 -05:00
auxdisplay
base Revert "cpufreq: suspend governors on system suspend/hibernate" 2013-12-08 01:04:17 +01:00
bcma Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2014-01-10 10:59:40 -05:00
block block: null_blk: fix queue leak inside removing device 2014-01-12 16:22:42 +07:00
bluetooth Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2014-01-08 13:44:29 -05:00
bus Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2013-11-14 08:51:29 +09:00
cdrom
char ACPI / TPM: fix memory leak when walking ACPI namespace 2014-01-05 15:54:21 +01:00
clk clk: clk-divider: fix divisor > 255 bug 2014-01-08 08:33:12 -08:00
clocksource clocksource: cadence_ttc: Fix mutex taken inside interrupt context 2013-12-30 11:32:24 +01:00
connector connector: improved unaligned access error fix 2013-11-14 17:19:20 -05:00
cpufreq intel_pstate: Add X86_FEATURE_APERFMPERF to cpu match parameters. 2014-01-06 22:16:14 +01:00
cpuidle ARM/cpuidle: remove __init tag from Calxeda cpuidle probe function 2013-12-30 11:55:20 +01:00
crypto crypto: ixp4xx - Fix kernel compile error 2014-01-01 14:06:23 +08:00
dca
devfreq Merge branch 'pm-devfreq' 2013-11-07 19:24:20 +01:00
dio
dma drivers/dma/ioat/dma.c: check DMA mapping error in ioat_dma_self_test() 2014-01-02 14:40:30 -08:00
edac sb_edac: Shut up compiler warning when EDAC_DEBUG is enabled 2013-11-30 12:26:36 +01:00
eisa
extcon extcon: remove freed groups caused the panic or warning in unregister flow 2013-11-26 15:17:23 +09:00
firewire firewire: sbp2: bring back WRITE SAME support 2013-12-15 16:32:32 +01:00
firmware Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-12-29 13:35:04 -08:00
fmc
gpio GPIO fixes for the v3.13 development cycle: 2013-12-17 11:47:40 -08:00
gpu Merge branch 'drm-nouveau-next' of git://git.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes 2014-01-15 15:01:11 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-12-13 13:21:28 -08:00
hsi
hv
hwmon hwmon: (coretemp) Fix truncated name of alarm attributes 2014-01-14 09:47:52 -08:00
hwspinlock
i2c i2c: imx: Check the return value from clk_prepare_enable() 2013-12-12 22:48:22 +01:00
ide More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
idle intel_idle: close avn_cstates array with correct marker 2014-01-10 03:06:06 +01:00
iio iio:adc:ad7887 Fix channel reported endianness from cpu to big endian 2013-12-17 20:37:14 +00:00
infiniband net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
input Input: allocate absinfo data when setting ABS capability 2013-12-31 10:53:19 -08:00
iommu iommu/arm-smmu: fix error return code in arm_smmu_device_dt_probe() 2013-12-06 16:44:25 +00:00
ipack
irqchip Renesas ARM based SoC fixes for v3.13 2013-12-20 11:28:30 -08:00
isdn net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
leds leds: lp5521/5523: Remove duplicate mutex 2014-01-10 14:48:07 -08:00
lguest x86, asmlinkage, lguest: Pass in globals into assembler statement 2013-11-07 12:13:05 +10:30
macintosh powerpc/windfarm: Fix XServe G5 fan control Makefile issue 2013-11-27 11:35:47 +11:00
mailbox
md md: half a dozen bug fixes for 3.13 2014-01-15 15:07:36 +07:00
media media: dvb_core: slight optimization of addr compare 2013-12-26 13:31:34 -05:00
memory
memstick tree-wide: use reinit_completion instead of INIT_COMPLETION 2013-11-15 09:32:21 +09:00
message drivers/message/i2o/driver.c: add missing destroy_workqueue() on error in i2o_driver_register() 2013-11-13 12:09:26 +09:00
mfd This is the 2nd MFD pull request for 3.13 2014-01-11 06:23:57 +07:00
misc Char/Misc driver fixes for 3.13-rc3 2013-12-08 18:47:25 -08:00
mmc mmc: omap: Fix I2C dependency and make driver usable with device tree 2013-11-26 15:51:16 -08:00
mtd Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2014-01-06 12:20:45 +11:00
net stmmac: Fix kernel crashes for jumbo frames 2014-01-21 17:05:27 -08:00
nfc NFC: nfcmrvl: Fix possible memory leak issue 2014-01-09 01:27:20 +01:00
ntb NTB driver bug fixes to address a missed call to pci_enable_msix, 2013-11-26 11:15:12 -08:00
nubus
of phylib: Add of_phy_attach 2014-01-13 14:29:49 -08:00
oprofile
parisc
parport Kconfig cleanups for v3.13 2013-11-15 14:05:15 -08:00
pci Merge branches 'acpi-pci-pm' and 'acpi-pci-hotplug' 2013-12-31 22:03:37 +01:00
pcmcia DeviceTree updates for 3.13. This is a bit larger pull request than 2013-11-12 16:52:17 +09:00
phy phy,exynos: Add dependency on HAS_IOMEM 2014-01-15 14:51:22 -08:00
pinctrl Merge branches 'powercap' and 'acpi-lpss' with new device IDs 2013-12-27 00:43:24 +01:00
platform sony-laptop: do not scribble keyboard backlight registers on resume 2013-11-26 13:03:36 +09:00
pnp PNP: fix restoring devices after hibernation 2013-12-05 02:01:55 +01:00
power power,goldfish: Add dependency on HAS_IOMEM 2014-01-15 14:51:22 -08:00
powercap powercap / RAPL: add support for ValleyView Soc 2013-12-22 01:27:51 +01:00
pps drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr 2013-11-13 12:09:35 +09:00
ps3
ptp ptp_pch: Add dependency on HAS_IOMEM 2014-01-15 14:51:22 -08:00
pwm pwm: samsung: Fix kernel warning while unexporting a channel 2013-11-01 11:17:57 +01:00
rapidio
regulator mfd: s2mps11: Fix build after regmap field rename in sec-core.c 2013-12-16 11:30:39 +00:00
remoteproc
reset
rpmsg
rtc mfd/rtc: s5m: fix register updating by adding regmap for RTC 2013-12-12 18:19:26 -08:00
s390 qeth: bridgeport support - address notifications 2014-01-15 14:48:01 -08:00
sbus
scsi qla2xxx: Fix scsi_host leak on qlt_lport_register callback failure 2013-12-19 14:50:17 -08:00
sfi
sh
sn
spi Merge remote-tracking branches 'spi/fix/bcm2835', 'spi/fix/bcm63xx', 'spi/fix/mpc512x-psc', 'spi/fix/mxs', 'spi/fix/pxa2xx', 'spi/fix/qspi', 'spi/fix/rspi' and 'spi/fix/txx9' into spi-linus 2013-11-28 11:31:35 +00:00
ssb ssb: fix sparse warnings in driver_chipcommon_sflash.c 2014-01-03 15:37:01 -05:00
staging Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2014-01-17 14:43:17 -05:00
target target: Remove extra percpu_ref_init 2013-12-19 14:49:54 -08:00
tc
thermal Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
tty tty: xuartps: Properly guard sysrq specific code 2013-12-17 16:02:25 -08:00
uio uio: we cannot mmap unaligned page contents 2013-12-02 11:50:37 -08:00
usb usb: ohci-at91: fix irq and iomem resource retrieval 2013-12-17 13:22:36 -08:00
uwb Driver Core / sysfs patches for 3.13-rc1 2013-11-07 11:42:15 +09:00
vfio
vhost vhost: remove the dead branch 2013-12-06 15:22:05 -05:00
video Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-12-09 19:21:39 -08:00
virt
virtio virtio_balloon: update_balloon_size(): update correct field 2013-12-05 13:12:39 +10:30
vlynq
vme
w1 drivers/w1/masters/w1-gpio.c: use dev_get_platdata() 2013-11-15 09:32:21 +09:00
watchdog sc1200_wdt: Fix oops 2013-12-10 08:48:15 +01:00
xen Bug-fixes: 2013-12-20 09:34:54 -08:00
zorro
Kconfig ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00
Makefile ACPI and power management updates for 3.13-rc1 2013-11-14 13:41:48 +09:00