[Intel-wired-lan] [PATCH intel-net 1/2] ice: xsk: prohibit usage of non-balanced queue id

Kuruvinakunnel, George george.kuruvinakunnel at intel.com
Thu Aug 18 18:27:57 UTC 2022


> From: Intel-wired-lan <intel-wired-lan-bounces at osuosl.org> On Behalf Of Maciej
> Fijalkowski
> Sent: Thursday, August 11, 2022 11:52 PM
> To: intel-wired-lan at lists.osuosl.org
> Cc: alasdair.mcwilliam at outlook.com; xdp-newbies at vger.kernel.org; Karlsson,
> Magnus <magnus.karlsson at intel.com>
> Subject: [Intel-wired-lan] [PATCH intel-net 1/2] ice: xsk: prohibit usage of non-
> balanced queue id
> 
> Fix the following scenario:
> 1. ethtool -L $IFACE rx 8 tx 96
> 2. xdpsock -q 10 -t -z
> 
> Above refers to a case where user would like to attach XSK socket in txonly mode
> at a queue id that does not have a corresponding Rx queue.
> At this moment ice's XSK logic is tightly bound to act on a "queue pair", e.g. both
> Tx and Rx queues at a given queue id are disabled/enabled and both of them will
> get XSK pool assigned, which is broken for the presented queue configuration.
> This results in the splat included at the bottom, which is basically an OOB access
> to Rx ring array.
> 
> To fix this, allow using the ids only in scope of "combined" queues reported by
> ethtool. However, logic should be rewritten to allow such configurations later on,
> which would end up as a complete rewrite of the control path, so let us go with this
> temporary fix.
> 
> [420160.558008] BUG: kernel NULL pointer dereference, address:
> 0000000000000082 [420160.566359] #PF: supervisor read access in kernel mode
> [420160.572657] #PF: error_code(0x0000) - not-present page [420160.579002]
> PGD 0 P4D 0 [420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI
> [420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G           OE
> 5.19.0-rc7+ #10
> [420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS
> SE5C620.86B.02.01.0008.031920191559 03/19/2019 [420160.609894] RIP:
> 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice] [420160.616968] Code: f3 48 83 ec 40
> 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed
> 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00
> 48 8d 72 ff 48 85 [420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS:
> 00010282 [420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX:
> ffff888112c14ff8 [420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00
> RDI: ffff888109861000 [420160.665166] RBP: 000000000000000a R08:
> 000000000000000a R09: 0000000000000000 [420160.674493] R10:
> 000000000000889f R11: 0000000000000000 R12: 000000000000000a
> [420160.683833] R13: 000000000000000a R14: 0000000000000000 R15:
> ffff888117611828 [420160.693211] FS:  00007fa869fc1f80(0000)
> GS:ffff8897e0880000(0000) knlGS:0000000000000000 [420160.703645] CS:  0010
> DS: 0000 ES: 0000 CR0: 0000000080050033 [420160.711783] CR2:
> 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0
> [420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000 [420160.731045] DR3: 0000000000000000 DR6:
> 00000000fffe0ff0 DR7: 0000000000000400 [420160.740707] PKRU: 55555554
> [420160.745960] Call Trace:
> [420160.750962]  <TASK>
> [420160.755597]  ? kmalloc_large_node+0x79/0x90 [420160.762703]  ?
> __kmalloc_node+0x3f5/0x4b0 [420160.769341]  xp_assign_dev+0xfd/0x210
> [420160.775661]  ? shmem_file_read_iter+0x29a/0x420 [420160.782896]
> xsk_bind+0x152/0x490 [420160.788943]  __sys_bind+0xd0/0x100
> [420160.795097]  ? exit_to_user_mode_prepare+0x20/0x120
> [420160.802801]  __x64_sys_bind+0x16/0x20 [420160.809298]
> do_syscall_64+0x38/0x90 [420160.815741]
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> [420160.823731] RIP: 0033:0x7fa86a0dd2fb [420160.830264] Code: c3 66 0f 1f 44
> 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e
> fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64
> 89 01 48 [420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246
> ORIG_RAX: 0000000000000031 [420160.866366] RAX: ffffffffffffffda RBX:
> 0000000000000000 RCX: 00007fa86a0dd2fb [420160.876957] RDX:
> 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003
> [420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09:
> 0000000080000000 [420160.898293] R10: 0000000000008001 R11:
> 0000000000000246 R12: 000055d7113a04e0 [420160.909038] R13:
> 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000
> [420160.919817]  </TASK> [420160.925659] Modules linked in: ice(OE) af_packet
> binfmt_misc nls_iso8859_1 ipmi_ssif intel_rapl_msr intel_rapl_common
> x86_pkg_temp_thermal intel_powerclamp mei_me coretemp ioatdma mei ipmi_si
> wmi ipmi_msghandler acpi_pad acpi_power_meter ip_tables x_tables autofs4
> ixgbe i40e crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel
> crypto_simd cryptd ahci mdio dca libahci lpc_ich [last unloaded: ice]
> [420160.977576] CR2: 0000000000000082 [420160.985037] ---[ end trace
> 0000000000000000 ]--- [420161.097724] RIP:
> 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice] [420161.107341] Code: f3 48 83 ec 40
> 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed
> 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00
> 48 8d 72 ff 48 85 [420161.134741] RSP: 0018:ffffc9002d2afd48 EFLAGS:
> 00010282 [420161.144274] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX:
> ffff888112c14ff8 [420161.155690] RDX: 0000000000000000 RSI: ffff88811d8bdd00
> RDI: ffff888109861000 [420161.168088] RBP: 000000000000000a R08:
> 000000000000000a R09: 0000000000000000 [420161.179295] R10:
> 000000000000889f R11: 0000000000000000 R12: 000000000000000a
> [420161.190420] R13: 000000000000000a R14: 0000000000000000 R15:
> ffff888117611828 [420161.201505] FS:  00007fa869fc1f80(0000)
> GS:ffff8897e0880000(0000) knlGS:0000000000000000 [420161.213628] CS:  0010
> DS: 0000 ES: 0000 CR0: 0000000080050033 [420161.223413] CR2:
> 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0
> [420161.234653] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000 [420161.245893] DR3: 0000000000000000 DR6:
> 00000000fffe0ff0 DR7: 0000000000000400 [420161.257052] PKRU: 55555554
> 
> Fixes: 2d4238f55697 ("ice: Add support for AF_XDP")
> Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski at intel.com>
> ---
>  drivers/net/ethernet/intel/ice/ice_xsk.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 

Tested-by: George Kuruvinakunnel <george.kuruvinakunnel at intel.com>


More information about the Intel-wired-lan mailing list