• G
    enic: fix rq disable · 9fe1c98a
    Govindarajulu Varadarajan 提交于
    When MTU is changed from 9000 to 1500 while there is burst of inbound 9000
    bytes packets, adaptor sometimes delivers 9000 bytes packets to 1500 bytes
    buffers. This causes memory corruption and sometimes crash.
    
    This is because of a race condition in adaptor between "RQ disable"
    clearing descriptor mini-cache and mini-cache valid bit being set by
    completion of descriptor fetch. This can result in stale RQ desc being
    cached and used when packets arrive. In this case, the stale descriptor
    have old MTU value.
    
    Solution is to write RQ->disable twice. The first write will stop any
    further desc fetches, allowing the second disable to clear the mini-cache
    valid bit without danger of a race.
    
    Also, the check for rq->running becoming 0 after writing rq->enable to 0
    is not done properly. When incoming packets are flooding the interface,
    rq->running will pulse high for each dropped packet. Since the driver was
    waiting for 10us between each poll, it is possible to see rq->running = 1
    1000 times in a row, even though it is not actually stuck running.
    This results in false failure of vnic_rq_disable(). Fix is to try more
    than 1000 time without delay between polls to ensure we do not miss when
    running goes low.
    
    In old adaptors rq->enable needs to be re-written to 0 when posted_index
    is reset in vnic_rq_clean() in order to keep rq->prefetch_index in sync.
    Signed-off-by: NGovindarajulu Varadarajan <_govind@gmx.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    9fe1c98a
vnic_rq.c 5.8 KB