kernel: fix mtk flow offload list corruption issue with l2 flows

The same node was accidentally used for two different lists, causing an
invalid pointer chain.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2023-03-25 11:58:19 +01:00
parent 09115a1705
commit 95cae498b6
4 changed files with 48 additions and 31 deletions

View File

@ -12,7 +12,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/drivers/net/ethernet/mediatek/mtk_ppe.c
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.c
@@ -466,26 +466,30 @@ int mtk_foe_entry_set_queue(struct mtk_e
@@ -466,42 +466,43 @@ int mtk_foe_entry_set_queue(struct mtk_e
return 0;
}
@ -51,15 +51,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+__mtk_foe_entry_clear(struct mtk_ppe *ppe, struct mtk_flow_entry *entry,
+ bool set_state)
{
struct hlist_head *head;
- struct hlist_head *head;
struct hlist_node *tmp;
@@ -495,13 +499,12 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
if (entry->type == MTK_FLOW_TYPE_L2) {
rhashtable_remove_fast(&ppe->l2_flows, &entry->l2_node,
mtk_flow_l2_ht_params);
head = &entry->l2_flows;
- head = &entry->l2_flows;
- hlist_for_each_entry_safe(entry, tmp, head, l2_data.list)
- __mtk_foe_entry_clear(ppe, entry);
+ hlist_for_each_entry_safe(entry, tmp, head, list)
+ hlist_for_each_entry_safe(entry, tmp, &entry->l2_flows, l2_list)
+ __mtk_foe_entry_clear(ppe, entry, set_state);
return;
}
@ -70,16 +72,17 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct mtk_foe_entry *hwe = mtk_foe_get_entry(ppe, entry->hash);
hwe->ib1 &= ~MTK_FOE_IB1_STATE;
@@ -520,7 +523,7 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
@@ -520,7 +521,8 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
if (entry->type != MTK_FLOW_TYPE_L2_SUBFLOW)
return;
- hlist_del_init(&entry->l2_data.list);
+ hlist_del_init(&entry->l2_list);
+ hlist_del_init(&entry->list);
kfree(entry);
}
@@ -536,66 +539,55 @@ static int __mtk_foe_entry_idle_time(str
@@ -536,66 +538,55 @@ static int __mtk_foe_entry_idle_time(str
return now - timestamp;
}
@ -118,7 +121,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
idle = __mtk_foe_entry_idle_time(ppe, entry->data.ib1);
- hlist_for_each_entry_safe(cur, tmp, &entry->l2_flows, l2_data.list) {
+ hlist_for_each_entry_safe(cur, tmp, &entry->l2_flows, list) {
+ hlist_for_each_entry_safe(cur, tmp, &entry->l2_flows, l2_list) {
int cur_idle;
- u32 ib1;
-
@ -175,7 +178,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
static void
@@ -632,7 +624,8 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
@@ -632,7 +623,8 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
void mtk_foe_entry_clear(struct mtk_ppe *ppe, struct mtk_flow_entry *entry)
{
spin_lock_bh(&ppe_lock);
@ -185,7 +188,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_unlock_bh(&ppe_lock);
}
@@ -679,8 +672,8 @@ mtk_foe_entry_commit_subflow(struct mtk_
@@ -679,8 +671,8 @@ mtk_foe_entry_commit_subflow(struct mtk_
{
const struct mtk_soc_data *soc = ppe->eth->soc;
struct mtk_flow_entry *flow_info;
@ -195,7 +198,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
u32 ib1_mask = mtk_get_ib1_pkt_type_mask(ppe->eth) | MTK_FOE_IB1_UDP;
int type;
@@ -688,30 +681,30 @@ mtk_foe_entry_commit_subflow(struct mtk_
@@ -688,30 +680,30 @@ mtk_foe_entry_commit_subflow(struct mtk_
if (!flow_info)
return;
@ -205,7 +208,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
hlist_add_head(&flow_info->list,
&ppe->foe_flow[hash / soc->hash_offset]);
- hlist_add_head(&flow_info->l2_data.list, &entry->l2_flows);
+ hlist_add_head(&flow_info->list, &entry->l2_flows);
+ hlist_add_head(&flow_info->l2_list, &entry->l2_flows);
hwe = mtk_foe_get_entry(ppe, hash);
- memcpy(&foe, hwe, soc->foe_entry_size);
@ -236,7 +239,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
void __mtk_ppe_check_skb(struct mtk_ppe *ppe, struct sk_buff *skb, u16 hash)
@@ -721,9 +714,11 @@ void __mtk_ppe_check_skb(struct mtk_ppe
@@ -721,9 +713,11 @@ void __mtk_ppe_check_skb(struct mtk_ppe
struct mtk_foe_entry *hwe = mtk_foe_get_entry(ppe, hash);
struct mtk_flow_entry *entry;
struct mtk_foe_bridge key = {};
@ -248,7 +251,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
u8 *tag;
spin_lock_bh(&ppe_lock);
@@ -731,20 +726,14 @@ void __mtk_ppe_check_skb(struct mtk_ppe
@@ -731,20 +725,14 @@ void __mtk_ppe_check_skb(struct mtk_ppe
if (FIELD_GET(MTK_FOE_IB1_STATE, hwe->ib1) == MTK_FOE_STATE_BIND)
goto out;
@ -275,7 +278,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
continue;
}
@@ -795,9 +784,17 @@ out:
@@ -795,9 +783,17 @@ out:
int mtk_foe_entry_idle_time(struct mtk_ppe *ppe, struct mtk_flow_entry *entry)
{
@ -297,7 +300,21 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int mtk_ppe_prepare_reset(struct mtk_ppe *ppe)
--- a/drivers/net/ethernet/mediatek/mtk_ppe.h
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.h
@@ -275,13 +275,7 @@ struct mtk_flow_entry {
@@ -265,7 +265,12 @@ enum {
struct mtk_flow_entry {
union {
- struct hlist_node list;
+ /* regular flows + L2 subflows */
+ struct {
+ struct hlist_node list;
+ struct hlist_node l2_list;
+ };
+ /* L2 flows */
struct {
struct rhash_head l2_node;
struct hlist_head l2_flows;
@@ -275,13 +280,7 @@ struct mtk_flow_entry {
s8 wed_index;
u8 ppe_index;
u16 hash;

View File

@ -77,7 +77,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
static void mtk_ppe_cache_clear(struct mtk_ppe *ppe)
@@ -510,13 +525,6 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
@@ -508,13 +523,6 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
hwe->ib1 &= ~MTK_FOE_IB1_STATE;
hwe->ib1 |= FIELD_PREP(MTK_FOE_IB1_STATE, MTK_FOE_STATE_INVALID);
dma_wmb();
@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
entry->hash = 0xffff;
@@ -540,11 +548,14 @@ static int __mtk_foe_entry_idle_time(str
@@ -539,11 +547,14 @@ static int __mtk_foe_entry_idle_time(str
}
static bool
@ -107,7 +107,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int len;
if (hash == 0xffff)
@@ -555,18 +566,35 @@ mtk_flow_entry_update(struct mtk_ppe *pp
@@ -554,18 +565,35 @@ mtk_flow_entry_update(struct mtk_ppe *pp
memcpy(&foe, hwe, len);
if (!mtk_flow_entry_match(ppe->eth, entry, &foe, len) ||
@ -146,8 +146,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct mtk_flow_entry *cur;
struct hlist_node *tmp;
int idle;
@@ -575,7 +603,9 @@ mtk_flow_entry_update_l2(struct mtk_ppe
hlist_for_each_entry_safe(cur, tmp, &entry->l2_flows, list) {
@@ -574,7 +602,9 @@ mtk_flow_entry_update_l2(struct mtk_ppe
hlist_for_each_entry_safe(cur, tmp, &entry->l2_flows, l2_list) {
int cur_idle;
- if (!mtk_flow_entry_update(ppe, cur)) {
@ -157,7 +157,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
__mtk_foe_entry_clear(ppe, entry, false);
continue;
}
@@ -590,10 +620,29 @@ mtk_flow_entry_update_l2(struct mtk_ppe
@@ -589,10 +619,29 @@ mtk_flow_entry_update_l2(struct mtk_ppe
}
}
@ -187,7 +187,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct mtk_eth *eth = ppe->eth;
u16 timestamp = mtk_eth_timestamp(eth);
struct mtk_foe_entry *hwe;
@@ -618,6 +667,12 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
@@ -617,6 +666,12 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
dma_wmb();
@ -200,7 +200,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
mtk_ppe_cache_clear(ppe);
}
@@ -782,21 +837,6 @@ out:
@@ -781,21 +836,6 @@ out:
spin_unlock_bh(&ppe_lock);
}
@ -222,7 +222,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int mtk_ppe_prepare_reset(struct mtk_ppe *ppe)
{
if (!ppe)
@@ -824,32 +864,6 @@ int mtk_ppe_prepare_reset(struct mtk_ppe
@@ -823,32 +863,6 @@ int mtk_ppe_prepare_reset(struct mtk_ppe
return mtk_ppe_wait_busy(ppe);
}
@ -257,7 +257,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
bool accounting = eth->soc->has_accounting;
--- a/drivers/net/ethernet/mediatek/mtk_ppe.h
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.h
@@ -278,6 +278,8 @@ struct mtk_flow_entry {
@@ -283,6 +283,8 @@ struct mtk_flow_entry {
struct mtk_foe_entry data;
struct rhash_head node;
unsigned long cookie;
@ -266,7 +266,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
};
struct mtk_mib_entry {
@@ -320,6 +322,7 @@ struct mtk_ppe *mtk_ppe_init(struct mtk_
@@ -325,6 +327,7 @@ struct mtk_ppe *mtk_ppe_init(struct mtk_
void mtk_ppe_start(struct mtk_ppe *ppe);
int mtk_ppe_stop(struct mtk_ppe *ppe);
int mtk_ppe_prepare_reset(struct mtk_ppe *ppe);
@ -274,7 +274,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
void __mtk_ppe_check_skb(struct mtk_ppe *ppe, struct sk_buff *skb, u16 hash);
@@ -368,9 +371,8 @@ int mtk_foe_entry_set_queue(struct mtk_e
@@ -373,9 +376,8 @@ int mtk_foe_entry_set_queue(struct mtk_e
unsigned int queue);
int mtk_foe_entry_commit(struct mtk_ppe *ppe, struct mtk_flow_entry *entry);
void mtk_foe_entry_clear(struct mtk_ppe *ppe, struct mtk_flow_entry *entry);

View File

@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/drivers/net/ethernet/mediatek/mtk_ppe.c
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.c
@@ -525,6 +525,7 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
@@ -523,6 +523,7 @@ __mtk_foe_entry_clear(struct mtk_ppe *pp
hwe->ib1 &= ~MTK_FOE_IB1_STATE;
hwe->ib1 |= FIELD_PREP(MTK_FOE_IB1_STATE, MTK_FOE_STATE_INVALID);
dma_wmb();

View File

@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/drivers/net/ethernet/mediatek/mtk_ppe.c
+++ b/drivers/net/ethernet/mediatek/mtk_ppe.c
@@ -647,6 +647,7 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
@@ -646,6 +646,7 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
struct mtk_eth *eth = ppe->eth;
u16 timestamp = mtk_eth_timestamp(eth);
struct mtk_foe_entry *hwe;
@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (MTK_HAS_CAPS(eth->soc->caps, MTK_NETSYS_V2)) {
entry->ib1 &= ~MTK_FOE_IB1_BIND_TIMESTAMP_V2;
@@ -663,8 +664,13 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
@@ -662,8 +663,13 @@ __mtk_foe_entry_commit(struct mtk_ppe *p
wmb();
hwe->ib1 = entry->ib1;