Date: Thu, 9 Jul 2020 12:13:33 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Mark Johnston <markj@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r362962 - head/sys/net Message-ID: <92dc039d-72a0-4b9d-d907-d7e310d09bc9@selasky.org> In-Reply-To: <202007061452.066EqAap025536@repo.freebsd.org> References: <202007061452.066EqAap025536@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-07-06 16:52, Mark Johnston wrote: > Author: markj > Date: Mon Jul 6 14:52:09 2020 > New Revision: 362962 > URL: https://svnweb.freebsd.org/changeset/base/362962 > > Log: > iflib: Fix handling of mbuf cluster allocation failures. > > When refilling an rx freelist, make sure we only update the hardware > producer index if at least one cluster was allocated. Otherwise the > NIC is programmed to write a previously used cluster, typically > resulting in a use-after-free when packet data is written by the > hardware. > > Also make sure that we don't update the fragment index cursor if the > last allocation attempt didn't succeed. For at least Intel drivers, > iflib assumes that the consumer index and fragment index cursor stay in > lockstep, but this assumption was violated in the face of cluster > allocation failures. > Hi Mark, Thanks for working on this. I can confirm the issue Mellanox has seen in this area is solved by your patch. --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92dc039d-72a0-4b9d-d907-d7e310d09bc9>