Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3875234pxb; Tue, 17 Nov 2020 06:00:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJwtg1zX573TyNwSioyyoxbJGkVDW2EOewe23MbGNa1RBe3F+jFoZsNy+Zs/bO5HJTo8kSW5 X-Received: by 2002:a50:d78f:: with SMTP id w15mr21784239edi.227.1605621607382; Tue, 17 Nov 2020 06:00:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605621607; cv=none; d=google.com; s=arc-20160816; b=shijn0p0uJbGhVs5lO1AXg4saOOuwW2HGg1J99jf2A35XsGFxtsKvcPTRIRmZJfc05 1Wr7nuElaie7TQ375gio1sB9T4LV2w7ujuYM9BB3NKOgQ+c0Rl1TMTMHgyxEdYw3V+W8 F3ebbii1mkX/RJbeONJ58jZ9yR/s9+8qjyEWO5/zzgZX7z4KkoxnYwMIDlaqkxu4Xn4S bpytaeosUvvvvLhPjoNdaMyqa6v0h3GN4yt5RnkI7B6R/ONwW0gQ4ta6JwjCrnbz7b9f 3dVEcZMTbCDCI6HaI0K1oc2Ftz6HyeIC0E6NB+ZvwPFplCryTeL026SI11vOofiaukwV mjqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9chGCGlhD4a2ypZlISdGO0HefKSkeqDmtfAdQhBYQ2g=; b=DAMxjPtPcnHnmeOhGK+TVmi4NQNaAtGm2vTS5rGaJ3/S5QmjbONU1XaMx9pP6XYME7 YYFlpgLCALgZaBm5N9cCun4lFrq5AQS9N+NrZklOtfhMhkAtBV9FyEkaIwLase0U2mCz Xac1Fjnq/1VcRjkZ3n8+KQCXtMAlT5Jhe89SzQONIpAiXk8Ihy2uSEQGwlIKry9dig3V eAnMxmHozh/jF4Y6H118r2RisEhLrVF0ouyHw4Y/k+lViDRClgDBaedgXnHM4tM/czdp Z4Vtqnpsl2ge4a6mAXg5ju3j4xhUGlu/jYG9s/gmCLmnETcM+yZkpT9nD5wTSzW1/++j 1b5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MWi7RdAm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b18si1249624ejk.164.2020.11.17.05.59.42; Tue, 17 Nov 2020 06:00:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MWi7RdAm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730988AbgKQN56 (ORCPT + 99 others); Tue, 17 Nov 2020 08:57:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:52214 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730132AbgKQNTM (ORCPT ); Tue, 17 Nov 2020 08:19:12 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9CDF3241A5; Tue, 17 Nov 2020 13:19:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605619152; bh=7nsr5kb4Mg87QTVj2FzIeCIBE5HAB+xkmbAOr4uqwak=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MWi7RdAmZkM+j+30ys00Bsov59+ekZJvMXEbSkl8XHrk6tVMQ7IqCMRNnNy1LX4Re CQCNBsr7pF4aF7Zv8FmiYk9TWT0vWeMLyrXS7Z5iNFYefJPOWbKGHxoYurqH1BRekR UhKQjCGp1CzlOPNKaox/iMWCZ8Q72Kph+lmtLu0Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Marc Kleine-Budde , Sasha Levin Subject: [PATCH 4.19 015/101] can: rx-offload: dont call kfree_skb() from IRQ context Date: Tue, 17 Nov 2020 14:04:42 +0100 Message-Id: <20201117122113.842837991@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201117122113.128215851@linuxfoundation.org> References: <20201117122113.128215851@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Marc Kleine-Budde [ Upstream commit 2ddd6bfe7bdbb6c661835c3ff9cab8e0769940a6 ] A CAN driver, using the rx-offload infrastructure, is reading CAN frames (usually in IRQ context) from the hardware and placing it into the rx-offload queue to be delivered to the networking stack via NAPI. In case the rx-offload queue is full, trying to add more skbs results in the skbs being dropped using kfree_skb(). If done from hard-IRQ context this results in the following warning: [ 682.552693] ------------[ cut here ]------------ [ 682.557360] WARNING: CPU: 0 PID: 3057 at net/core/skbuff.c:650 skb_release_head_state+0x74/0x84 [ 682.566075] Modules linked in: can_raw can coda_vpu flexcan dw_hdmi_ahb_audio v4l2_jpeg imx_vdoa can_dev [ 682.575597] CPU: 0 PID: 3057 Comm: cansend Tainted: G W 5.7.0+ #18 [ 682.583098] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 682.589657] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 682.597423] [] (show_stack) from [] (dump_stack+0xe0/0x114) [ 682.604759] [] (dump_stack) from [] (__warn+0xc0/0x10c) [ 682.611742] [] (__warn) from [] (warn_slowpath_fmt+0x5c/0xc0) [ 682.619248] [] (warn_slowpath_fmt) from [] (skb_release_head_state+0x74/0x84) [ 682.628143] [] (skb_release_head_state) from [] (skb_release_all+0xc/0x24) [ 682.636774] [] (skb_release_all) from [] (kfree_skb+0x74/0x1c8) [ 682.644479] [] (kfree_skb) from [] (can_rx_offload_queue_sorted+0xe0/0xe8 [can_dev]) [ 682.654051] [] (can_rx_offload_queue_sorted [can_dev]) from [] (can_rx_offload_get_echo_skb+0x48/0x94 [can_dev]) [ 682.666007] [] (can_rx_offload_get_echo_skb [can_dev]) from [] (flexcan_irq+0x194/0x5dc [flexcan]) [ 682.676734] [] (flexcan_irq [flexcan]) from [] (__handle_irq_event_percpu+0x4c/0x3ec) [ 682.686322] [] (__handle_irq_event_percpu) from [] (handle_irq_event_percpu+0x2c/0x88) [ 682.695993] [] (handle_irq_event_percpu) from [] (handle_irq_event+0x38/0x5c) [ 682.704887] [] (handle_irq_event) from [] (handle_fasteoi_irq+0xc8/0x180) [ 682.713432] [] (handle_fasteoi_irq) from [] (generic_handle_irq+0x30/0x44) [ 682.722063] [] (generic_handle_irq) from [] (__handle_domain_irq+0x64/0xdc) [ 682.730783] [] (__handle_domain_irq) from [] (gic_handle_irq+0x48/0x9c) [ 682.739158] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98) [ 682.746656] Exception stack(0xe80e9dd8 to 0xe80e9e20) [ 682.751725] 9dc0: 00000001 e80e8000 [ 682.759922] 9de0: e820cf80 00000000 ffffe000 00000000 eaf08fe4 00000000 600d0013 00000000 [ 682.768117] 9e00: c1732e3c c16093a8 e820d4c0 e80e9e28 c018a57c c018b870 600d0013 ffffffff [ 682.776315] [] (__irq_svc) from [] (lock_acquire+0x108/0x4e8) [ 682.783821] [] (lock_acquire) from [] (down_write+0x48/0xa8) [ 682.791242] [] (down_write) from [] (unlink_file_vma+0x24/0x40) [ 682.798922] [] (unlink_file_vma) from [] (free_pgtables+0x34/0xb8) [ 682.806858] [] (free_pgtables) from [] (exit_mmap+0xe4/0x170) [ 682.814361] [] (exit_mmap) from [] (mmput+0x5c/0x110) [ 682.821171] [] (mmput) from [] (do_exit+0x374/0xbe4) [ 682.827892] [] (do_exit) from [] (do_group_exit+0x38/0xb4) [ 682.835132] [] (do_group_exit) from [] (__wake_up_parent+0x0/0x14) [ 682.843063] irq event stamp: 1936 [ 682.846399] hardirqs last enabled at (1935): [] rmqueue+0xf4/0xc64 [ 682.853553] hardirqs last disabled at (1936): [] __irq_svc+0x60/0x98 [ 682.860799] softirqs last enabled at (1878): [] raw_release+0x108/0x1f0 [can_raw] [ 682.869256] softirqs last disabled at (1876): [] release_sock+0x18/0x98 [ 682.876753] ---[ end trace 7bca4751ce44c444 ]--- This patch fixes the problem by replacing the kfree_skb() by dev_kfree_skb_any(), as rx-offload might be called from threaded IRQ handlers as well. Fixes: ca913f1ac024 ("can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak") Fixes: 6caf8a6d6586 ("can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak") Link: http://lore.kernel.org/r/20201019190524.1285319-3-mkl@pengutronix.de Signed-off-by: Marc Kleine-Budde Signed-off-by: Sasha Levin --- drivers/net/can/rx-offload.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/rx-offload.c b/drivers/net/can/rx-offload.c index 5f7e97d54733c..5cf4171df1f42 100644 --- a/drivers/net/can/rx-offload.c +++ b/drivers/net/can/rx-offload.c @@ -281,7 +281,7 @@ int can_rx_offload_queue_sorted(struct can_rx_offload *offload, if (skb_queue_len(&offload->skb_queue) > offload->skb_queue_len_max) { - kfree_skb(skb); + dev_kfree_skb_any(skb); return -ENOBUFS; } @@ -326,7 +326,7 @@ int can_rx_offload_queue_tail(struct can_rx_offload *offload, { if (skb_queue_len(&offload->skb_queue) > offload->skb_queue_len_max) { - kfree_skb(skb); + dev_kfree_skb_any(skb); return -ENOBUFS; } -- 2.27.0