The current wcn36xx driver didn't handle rx skb allocation failure case.
It only could be triggered when system is in extremly memory shortage
case. King Lawrence <[email protected]> hit it by git clone linux
kernel tree on DragonBoard <1>.
The fixing is not to submit the old rx skb to network upper layer and
reuse it as rx DMA buffer again.
Changes from v2:
* Remove the ugly macro introduced in v2 per comment from Julian Calaby.
* Seperate the DMA int mask register writing as one patch per comment
from Bjorn Andersson.
Changes from v1:
* Move switch block out of while loop.
* Remove the warning of unknown channel because we didn't deal with it.
Fengwei Yin (2):
wcn36xx: handle rx skb allocation failure to avoid system crash
wcn36xx: split DMA mask register writing.
drivers/net/wireless/ath/wcn36xx/dxe.c | 43 +++++++++++++++++-----------------
1 file changed, 22 insertions(+), 21 deletions(-)
--
2.1.4
Lawrence reported that git clone could make system crash on a
Qualcomm ARM soc based device (DragonBoard, 1G memory without
swap) running 64bit Debian.
It's turned out the crash is related with rx skb allocation
failure. git could consume more than 600MB anonymous memory.
And system is in extremely memory shortage case.
But driver didn't handle the rx allocation failure case. This patch
doesn't submit skb to upper layer if rx skb allocation fails.
Instead, it reuse the old skb for rx DMA again. It's more like
drop the packets if system is in memory shortage case.
With this change, git clone is OOMed instead of system crash.
Reported-by: King, Lawrence <[email protected]>
Signed-off-by: Fengwei Yin <[email protected]>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 43 +++++++++++++++++-----------------
1 file changed, 22 insertions(+), 21 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index f8dfa05..473381f 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -474,36 +474,37 @@ static int wcn36xx_rx_handle_packets(struct wcn36xx *wcn,
struct wcn36xx_dxe_desc *dxe = ctl->desc;
dma_addr_t dma_addr;
struct sk_buff *skb;
+ int ret = 0, int_mask;
+ u32 value;
+
+ if (ch->ch_type == WCN36XX_DXE_CH_RX_L) {
+ value = WCN36XX_DXE_CTRL_RX_L;
+ int_mask = WCN36XX_DXE_INT_CH1_MASK;
+ } else {
+ value = WCN36XX_DXE_CTRL_RX_H;
+ int_mask = WCN36XX_DXE_INT_CH3_MASK;
+ }
while (!(dxe->ctrl & WCN36XX_DXE_CTRL_VALID_MASK)) {
skb = ctl->skb;
dma_addr = dxe->dst_addr_l;
- wcn36xx_dxe_fill_skb(wcn->dev, ctl);
-
- switch (ch->ch_type) {
- case WCN36XX_DXE_CH_RX_L:
- dxe->ctrl = WCN36XX_DXE_CTRL_RX_L;
- wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_ENCH_ADDR,
- WCN36XX_DXE_INT_CH1_MASK);
- break;
- case WCN36XX_DXE_CH_RX_H:
- dxe->ctrl = WCN36XX_DXE_CTRL_RX_H;
- wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_ENCH_ADDR,
- WCN36XX_DXE_INT_CH3_MASK);
- break;
- default:
- wcn36xx_warn("Unknown channel\n");
- }
-
- dma_unmap_single(wcn->dev, dma_addr, WCN36XX_PKT_SIZE,
- DMA_FROM_DEVICE);
- wcn36xx_rx_skb(wcn, skb);
+ ret = wcn36xx_dxe_fill_skb(wcn->dev, ctl);
+ if (0 == ret) {
+ /* new skb allocation ok. Use the new one and queue
+ * the old one to network system.
+ */
+ dma_unmap_single(wcn->dev, dma_addr, WCN36XX_PKT_SIZE,
+ DMA_FROM_DEVICE);
+ wcn36xx_rx_skb(wcn, skb);
+ } /* else keep old skb not submitted and use it for rx DMA */
+
+ wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_ENCH_ADDR, int_mask);
+ dxe->ctrl = value;
ctl = ctl->next;
dxe = ctl->desc;
}
ch->head_blk_ctl = ctl;
-
return 0;
}
--
2.1.4
Per comments from Bjorn Andersson <[email protected]>,
split DMA mask register writing as seperate patch in case we need
bi-sect in the furture.
Signed-off-by: Fengwei Yin <[email protected]>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index 473381f..8643801 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -498,11 +498,11 @@ static int wcn36xx_rx_handle_packets(struct wcn36xx *wcn,
wcn36xx_rx_skb(wcn, skb);
} /* else keep old skb not submitted and use it for rx DMA */
- wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_ENCH_ADDR, int_mask);
dxe->ctrl = value;
ctl = ctl->next;
dxe = ctl->desc;
}
+ wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_ENCH_ADDR, int_mask);
ch->head_blk_ctl = ctl;
return 0;
--
2.1.4
On 2016年01月07日 21:05, Kalle Valo wrote:
> Fengwei Yin <[email protected]> writes:
>
>> The current wcn36xx driver didn't handle rx skb allocation failure case.
>> It only could be triggered when system is in extremly memory shortage
>> case. King Lawrence <[email protected]> hit it by git clone linux
>> kernel tree on DragonBoard <1>.
>>
>> The fixing is not to submit the old rx skb to network upper layer and
>> reuse it as rx DMA buffer again.
>>
>> Changes from v2:
>> * Remove the ugly macro introduced in v2 per comment from Julian Calaby.
>> * Seperate the DMA int mask register writing as one patch per comment
>> from Bjorn Andersson.
>>
>> Changes from v1:
>> * Move switch block out of while loop.
>> * Remove the warning of unknown channel because we didn't deal with it.
>>
>> Fengwei Yin (2):
>> wcn36xx: handle rx skb allocation failure to avoid system crash
>> wcn36xx: split DMA mask register writing.
>
> Applied to ath.git, thanks.
>
Thanks a lot.
Regards
Yin, Fengwei
Fengwei Yin <[email protected]> writes:
> The current wcn36xx driver didn't handle rx skb allocation failure case.
> It only could be triggered when system is in extremly memory shortage
> case. King Lawrence <[email protected]> hit it by git clone linux
> kernel tree on DragonBoard <1>.
>
> The fixing is not to submit the old rx skb to network upper layer and
> reuse it as rx DMA buffer again.
>
> Changes from v2:
> * Remove the ugly macro introduced in v2 per comment from Julian Calaby.
> * Seperate the DMA int mask register writing as one patch per comment
> from Bjorn Andersson.
>
> Changes from v1:
> * Move switch block out of while loop.
> * Remove the warning of unknown channel because we didn't deal with it.
>
> Fengwei Yin (2):
> wcn36xx: handle rx skb allocation failure to avoid system crash
> wcn36xx: split DMA mask register writing.
Applied to ath.git, thanks.
--
Kalle Valo