Re: [PATCH] net: arc_emac: fix arc_emac_rx() error paths

From: Alexander Kochetkov
Date: Tue Dec 19 2017 - 10:50:07 EST

> 19 ÐÐÐ. 2017 Ð., Ð 18:22, David Miller <davem@xxxxxxxxxxxxx> ÐÐÐÐÑÐÐ(Ð):
> From: Alexander Kochetkov <al.kochet@xxxxxxxxx>
> Date: Fri, 15 Dec 2017 20:20:06 +0300
>> arc_emac_rx() has some issues found by code review.
>> In case netdev_alloc_skb_ip_align() or dma_map_single() failure
>> rx fifo entry will not be returned to EMAC.
>> In case dma_map_single() failure previously allocated skb became
>> lost to driver. At the same time address of newly allocated skb
>> will not be provided to EMAC.
>> Signed-off-by: Alexander Kochetkov <al.kochet@xxxxxxxxx>
> This patch adds quite a few bugs, here is one which shows this is not
> functionally tested:

May be I donât understand correctly, but I donât see bug here.

Wrong dma mapping usage should immediately manifest itself (kernel
instability, koops and so on). The patch was tested on rk3188 and work fine for me.
Also I did simulations of netdev_alloc_skb_ip_align() and dma_map_single()
faults and can confirm that new error handling work.

Could someone else with ARC EMAC test the patch? I would be very grateful for the help.
Florian or Eric, can you test it on your hardware?

>> +
>> + /* unmap previosly mapped skb */
>> + dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr),
>> + dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE);
> And then you unmap it. "addr" is the new DMA mapping, not the old one.

The old mapping should be unmapped here. It refer to old skb what contains already
received packet. Because buffer doesnât belong to EMAC anymore.
That old mapping point to old skb buffer. And netif_receive_skb() will be
called for old skb after that.

The new mapping Âaddr" will be unmapped then EMAC receive
new packet. Later by the code (after netif_receive_skb()) there are lines for
saving Âaddr value:

rx_buff->skb = skb;
dma_unmap_addr_set(rx_buff, addr, addr);
dma_unmap_len_set(rx_buff, len, EMAC_BUFFER_SIZE);