Skip to content

Commit 1b704c4

Browse files
haiyangzdavem330
haiyangz
authored and
davem330
committed
hv_netvsc: Fix unwanted wakeup after tx_disable
After queue stopped, the wakeup mechanism may wake it up again when ring buffer usage is lower than a threshold. This may cause send path panic on NULL pointer when we stopped all tx queues in netvsc_detach and start removing the netvsc device. This patch fix it by adding a tx_disable flag to prevent unwanted queue wakeup. Fixes: 7b2ee50 ("hv_netvsc: common detach logic") Reported-by: Mohammed Gamal <mgamal@redhat.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 18bebc6 commit 1b704c4

File tree

3 files changed

+31
-8
lines changed

3 files changed

+31
-8
lines changed

drivers/net/hyperv/hyperv_net.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -987,6 +987,7 @@ struct netvsc_device {
987987

988988
wait_queue_head_t wait_drain;
989989
bool destroy;
990+
bool tx_disable; /* if true, do not wake up queue again */
990991

991992
/* Receive buffer allocated by us but manages by NetVSP */
992993
void *recv_buf;

drivers/net/hyperv/netvsc.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@ static struct netvsc_device *alloc_net_device(void)
110110

111111
init_waitqueue_head(&net_device->wait_drain);
112112
net_device->destroy = false;
113+
net_device->tx_disable = false;
113114

114115
net_device->max_pkt = RNDIS_MAX_PKT_DEFAULT;
115116
net_device->pkt_align = RNDIS_PKT_ALIGN_DEFAULT;
@@ -719,7 +720,7 @@ static void netvsc_send_tx_complete(struct net_device *ndev,
719720
} else {
720721
struct netdev_queue *txq = netdev_get_tx_queue(ndev, q_idx);
721722

722-
if (netif_tx_queue_stopped(txq) &&
723+
if (netif_tx_queue_stopped(txq) && !net_device->tx_disable &&
723724
(hv_get_avail_to_write_percent(&channel->outbound) >
724725
RING_AVAIL_PERCENT_HIWATER || queue_sends < 1)) {
725726
netif_tx_wake_queue(txq);
@@ -874,7 +875,8 @@ static inline int netvsc_send_pkt(
874875
} else if (ret == -EAGAIN) {
875876
netif_tx_stop_queue(txq);
876877
ndev_ctx->eth_stats.stop_queue++;
877-
if (atomic_read(&nvchan->queue_sends) < 1) {
878+
if (atomic_read(&nvchan->queue_sends) < 1 &&
879+
!net_device->tx_disable) {
878880
netif_tx_wake_queue(txq);
879881
ndev_ctx->eth_stats.wake_queue++;
880882
ret = -ENOSPC;

drivers/net/hyperv/netvsc_drv.c

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,15 @@ static void netvsc_set_rx_mode(struct net_device *net)
109109
rcu_read_unlock();
110110
}
111111

112+
static void netvsc_tx_enable(struct netvsc_device *nvscdev,
113+
struct net_device *ndev)
114+
{
115+
nvscdev->tx_disable = false;
116+
virt_wmb(); /* ensure queue wake up mechanism is on */
117+
118+
netif_tx_wake_all_queues(ndev);
119+
}
120+
112121
static int netvsc_open(struct net_device *net)
113122
{
114123
struct net_device_context *ndev_ctx = netdev_priv(net);
@@ -129,7 +138,7 @@ static int netvsc_open(struct net_device *net)
129138
rdev = nvdev->extension;
130139
if (!rdev->link_state) {
131140
netif_carrier_on(net);
132-
netif_tx_wake_all_queues(net);
141+
netvsc_tx_enable(nvdev, net);
133142
}
134143

135144
if (vf_netdev) {
@@ -184,6 +193,17 @@ static int netvsc_wait_until_empty(struct netvsc_device *nvdev)
184193
}
185194
}
186195

196+
static void netvsc_tx_disable(struct netvsc_device *nvscdev,
197+
struct net_device *ndev)
198+
{
199+
if (nvscdev) {
200+
nvscdev->tx_disable = true;
201+
virt_wmb(); /* ensure txq will not wake up after stop */
202+
}
203+
204+
netif_tx_disable(ndev);
205+
}
206+
187207
static int netvsc_close(struct net_device *net)
188208
{
189209
struct net_device_context *net_device_ctx = netdev_priv(net);
@@ -192,7 +212,7 @@ static int netvsc_close(struct net_device *net)
192212
struct netvsc_device *nvdev = rtnl_dereference(net_device_ctx->nvdev);
193213
int ret;
194214

195-
netif_tx_disable(net);
215+
netvsc_tx_disable(nvdev, net);
196216

197217
/* No need to close rndis filter if it is removed already */
198218
if (!nvdev)
@@ -920,7 +940,7 @@ static int netvsc_detach(struct net_device *ndev,
920940

921941
/* If device was up (receiving) then shutdown */
922942
if (netif_running(ndev)) {
923-
netif_tx_disable(ndev);
943+
netvsc_tx_disable(nvdev, ndev);
924944

925945
ret = rndis_filter_close(nvdev);
926946
if (ret) {
@@ -1908,7 +1928,7 @@ static void netvsc_link_change(struct work_struct *w)
19081928
if (rdev->link_state) {
19091929
rdev->link_state = false;
19101930
netif_carrier_on(net);
1911-
netif_tx_wake_all_queues(net);
1931+
netvsc_tx_enable(net_device, net);
19121932
} else {
19131933
notify = true;
19141934
}
@@ -1918,7 +1938,7 @@ static void netvsc_link_change(struct work_struct *w)
19181938
if (!rdev->link_state) {
19191939
rdev->link_state = true;
19201940
netif_carrier_off(net);
1921-
netif_tx_stop_all_queues(net);
1941+
netvsc_tx_disable(net_device, net);
19221942
}
19231943
kfree(event);
19241944
break;
@@ -1927,7 +1947,7 @@ static void netvsc_link_change(struct work_struct *w)
19271947
if (!rdev->link_state) {
19281948
rdev->link_state = true;
19291949
netif_carrier_off(net);
1930-
netif_tx_stop_all_queues(net);
1950+
netvsc_tx_disable(net_device, net);
19311951
event->event = RNDIS_STATUS_MEDIA_CONNECT;
19321952
spin_lock_irqsave(&ndev_ctx->lock, flags);
19331953
list_add(&event->list, &ndev_ctx->reconfig_events);

0 commit comments

Comments
 (0)