| Message ID | 20221212084139.3277913-3-yangyingliang@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f0f596bd75a9d573ca9b587abb39cee0b916bb82 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | mISDN: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() | expand |
On Mon, 2022-12-12 at 16:41 +0800, Yang Yingliang wrote: > It is not allowed to call kfree_skb() or consume_skb() from hardware > interrupt context or with hardware interrupts being disabled. > > skb_queue_purge() is called under spin_lock_irqsave() in hfcpci_l2l1D(), > kfree_skb() is called in it, to fix this, use skb_queue_splice_init() > to move the dch->squeue to a free queue, also enqueue the tx_skb and > rx_skb, at last calling __skb_queue_purge() to free the SKBs afer unlock. > > Fixes: 1700fe1a10dc ("Add mISDN HFC PCI driver") > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> > --- > drivers/isdn/hardware/mISDN/hfcpci.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c b/drivers/isdn/hardware/mISDN/hfcpci.c > index e964a8dd8512..c0331b268010 100644 > --- a/drivers/isdn/hardware/mISDN/hfcpci.c > +++ b/drivers/isdn/hardware/mISDN/hfcpci.c > @@ -1617,16 +1617,19 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb) > test_and_clear_bit(FLG_L2_ACTIVATED, &dch->Flags); > spin_lock_irqsave(&hc->lock, flags); > if (hc->hw.protocol == ISDN_P_NT_S0) { > + struct sk_buff_head free_queue; > + > + __skb_queue_head_init(&free_queue); > /* prepare deactivation */ > Write_hfc(hc, HFCPCI_STATES, 0x40); > - skb_queue_purge(&dch->squeue); > + skb_queue_splice_init(&dch->squeue, &free_queue); > if (dch->tx_skb) { > - dev_kfree_skb(dch->tx_skb); > + __skb_queue_tail(&free_queue, dch->tx_skb); > dch->tx_skb = NULL; > } > dch->tx_idx = 0; > if (dch->rx_skb) { > - dev_kfree_skb(dch->rx_skb); > + __skb_queue_tail(&free_queue, dch->rx_skb); > dch->rx_skb = NULL; > } > test_and_clear_bit(FLG_TX_BUSY, &dch->Flags); > @@ -1639,10 +1642,12 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb) > hc->hw.mst_m &= ~HFCPCI_MASTER; > Write_hfc(hc, HFCPCI_MST_MODE, hc->hw.mst_m); > ret = 0; > + spin_unlock_irqrestore(&hc->lock, flags); > + __skb_queue_purge(&free_queue); > } else { > ret = l1_event(dch->l1, hh->prim); > + spin_unlock_irqrestore(&hc->lock, flags); > } > - spin_unlock_irqrestore(&hc->lock, flags); > break; > } > if (!ret) Looks good to me, though I wonder if we couldn't look at moving the locking so that this code was handled more like patch 3 with the locking only covering the freeing path instead of also having to wrap the l1_event. Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c b/drivers/isdn/hardware/mISDN/hfcpci.c index e964a8dd8512..c0331b268010 100644 --- a/drivers/isdn/hardware/mISDN/hfcpci.c +++ b/drivers/isdn/hardware/mISDN/hfcpci.c @@ -1617,16 +1617,19 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb) test_and_clear_bit(FLG_L2_ACTIVATED, &dch->Flags); spin_lock_irqsave(&hc->lock, flags); if (hc->hw.protocol == ISDN_P_NT_S0) { + struct sk_buff_head free_queue; + + __skb_queue_head_init(&free_queue); /* prepare deactivation */ Write_hfc(hc, HFCPCI_STATES, 0x40); - skb_queue_purge(&dch->squeue); + skb_queue_splice_init(&dch->squeue, &free_queue); if (dch->tx_skb) { - dev_kfree_skb(dch->tx_skb); + __skb_queue_tail(&free_queue, dch->tx_skb); dch->tx_skb = NULL; } dch->tx_idx = 0; if (dch->rx_skb) { - dev_kfree_skb(dch->rx_skb); + __skb_queue_tail(&free_queue, dch->rx_skb); dch->rx_skb = NULL; } test_and_clear_bit(FLG_TX_BUSY, &dch->Flags); @@ -1639,10 +1642,12 @@ hfcpci_l2l1D(struct mISDNchannel *ch, struct sk_buff *skb) hc->hw.mst_m &= ~HFCPCI_MASTER; Write_hfc(hc, HFCPCI_MST_MODE, hc->hw.mst_m); ret = 0; + spin_unlock_irqrestore(&hc->lock, flags); + __skb_queue_purge(&free_queue); } else { ret = l1_event(dch->l1, hh->prim); + spin_unlock_irqrestore(&hc->lock, flags); } - spin_unlock_irqrestore(&hc->lock, flags); break; } if (!ret)
It is not allowed to call kfree_skb() or consume_skb() from hardware interrupt context or with hardware interrupts being disabled. skb_queue_purge() is called under spin_lock_irqsave() in hfcpci_l2l1D(), kfree_skb() is called in it, to fix this, use skb_queue_splice_init() to move the dch->squeue to a free queue, also enqueue the tx_skb and rx_skb, at last calling __skb_queue_purge() to free the SKBs afer unlock. Fixes: 1700fe1a10dc ("Add mISDN HFC PCI driver") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/isdn/hardware/mISDN/hfcpci.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)