igb diver crashes in head at 241037

Jack Vogel jfvogel at gmail.com
Tue Nov 20 17:19:56 UTC 2012 

On Tue, Nov 20, 2012 at 3:18 AM, Gleb Smirnoff <glebius at freebsd.org> wrote:

>   Karim,
>
> On Mon, Nov 19, 2012 at 02:57:24PM -0500, Karim Fodil-Lemelin wrote:
> K> While testing the latest igb driver in CURRENT I came across an issue
> K> with igb_mq_start(). More specifically this code:
> K>
> K> ...
> K>
> K>          struct mbuf *pm = NULL;
> K>          /*
> K>          ** Try to queue first to avoid
> K>          ** out-of-order delivery, but
> K>          ** settle for it if that fails
> K>          */
> K>          if (m && drbr_enqueue(ifp, txr->br, m))
> K>              pm = m;
> K>          err = igb_mq_start_locked(ifp, txr, pm);
> K>
> K> ...
> K>
> K>
> K> The problem comes from the fact that drbr_enqueue() can return an error
> K> and delete the mbuf as seen in drbr_enqueue():
> K>
> K> ...
> K> error = buf_ring_enqueue(br, m);
> K>      if (error)
> K>          m_freem(m);
> K> ...
>
> Good catch!
>
> K> diff --git a/sys/dev/e1000/if_igb.c b/sys/dev/e1000/if_igb.c
> K> index 1318910..be1719a 100644
> K> --- a/sys/dev/e1000/if_igb.c
> K> +++ b/sys/dev/e1000/if_igb.c
> K> @@ -961,15 +961,7 @@ igb_mq_start(struct ifnet *ifp, struct mbuf *m)
> K>      que = &adapter->queues[i];
> K>      if (((txr->queue_status & IGB_QUEUE_DEPLETED) == 0) &&
> K>          IGB_TX_TRYLOCK(txr)) {
> K> -            struct mbuf *pm = NULL;
> K> -            /*
> K> -            ** Try to queue first to avoid
> K> -            ** out-of-order delivery, but
> K> -            ** settle for it if that fails
> K> -            */
> K> -            if (m && drbr_enqueue(ifp, txr->br, m))
> K> -                    pm = m;
> K> -            err = igb_mq_start_locked(ifp, txr, pm);
> K> +            err = igb_mq_start_locked(ifp, txr, m);
> K>              IGB_TX_UNLOCK(txr);
> K>      } else {
> K>              err = drbr_enqueue(ifp, txr->br, m);
>
> Well, the idea to prevent out-of-order delivery is important. TCP
> suffers a lot when this happens.
>
> I'd suggest the following code:
>
>                 if (m)
>                         drbr_enqueue(ifp, txr->br, m);
>                 err = igb_mq_start_locked(ifp, txr, NULL);
>
> Which eventually leads us to all invocations of igb_mq_start_locked()
> called
> with third argument as NULL. This allows us to simplify this function.
>
> Patch for review attached.
>
>
Yes Gleb, I already have code in my internal tree which simply removes an
mbuf
pointer form the start_locked call and ALWAYS does a dequeue, start
similarly
will always enqueue. I just have been busy with ixgbe for a bit and have
not gotten
it committed yet.

Jack

More information about the freebsd-net mailing list