The branch main has been updated by ambrisko:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1c9c4a25e600bcfad3eec891d43221b55ddf7e19
commit 1c9c4a25e600bcfad3eec891d43221b55ddf7e19
Author: Doug Ambrisko <ambri...@freebsd.org>
AuthorDate: 2025-03-03 20:46:15 +0000
Commit: Doug Ambrisko <ambri...@freebsd.org>
CommitDate: 2025-03-03 20:49:01 +0000
enic: fix potential panic due to not understanding what iflib had allocated
For safety I was trying to clear out the descriptor but the full descriptor
was not allocated. Remove any code trying to do that so the same mistake
won't be made. This was found when looking to MFC the prior change
and having the loader, load the module.
Remove cq->ntxqsets since the completion queue is part of the RX and TX sets
---
sys/dev/enic/if_enic.c | 19 ++++++++-----------
sys/dev/enic/vnic_cq.c | 2 --
sys/dev/enic/vnic_cq.h | 4 ----
sys/dev/enic/vnic_dev.c | 9 ++-------
sys/dev/enic/vnic_dev.h | 1 -
sys/dev/enic/vnic_rq.c | 2 --
sys/dev/enic/vnic_wq.c | 6 ++----
7 files changed, 12 insertions(+), 31 deletions(-)
diff --git a/sys/dev/enic/if_enic.c b/sys/dev/enic/if_enic.c
index 26776244778e..35620fece6bf 100644
--- a/sys/dev/enic/if_enic.c
+++ b/sys/dev/enic/if_enic.c
@@ -494,8 +494,7 @@ enic_attach_pre(if_ctx_t ctx)
ifmedia_add(softc->media, IFM_ETHER | IFM_10_FL, 0, NULL);
/*
- * Allocate the CQ here since TX is called first before RX for now
- * assume RX and TX are the same
+ * Allocate the CQ here since TX is called first before RX.
*/
if (softc->enic.cq == NULL)
softc->enic.cq = malloc(sizeof(struct vnic_cq) *
@@ -504,8 +503,6 @@ enic_attach_pre(if_ctx_t ctx)
if (softc->enic.cq == NULL)
return (ENOMEM);
- softc->enic.cq->ntxqsets = softc->enic.wq_count + softc->enic.rq_count;
-
/*
* Allocate the consistent memory for stats and counters upfront so
* both primary and secondary processes can access them.
@@ -735,7 +732,7 @@ enic_tx_queues_alloc(if_ctx_t ctx, caddr_t * vaddrs,
uint64_t * paddrs,
for (q = 0; q < ntxqsets; q++) {
struct vnic_wq *wq;
struct vnic_cq *cq;
- unsigned int cq_wq;
+ unsigned int cq_wq;
wq = &softc->enic.wq[q];
cq_wq = enic_cq_wq(&softc->enic, q);
@@ -755,7 +752,6 @@ enic_tx_queues_alloc(if_ctx_t ctx, caddr_t * vaddrs,
uint64_t * paddrs,
wq->head_idx = 0;
wq->tail_idx = 0;
- wq->ring.size = wq->ring.desc_count * wq->ring.desc_size;
wq->ring.descs = vaddrs[q * ntxqs + 0];
wq->ring.base_addr = paddrs[q * ntxqs + 0];
@@ -768,7 +764,6 @@ enic_tx_queues_alloc(if_ctx_t ctx, caddr_t * vaddrs,
uint64_t * paddrs,
cq->ring.desc_count = softc->scctx->isc_ntxd[q];
cq->ring.desc_avail = cq->ring.desc_count - 1;
- cq->ring.size = cq->ring.desc_count * cq->ring.desc_size;
cq->ring.descs = vaddrs[q * ntxqs + 1];
cq->ring.base_addr = paddrs[q * ntxqs + 1];
@@ -824,7 +819,6 @@ enic_rx_queues_alloc(if_ctx_t ctx, caddr_t * vaddrs,
uint64_t * paddrs,
cq->ring.desc_count = softc->scctx->isc_nrxd[1];
cq->ring.desc_avail = cq->ring.desc_count - 1;
- cq->ring.size = cq->ring.desc_count * cq->ring.desc_size;
cq->ring.descs = vaddrs[q * nrxqs + 0];
cq->ring.base_addr = paddrs[q * nrxqs + 0];
@@ -840,7 +834,6 @@ enic_rx_queues_alloc(if_ctx_t ctx, caddr_t * vaddrs,
uint64_t * paddrs,
rq->ring.desc_count = softc->scctx->isc_nrxd[0];
rq->ring.desc_avail = rq->ring.desc_count - 1;
- rq->ring.size = rq->ring.desc_count * rq->ring.desc_size;
rq->ring.descs = vaddrs[q * nrxqs + 1];
rq->ring.base_addr = paddrs[q * nrxqs + 1];
rq->need_initial_post = true;
@@ -1241,7 +1234,9 @@ enic_setup_txq_sysctl(struct vnic_wq *wq, int i, struct
sysctl_ctx_list *ctx,
{
struct sysctl_oid *txsnode;
struct sysctl_oid_list *txslist;
- struct vnic_stats *stats = wq[i].vdev->stats;
+ struct vnic_stats *stats;
+
+ stats = wq[i].vdev->stats;
txsnode = SYSCTL_ADD_NODE(ctx, child, OID_AUTO, "hstats",
CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, "Host Statistics");
@@ -1277,7 +1272,9 @@ enic_setup_rxq_sysctl(struct vnic_rq *rq, int i, struct
sysctl_ctx_list *ctx,
{
struct sysctl_oid *rxsnode;
struct sysctl_oid_list *rxslist;
- struct vnic_stats *stats = rq[i].vdev->stats;
+ struct vnic_stats *stats;
+
+ stats = rq[i].vdev->stats;
rxsnode = SYSCTL_ADD_NODE(ctx, child, OID_AUTO, "hstats",
CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, "Host Statistics");
diff --git a/sys/dev/enic/vnic_cq.c b/sys/dev/enic/vnic_cq.c
index 72de29e5a381..bd3629530a61 100644
--- a/sys/dev/enic/vnic_cq.c
+++ b/sys/dev/enic/vnic_cq.c
@@ -40,6 +40,4 @@ void vnic_cq_clean(struct vnic_cq *cq)
ENIC_BUS_WRITE_4(cq->ctrl, CQ_HEAD, 0);
ENIC_BUS_WRITE_4(cq->ctrl, CQ_TAIL, 0);
ENIC_BUS_WRITE_4(cq->ctrl, CQ_TAIL_COLOR, 1);
-
- vnic_dev_clear_desc_ring(&cq->ring);
}
diff --git a/sys/dev/enic/vnic_cq.h b/sys/dev/enic/vnic_cq.h
index b4549ee58c64..7f875d57ed74 100644
--- a/sys/dev/enic/vnic_cq.h
+++ b/sys/dev/enic/vnic_cq.h
@@ -71,10 +71,6 @@ struct vnic_cq {
unsigned int tobe_rx_coal_timeval;
ktime_t prev_ts;
#endif
- int ntxqsets;
- int nrxqsets;
- int ntxqsets_start;
- int nrxqsets_start;
};
void vnic_cq_init(struct vnic_cq *cq, unsigned int flow_control_enable,
diff --git a/sys/dev/enic/vnic_dev.c b/sys/dev/enic/vnic_dev.c
index 2d555cb2b34d..a8228aed69aa 100644
--- a/sys/dev/enic/vnic_dev.c
+++ b/sys/dev/enic/vnic_dev.c
@@ -168,17 +168,12 @@ unsigned int vnic_dev_desc_ring_size(struct vnic_dev_ring
*ring,
ring->desc_size = VNIC_ALIGN(desc_size, desc_align);
- ring->size = ring->desc_count * ring->desc_size;
- ring->size_unaligned = ring->size + ring->base_align;
+ ring->size_unaligned = ring->desc_count * ring->desc_size \
+ + ring->base_align;
return ring->size_unaligned;
}
-void vnic_dev_clear_desc_ring(struct vnic_dev_ring *ring)
-{
- memset(ring->descs, 0, ring->size);
-}
-
static int _vnic_dev_cmd(struct vnic_dev *vdev, enum vnic_devcmd_cmd cmd,
int wait)
{
diff --git a/sys/dev/enic/vnic_dev.h b/sys/dev/enic/vnic_dev.h
index 5e2d01d985f3..66583f4d278d 100644
--- a/sys/dev/enic/vnic_dev.h
+++ b/sys/dev/enic/vnic_dev.h
@@ -69,7 +69,6 @@ unsigned long vnic_dev_get_res_type_len(struct vnic_dev *vdev,
enum vnic_res_type type);
unsigned int vnic_dev_desc_ring_size(struct vnic_dev_ring *ring,
unsigned int desc_count, unsigned int desc_size);
-void vnic_dev_clear_desc_ring(struct vnic_dev_ring *ring);
int vnic_dev_alloc_desc_ring(struct vnic_dev *vdev, struct vnic_dev_ring *ring,
unsigned int desc_count, unsigned int desc_size);
void vnic_dev_free_desc_ring(struct vnic_dev *vdev,
diff --git a/sys/dev/enic/vnic_rq.c b/sys/dev/enic/vnic_rq.c
index ef30563fa2f3..4c02347579b1 100644
--- a/sys/dev/enic/vnic_rq.c
+++ b/sys/dev/enic/vnic_rq.c
@@ -93,6 +93,4 @@ void vnic_rq_clean(struct vnic_rq *rq)
}
ENIC_BUS_WRITE_4(rq->ctrl, RX_POSTED_INDEX, fetch_index);
-
- vnic_dev_clear_desc_ring(&rq->ring);
}
diff --git a/sys/dev/enic/vnic_wq.c b/sys/dev/enic/vnic_wq.c
index 995af3270a21..1d3120798798 100644
--- a/sys/dev/enic/vnic_wq.c
+++ b/sys/dev/enic/vnic_wq.c
@@ -37,9 +37,9 @@ int vnic_dev_alloc_desc_ring(struct vnic_dev *vdev,
ring->last_count = 0;
ring->desc_avail = ring->desc_count - 1;
- ring->size = ring->desc_count * ring->desc_size;
ring->base_align = 512;
- ring->size_unaligned = ring->size + ring->base_align;
+ ring->size_unaligned = ring->desc_count * ring->desc_size \
+ + ring->base_align;
return (err);
@@ -180,6 +180,4 @@ void vnic_wq_clean(struct vnic_wq *wq)
ENIC_BUS_WRITE_4(wq->ctrl, TX_FETCH_INDEX, 0);
ENIC_BUS_WRITE_4(wq->ctrl, TX_POSTED_INDEX, 0);
ENIC_BUS_WRITE_4(wq->ctrl, TX_ERROR_STATUS, 0);
-
- vnic_dev_clear_desc_ring(&wq->ring);
}
