Public bug reported:
Description: qeth: don't clobber buffer on async TX completion
Symptom: Failing transmissions on af_iucv HiperTransport socket.
Problem: If qeth_qdio_output_handler() detects that a transmit
requires async completion, it replaces the pending buffer's
metadata object (qeth_qdio_out_buffer) so that this queue
buffer can be re-used while the data is pending completion.
Later when the CQ indicates async completion of such a
metadata object, qeth_qdio_cq_handler() tries to free any
data associated with this object (since HW has now completed
the transfer). By calling qeth_clear_output_buffer(), it
erronously operates on the queue buffer that _previously_
belonged to this transfer ... but which has been potentially
re-used several times by now. This results in double-free's
of the buffer's data, and failing transmits as the buffer
descriptor is scrubbed in mid-air.
Solution: First only scrub the queue buffer when it is prepared
for re-use, and later obtain the data addresses from
the async-completion notifier (ie. the AOB), instead
of the queue buffer.
Reproduction: Heavy multi-connection workload on an af_iucv
HiperTransport socket.
Upstream-ID: ce28867fd20c23cd769e78b4d619c4755bf71a1c
Kernel 4.18
Will be introduced with kernel 4.18 in Cosmic.
But should also be applied to Bionic and Xenial
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-170402 severity-high
targetmilestone-inin1804
** Tags added: architecture-s39064 bugnameltc-170402 severity-high
targetmilestone-inin1804
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1786057
Title:
qeth: don't clobber buffer on async TX completion
Status in linux package in Ubuntu:
New
Bug description:
Description: qeth: don't clobber buffer on async TX completion
Symptom: Failing transmissions on af_iucv HiperTransport socket.
Problem: If qeth_qdio_output_handler() detects that a transmit
requires async completion, it replaces the pending buffer's
metadata object (qeth_qdio_out_buffer) so that this queue
buffer can be re-used while the data is pending completion.
Later when the CQ indicates async completion of such a
metadata object, qeth_qdio_cq_handler() tries to free any
data associated with this object (since HW has now completed
the transfer). By calling qeth_clear_output_buffer(), it
erronously operates on the queue buffer that _previously_
belonged to this transfer ... but which has been potentially
re-used several times by now. This results in double-free's
of the buffer's data, and failing transmits as the buffer
descriptor is scrubbed in mid-air.
Solution: First only scrub the queue buffer when it is prepared
for re-use, and later obtain the data addresses from
the async-completion notifier (ie. the AOB), instead
of the queue buffer.
Reproduction: Heavy multi-connection workload on an af_iucv
HiperTransport socket.
Upstream-ID: ce28867fd20c23cd769e78b4d619c4755bf71a1c
Kernel 4.18
Will be introduced with kernel 4.18 in Cosmic.
But should also be applied to Bionic and Xenial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1786057/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
