From 2770cbe63ff32a8006b7c6ea4e0a16eebd0f0f5f Mon Sep 17 00:00:00 2001 From: Felix Fietkau <nbd@nbd.name> Date: Thu, 26 Jan 2023 20:44:21 +0100 Subject: [PATCH] kernel: add fix for a page pool related crash on GRO Needed for upcoming mt76 page pool support Signed-off-by: Felix Fietkau <nbd@nbd.name> --- ...pool-and-page-referenced-frags-in-GR.patch | 35 +++++++++++++++++++ ...pool-and-page-referenced-frags-in-GR.patch | 35 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 target/linux/generic/pending-5.10/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch create mode 100644 target/linux/generic/pending-5.15/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch diff --git a/target/linux/generic/pending-5.10/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch b/target/linux/generic/pending-5.10/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch new file mode 100644 index 0000000000..5a145abed3 --- /dev/null +++ b/target/linux/generic/pending-5.10/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch @@ -0,0 +1,35 @@ +From: Alexander Duyck <alexanderduyck@fb.com> +Date: Thu, 26 Jan 2023 11:06:59 -0800 +Subject: [PATCH] skb: Do mix page pool and page referenced frags in GRO + +GSO should not merge page pool recycled frames with standard reference +counted frames. Traditionally this didn't occur, at least not often. +However as we start looking at adding support for wireless adapters there +becomes the potential to mix the two due to A-MSDU repartitioning frames in +the receive path. There are possibly other places where this may have +occurred however I suspect they must be few and far between as we have not +seen this issue until now. + +Fixes: 53e0961da1c7 ("page_pool: add frag page recycling support in page pool") +Reported-by: Felix Fietkau <nbd@nbd.name> +Signed-off-by: Alexander Duyck <alexanderduyck@fb.com> +--- + +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -4166,6 +4166,15 @@ int skb_gro_receive(struct sk_buff *p, s + if (unlikely(p->len + len >= 65536 || NAPI_GRO_CB(skb)->flush)) + return -E2BIG; + ++ /* Do not splice page pool based packets w/ non-page pool ++ * packets. This can result in reference count issues as page ++ * pool pages will not decrement the reference count and will ++ * instead be immediately returned to the pool or have frag ++ * count decremented. ++ */ ++ if (p->pp_recycle != skb->pp_recycle) ++ return -ETOOMANYREFS; ++ + lp = NAPI_GRO_CB(p)->last; + pinfo = skb_shinfo(lp); + diff --git a/target/linux/generic/pending-5.15/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch b/target/linux/generic/pending-5.15/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch new file mode 100644 index 0000000000..60c7721df0 --- /dev/null +++ b/target/linux/generic/pending-5.15/750-skb-Do-mix-page-pool-and-page-referenced-frags-in-GR.patch @@ -0,0 +1,35 @@ +From: Alexander Duyck <alexanderduyck@fb.com> +Date: Thu, 26 Jan 2023 11:06:59 -0800 +Subject: [PATCH] skb: Do mix page pool and page referenced frags in GRO + +GSO should not merge page pool recycled frames with standard reference +counted frames. Traditionally this didn't occur, at least not often. +However as we start looking at adding support for wireless adapters there +becomes the potential to mix the two due to A-MSDU repartitioning frames in +the receive path. There are possibly other places where this may have +occurred however I suspect they must be few and far between as we have not +seen this issue until now. + +Fixes: 53e0961da1c7 ("page_pool: add frag page recycling support in page pool") +Reported-by: Felix Fietkau <nbd@nbd.name> +Signed-off-by: Alexander Duyck <alexanderduyck@fb.com> +--- + +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -4348,6 +4348,15 @@ int skb_gro_receive(struct sk_buff *p, s + if (unlikely(p->len + len >= 65536 || NAPI_GRO_CB(skb)->flush)) + return -E2BIG; + ++ /* Do not splice page pool based packets w/ non-page pool ++ * packets. This can result in reference count issues as page ++ * pool pages will not decrement the reference count and will ++ * instead be immediately returned to the pool or have frag ++ * count decremented. ++ */ ++ if (p->pp_recycle != skb->pp_recycle) ++ return -ETOOMANYREFS; ++ + lp = NAPI_GRO_CB(p)->last; + pinfo = skb_shinfo(lp); + -- 2.30.2