Comment 0 for bug 1786057

Revision history for this message
bugproxy (bugproxy) wrote :

Description: qeth: don't clobber buffer on async TX completion

Symptom: Failing transmissions on af_iucv HiperTransport socket.

Problem: If qeth_qdio_output_handler() detects that a transmit
              requires async completion, it replaces the pending buffer's
              metadata object (qeth_qdio_out_buffer) so that this queue
              buffer can be re-used while the data is pending completion.
              Later when the CQ indicates async completion of such a
              metadata object, qeth_qdio_cq_handler() tries to free any
              data associated with this object (since HW has now completed
              the transfer). By calling qeth_clear_output_buffer(), it
              erronously operates on the queue buffer that _previously_
              belonged to this transfer ... but which has been potentially
              re-used several times by now. This results in double-free's
              of the buffer's data, and failing transmits as the buffer
              descriptor is scrubbed in mid-air.

Solution: First only scrub the queue buffer when it is prepared
              for re-use, and later obtain the data addresses from
              the async-completion notifier (ie. the AOB), instead
              of the queue buffer.

Reproduction: Heavy multi-connection workload on an af_iucv
              HiperTransport socket.

Upstream-ID: ce28867fd20c23cd769e78b4d619c4755bf71a1c

Kernel 4.18

Will be introduced with kernel 4.18 in Cosmic.
But should also be applied to Bionic and Xenial