Bug 491786 - s2io should check inputs for rx_ring_sz
s2io should check inputs for rx_ring_sz
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Michal Schmidt
Network QE
Depends On:
  Show dependency treegraph
Reported: 2009-03-23 22:59 EDT by Andrew Hecox
Modified: 2011-07-21 06:27 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-07-21 06:27:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew Hecox 2009-03-23 22:59:04 EDT
for the s2io module, a large enough rx_ring_rz will attempt to claim all memory on the system. A stupid admin <cough, cough> might naively assume rx_ring_sz could take as input the output of ethtool -g's rx ring max. The tx_fifo_sz parameter works exactly this way.

The documentation points out that:

 d. rx_ring_sz
 Size of each receive ring(in 4K blocks)
 Valid range: Limited by memory on system

but this could be a a bit more ... expected. In the vary least, maybe check if the requested rx_ring_sz exceeds current physical memory.


ahecox@intel-bensley ~ $ sudo ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             152400
RX Mini:        0
RX Jumbo:       152400
TX:             8192
Current hardware settings:
RX:             3840
RX Mini:        0
RX Jumbo:       3840
TX:             8192

ahecox@intel-bensley ~ $ sudo rmmod s2io
ahecox@intel-bensley ~ $ modinfo s2io | grep rx
parm:           rx_ring_num:uint
parm:           rx_ring_mode:uint
parm:           rxsync_frequency:uint
parm:           rx_ring_sz:array of uint
ahecox@intel-bensley ~ $ sudo modprobe s2io rx_ring_num=1 rx_ring_sz=152400

Message from syslogd@ at Mon Mar 23 22:48:32 2009 ...
intel-bensley kernel: Unable to handle kernel paging request at 000000011fbdd290 RIP: 
Message from syslogd@ at Mon Mar 23 22:48:32 2009 ...
intel-bensley kernel:  [<ffffffff80021bee>] dma_alloc_coherent+0x2d/0x1ca
Comment 1 Jan Tluka 2009-11-11 08:57:29 EST
Andrew, if you think this is really a bug, please raise these flags: 
rhel‑5.5.0 ?
pm_ack ?
devel_ack ?
qa_ack +

Comment 2 Andrew Hecox 2010-01-06 06:54:31 EST
set (I can't set qa_ack+)
Comment 4 Jon Mason 2010-09-02 18:18:02 EDT
There is a hard limit (due to array size) of the rx_ring_sz to 150 entries.  Currently, the driver will let any value be set, which can cause the memory corruption bug you are seeing.  I should have a fix pushed to mainline shortly.
Comment 5 RHEL Product and Program Management 2011-02-01 12:06:04 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 7 CAI Qian 2011-02-17 20:49:58 EST
Where are the patches upstream for this to inspect?
Comment 8 Michal Schmidt 2011-02-18 09:02:07 EST
(In reply to comment #7)
> Where are the patches upstream for this to inspect?

Comment 15 Jarod Wilson 2011-03-23 17:42:58 EDT
Patch(es) available in kernel-2.6.18-250.el5
Detailed testing feedback is always welcomed.
Comment 19 errata-xmlrpc 2011-07-21 06:27:42 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.