Bug 491786 - s2io should check inputs for rx_ring_sz
s2io should check inputs for rx_ring_sz
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.5
All Linux
low Severity low
: rc
: ---
Assigned To: Michal Schmidt
Network QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-23 22:59 EDT by Andrew Hecox
Modified: 2011-07-21 06:27 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-21 06:27:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Hecox 2009-03-23 22:59:04 EDT
for the s2io module, a large enough rx_ring_rz will attempt to claim all memory on the system. A stupid admin <cough, cough> might naively assume rx_ring_sz could take as input the output of ethtool -g's rx ring max. The tx_fifo_sz parameter works exactly this way.

The documentation points out that:

 d. rx_ring_sz
 Size of each receive ring(in 4K blocks)
 Valid range: Limited by memory on system

but this could be a a bit more ... expected. In the vary least, maybe check if the requested rx_ring_sz exceeds current physical memory.

eg:

ahecox@intel-bensley ~ $ sudo ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX:             152400
RX Mini:        0
RX Jumbo:       152400
TX:             8192
Current hardware settings:
RX:             3840
RX Mini:        0
RX Jumbo:       3840
TX:             8192

ahecox@intel-bensley ~ $ sudo rmmod s2io
ahecox@intel-bensley ~ $ modinfo s2io | grep rx
parm:           rx_ring_num:uint
parm:           rx_ring_mode:uint
parm:           rxsync_frequency:uint
parm:           rx_ring_sz:array of uint
ahecox@intel-bensley ~ $ sudo modprobe s2io rx_ring_num=1 rx_ring_sz=152400

Message from syslogd@ at Mon Mar 23 22:48:32 2009 ...
intel-bensley kernel: Unable to handle kernel paging request at 000000011fbdd290 RIP: 
Message from syslogd@ at Mon Mar 23 22:48:32 2009 ...
intel-bensley kernel:  [<ffffffff80021bee>] dma_alloc_coherent+0x2d/0x1ca
Comment 1 Jan Tluka 2009-11-11 08:57:29 EST
Andrew, if you think this is really a bug, please raise these flags: 
rhel‑5.5.0 ?
pm_ack ?
devel_ack ?
qa_ack +

Thanks.
Comment 2 Andrew Hecox 2010-01-06 06:54:31 EST
set (I can't set qa_ack+)
Comment 4 Jon Mason 2010-09-02 18:18:02 EDT
There is a hard limit (due to array size) of the rx_ring_sz to 150 entries.  Currently, the driver will let any value be set, which can cause the memory corruption bug you are seeing.  I should have a fix pushed to mainline shortly.
Comment 5 RHEL Product and Program Management 2011-02-01 12:06:04 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 CAI Qian 2011-02-17 20:49:58 EST
Where are the patches upstream for this to inspect?
Comment 8 Michal Schmidt 2011-02-18 09:02:07 EST
(In reply to comment #7)
> Where are the patches upstream for this to inspect?

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1853e2e15dc95ff3430530941b5856581251ef70
Comment 15 Jarod Wilson 2011-03-23 17:42:58 EDT
Patch(es) available in kernel-2.6.18-250.el5
Detailed testing feedback is always welcomed.
Comment 19 errata-xmlrpc 2011-07-21 06:27:42 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1065.html

Note You need to log in before you can comment on or make changes to this bug.