From 294e62bebf36f873fd083d2fe8edd78919dda4e8 Mon Sep 17 00:00:00 2001 From: Alexander Motin Date: Tue, 16 Feb 2021 21:15:28 -0500 Subject: [PATCH] cxgbe(4): Save proper zone index on low memory in refill_fl(). When refill_fl() fails to allocate large (9/16KB) mbuf cluster, it falls back to safe (4KB) ones. But it still saved into sd->zidx the original fl->zidx instead of fl->safe_zidx. It caused problems with the later use of that cluster, including memory and/or data corruption. While there, make refill_fl() to use the safe zone for all following clusters for the call, since it is unlikely that large succeed. MFC after: 3 days Sponsored by: iXsystems, Inc. Reviewed by: np, jhb Differential Revision: https://reviews.freebsd.org/D28716 --- sys/dev/cxgbe/t4_sge.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c index 45f07358f0db..d16f17c45614 100644 --- a/sys/dev/cxgbe/t4_sge.c +++ b/sys/dev/cxgbe/t4_sge.c @@ -4524,7 +4524,7 @@ refill_fl(struct adapter *sc, struct sge_fl *fl, int n) caddr_t cl; struct rx_buf_info *rxb; struct cluster_metadata *clm; - uint16_t max_pidx; + uint16_t max_pidx, zidx = fl->zidx; uint16_t hw_cidx = fl->hw_cidx; /* stable snapshot */ FL_LOCK_ASSERT_OWNED(fl); @@ -4540,6 +4540,7 @@ refill_fl(struct adapter *sc, struct sge_fl *fl, int n) d = &fl->desc[fl->pidx]; sd = &fl->sdesc[fl->pidx]; + rxb = &sc->sge.rx_buf_info[zidx]; while (n > 0) { @@ -4573,11 +4574,11 @@ refill_fl(struct adapter *sc, struct sge_fl *fl, int n) sd->cl = NULL; /* gave up my reference */ } MPASS(sd->cl == NULL); - rxb = &sc->sge.rx_buf_info[fl->zidx]; cl = uma_zalloc(rxb->zone, M_NOWAIT); if (__predict_false(cl == NULL)) { - if (fl->zidx != fl->safe_zidx) { - rxb = &sc->sge.rx_buf_info[fl->safe_zidx]; + if (zidx != fl->safe_zidx) { + zidx = fl->safe_zidx; + rxb = &sc->sge.rx_buf_info[zidx]; cl = uma_zalloc(rxb->zone, M_NOWAIT); } if (cl == NULL) @@ -4588,7 +4589,7 @@ refill_fl(struct adapter *sc, struct sge_fl *fl, int n) pa = pmap_kextract((vm_offset_t)cl); sd->cl = cl; - sd->zidx = fl->zidx; + sd->zidx = zidx; if (fl->flags & FL_BUF_PACKING) { *d = htobe64(pa | rxb->hwidx2);