HomeFreeBSD
Diffusion FreeBSD src repository d3befb534b9c

LinuxKPI: Queue skbuffs at tail in __skb_queue_tail
d3befb534b9c
Actions

Description

LinuxKPI: Queue skbuffs at tail in __skb_queue_tail

Correct skb_queue_tail to queue the buffer at the tail of the skbuff.
The skbuff is a circular doubly-linked list, and we call with a pointer
to the head of the list. Thus queueing before the head gives us a
queueing at the tail.

As a motivating factor, the current behaviour (queueing at the head) was
causing frequent kernel panics from my RTL8822BE wireless card, which
uses the rtw88 driver. Interrupts can cause buffers to be added to the
rtwdev c2h_queue while the queue is being drained in rtw_c2h_work.
Queueing at the head would leave the nascent entry in the linked list
pointing to the old, now freed, memory for the buffer being processed.
When rtw_c2h_work is next called, we try reading this and so panic.

Reviewed by: emaste, bz
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44192

Details

Provenance
tom_coldrick.ccAuthored on Mar 2 2024, 7:22 PM
emasteCommitted on Mar 4 2024, 2:33 PM
Reviewer
emaste
Differential Revision
D44192: linuxkpi: Queue skbuffs at tail in skb_queue_tail
Parents
rGa725a7a24de5: posix_spawn(3): document POSIX_SPAWN_DISABLE_ASLR_NP
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
compat/
linuxkpi/
common/
include/
linux/

rGd3befb534b9c

View Options

sys/compat/linuxkpi/common/include/linux/skbuff.h

Loading...