Re: [net-next v18 5/7] net: mtip: Add mtip_switch_{rx|tx} functions to the L2 switch driver

From: Jakub Kicinski
Date: Fri Aug 15 2025 - 21:34:13 EST

Next message: Jakub Kicinski: "Re: [PATCH net 2/2] microchip: lan865x: fix missing configuration for Rev.B0/B1 as per AN1760"
Previous message: Pu Lehui: "Re: [PATCH 2/2] riscv, bpf: use lw when reading int cpu in bpf_get_smp_processor_id"
In reply to: Lukasz Majewski: "[net-next v18 5/7] net: mtip: Add mtip_switch_{rx|tx} functions to the L2 switch driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 13 Aug 2025 09:07:53 +0200 Lukasz Majewski wrote:
> + page = fep->page[bdp - fep->rx_bd_base];
> + /* Process the incoming frame */
> + pkt_len = bdp->cbd_datlen;
> +
> + dma_sync_single_for_cpu(&fep->pdev->dev, bdp->cbd_bufaddr,
> + pkt_len, DMA_FROM_DEVICE);
> + net_prefetch(page_address(page));
> + data = page_address(page);
> +
> + if (fep->quirks & FEC_QUIRK_SWAP_FRAME)
> + swap_buffer(data, pkt_len);
> +
> + eth_hdr = (struct ethhdr *)data;
> + mtip_atable_get_entry_port_number(fep, eth_hdr->h_source,
> + &rx_port);
> + if (rx_port == MTIP_PORT_FORWARDING_INIT)
> + mtip_atable_dynamicms_learn_migration(fep,
> + mtip_get_time(),
> + eth_hdr->h_source,
> + &rx_port);
> +
> + if ((rx_port == 1 || rx_port == 2) && fep->ndev[rx_port - 1])
> + pndev = fep->ndev[rx_port - 1];
> + else
> + pndev = dev;
> +
> + *port = rx_port;
> +
> + /* This does 16 byte alignment, exactly what we need.
> + * The packet length includes FCS, but we don't want to
> + * include that when passing upstream as it messes up
> + * bridging applications.
> + */
> + skb = netdev_alloc_skb(pndev, pkt_len + NET_IP_ALIGN);
> + if (unlikely(!skb)) {
> + dev_dbg(&fep->pdev->dev,
> + "%s: Memory squeeze, dropping packet.\n",
> + pndev->name);
> + page_pool_recycle_direct(fep->page_pool, page);
> + pndev->stats.rx_dropped++;
> + return -ENOMEM;
> + }
> +
> + skb_reserve(skb, NET_IP_ALIGN);
> + skb_put(skb, pkt_len); /* Make room */
> + skb_copy_to_linear_data(skb, data, pkt_len);
> + skb->protocol = eth_type_trans(skb, pndev);
> + skb->offload_fwd_mark = fep->br_offload;
> + napi_gro_receive(&fep->napi, skb);

The rx buffer circulation is very odd. You seem to pre-allocate buffers
for the full ring from a page_pool. And then copy the data out of those
pages. The normal process is that after packet is received a new page is
allocated to give to HW, and old is attached to an skb, and sent up the
stack.

Also you are releasing the page to be recycled without clearing it from
the ring. I think you'd free it again on shutdown, so it's a
double-free.
--
pw-bot: cr

Next message: Jakub Kicinski: "Re: [PATCH net 2/2] microchip: lan865x: fix missing configuration for Rev.B0/B1 as per AN1760"
Previous message: Pu Lehui: "Re: [PATCH 2/2] riscv, bpf: use lw when reading int cpu in bpf_get_smp_processor_id"
In reply to: Lukasz Majewski: "[net-next v18 5/7] net: mtip: Add mtip_switch_{rx|tx} functions to the L2 switch driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]