Skip to content

kmod: igb_main: Use slow_virt_to_phys() instead of virt_to_phys()#47

Open
MarcinMiklas wants to merge 1 commit intoAvnu:masterfrom
MarcinMiklas:kernel_v6.8_compatibility
Open

kmod: igb_main: Use slow_virt_to_phys() instead of virt_to_phys()#47
MarcinMiklas wants to merge 1 commit intoAvnu:masterfrom
MarcinMiklas:kernel_v6.8_compatibility

Conversation

@MarcinMiklas
Copy link
Contributor

@MarcinMiklas MarcinMiklas commented Dec 18, 2024

In kernel >=v6.8.0 virt_to_phys() returns address which is not usable from userspace. It was working fine in kernels up to v6.7.x.

I failed to find which exactly commit (or maybe kernel config option) causes that change of behaviour. What I understand, neither virt_to_phys() nor slow_virt_to_phys() should be used in drivers for dma transfers, we are triggering dma transfers from userspace which is even more evil.

@MarcinMiklas
kmod: igb_main: Use slow_virt_to_phys() instead of virt_to_phys()
aceb75c 
In kernel >=v6.8.0 virt_to_phys() returns address which is not usable
from userspace. It was working fine in kernels up to v6.7.x.

I failed to find which exactly commit (or maybe kernel config option)
causes that change of behaviour. What I understand, neither
virt_to_phys() nor slow_virt_to_phys() should be used in drivers for dma
transfers, we are triggering dma transfers from userspace which is even
more evil.
@MarcinMiklas
Copy link
Contributor Author

MarcinMiklas commented Dec 19, 2024
edited
Loading

I checked the issue on debian 12 machine (previously I was working on ubuntu 22.04) and problem occurs also on kernel 6.1, so it is rather kernel configuration which causes it. I didn't share the details of the crash before so I am doing it now.

Here is dmesg output:

[ 612.276866] igb_avb 0000:02:00.0 enp2s0: igb: enp2s0 NIC Link is Down
[ 613.985478] igb_avb 0000:02:00.0 enp2s0: igb: enp2s0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
[ 1150.528882] bind to iface 0000:02:00.0
[ 1150.528894] checking against adapter name 0000:02:00.0
[ 1150.528966] openavb_harness: Corrupted page table at address 7f3e515bd000
[ 1150.528971] PGD 8000000031e02067 P4D 8000000031e02067 PUD 31ef2067 PMD 32640067 PTE 80001ad28088d237
[ 1150.528980] Bad pagetable: 000f [#2] PREEMPT SMP PTI
[ 1150.528984] CPU: 1 PID: 5580 Comm: openavb_harness Tainted: G D W OE 6.1.0-28-amd64 #1 Debian 6.1.119-1
[ 1150.528990] Hardware name: FUJITSU D3544-Sx/D3544-Sx, BIOS V5.0.0.13 R1.2.0 for D3544-Sxx 03/29/2018
[ 1150.528993] RIP: 0033:0x7f3e51aeb6fa
[ 1150.528999] Code: 83 ea c0 48 39 fa 72 e8 0f 11 07 0f 11 47 10 0f 11 47 20 0f 11 47 30 c3 0f 1f 84 00 00 00 00 00 40 0f b6 c6 48 89 d1 48 89 fa aa 48 89 d0 c3 66 48 0f 7e c6 83 fa 08 7d 16 83 fa 04 7d 1a 83
[ 1150.529003] RSP: 002b:00007ffc100a8888 EFLAGS: 00010206
[ 1150.529007] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000001000
[ 1150.529010] RDX: 00007f3e515bd000 RSI: 0000000000000000 RDI: 00007f3e515bd000
[ 1150.529012] RBP: 0000564b75e4eb30 R08: 0000564b75e4ebc0 R09: 00001ad28088d000
[ 1150.529015] R10: 00007f3e51a5f000 R11: 00007f3e51aeb640 R12: 0000000000000000
[ 1150.529017] R13: 0000000000000000 R14: 0000000000000004 R15: 00007ffc100a88b0
[ 1150.529020] FS: 00007f3e51640800 GS: 0000000000000000

The issue is triggered from user space in function igb_allocate_queues() which can be found in lib/igb.c file.

Exactly this memset is causing it.
memset((void *)adapter->tx_rings[i].tx_base, 0, ubuf.mmap_size);

@gisburn
Copy link

gisburn commented May 27, 2025

@MarcinMiklas Did you ever find out which kernel config caused this issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MarcinMiklas @gisburn