[BUG] Calling onic_tx_clean in onic_rx_poll causes kernel panic when releasing skb during packet reception

[wavymoon]

open-nic-driver/onic_netdev.c

Line 367 in 3de2269

onic_tx_clean(priv->tx_queue[i]);

Why is the transmit cleanup function onic_tx_clean called within the receive function onic_rx_poll? This causes a kernel panic when releasing the skb during packet reception, leading to a complete kernel crash. Kernel version: 4.15.0 ubuntu18.04

[28935.311740] RIP: 0010:__release_sock+0x18/x0x60
[28935.311823] RSP: 0018:ffffc90000a0d398 EFLAGS: 00010202
[28935.311882] RAX: 0000000000000000 RBX: ffff7f103a241500 RCX: 00000000ffffffff
[28935.311899] RDX: 00000000000004a2 RSI: 0000000000000001 RDI: 0000000000001000
[28935.311965] RBP: ffff7f131e000000 R8: 0000000000000009 R9: ffff7f102a401540
[28935.312034] R10: ffff7f131e50f2a8 R11: 0000422e5c58cf R12: 0000000000000000
[28935.312101] R13: 0000000000000000 R14: ffff7f1317173000 R15: ffff7f102a400000
[28935.312167] FS: 0000000000000000 GS: ffff7f13172e0000 RIP: 0000000000000000
[28935.312226] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[28935.312292] CR2: 0000000000000180 CR3: 0000005e2b620000 CR4: 00000000003406e0
[28935.312392] Call Trace:
[28935.312415] /IRQ
[28935.312424] skb_release_head_state+0x3a/0xd0
[28935.312491] skb_release_data+0x112/0x190
[28935.312523] dev_kfree_skb_any+0x2f/0x40
[28935.312576] onic_tx_clean+0xe5/0x150 [onic]
[28935.312659] onic_rx_poll+0x45e/0x950 [onic]
[28935.312701] net_rx_action+0x140/0x380
[28935.312755] __do_softirq+0xe4/0x2d4
[28935.312761] irq_exit+0xc8/0xd0
[28935.312787] do_IRQ+0xc8/0xe0
[28935.312851] common_interrupt+0x90/0x90
[28935.312865]
[28935.312905] RIP: 0010:native_safe_halt+0x0/0x20
[28935.312951] RSP: 0018:ffffc90000a0d5e0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffdb
[28935.314533] RAX: ffffffffffffffff RBX: 0000000000000014 RCX: 0000000000000000
[28935.314533] RDX: 0000000005cbc000 RSI: 0000000000000001 RDI: 0000000000000000
[28935.314533] RBP: ffff9a5988327e00 R8: ffffffffffffffff R9: 0000000000000014
[28935.314533] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[28935.314533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[28935.314533] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[28935.314533] CR2: 0000000000000180
[28935.314533] ---[ end trace 6770010eb2fc2e00 ]---
[28935.314533] kernel panic - not syncing: Fatal exception in interrupt
[28935.314533] Kernel Offset: disabled
[28935.314533] Rebooting in 1 seconds..

[aixiaohua]

I encountered the same issue as well. After removing ionic_tx_clean from rx-poll, the driver appears to work normally.