Re: octeon: cnmac: KERNEL_INTERRUPT drops into ddb

[Kirill A . Korinsky]

On Fri, 16 Jan 2026 18:01:52 +0100,
Klemens Nanni <k...@openbsd.org> wrote:
> 
> ddb{0}> bt
> cnmac_recv_mbuf+0x134 (77e060040f88a,1,980000000fd97a00,980000000fd979fc)  ra 
> 0xffffffff8132c9fc sp 0x980000000fd979d0, sz 32
> cnmac_recv+0x7c (77e060040f88a,1,980000000fd97a00,7ac0a7ce8aab3e1f)  ra 
> 0xffffffff8132aa2c sp 0x980000000fd979f0, sz 80
> cnmac_intr+0xfc 
> (77e060040f88a,247c372c96c2746a,980000000fd97a00,7ac0a7ce8aab3e1f)  ra 
> 0xffffffff814e3110 sp 0x980000000fd97a40, sz 96
> octciu_intr_bank+0x270 
> (77e060040f88a,247c372c96c2746a,980000000fd97a00,c77a9639b987eb7e)  ra 
> 0xffffffff814e2814 sp 0x980000000fd97aa0, sz 160
> octciu_intr0+0x94 
> (77e060040f88a,247c372c96c2746a,b68846e5d34476ee,c77a9639b987eb7e)  ra 
> 0xffffffff81465648 sp 0x980000000fd97b40, sz 64
> interrupt+0x170 
> (77e060040f88a,434c3cde35ce707c,b68846e5d34476ee,c77a9639b987eb7e)  ra 
> 0xffffffff8137ca14 sp 0x980000000fd97b80, sz 64
> k_intr+0xb4 
> (980000000fd97be8,434c3cde35ce707c,b68846e5d34476ee,ffffffff812ca5a
> c)  ra 0x0 sp 0x980000000fd97bc0, sz 0
> (KERNEL INTERRUPT)
> cpu_idle_cycle_wait+0x4 
> (980000000fd97be8,434c3cde35ce707c,b68846e5d34476ee,ffffffff812ca5ac)  ra 
> 0xffffffff812b2698 sp 0x980000000fd97d40, sz 0
> sched_idle+0x388 
> (980000000fd97be8,434c3cde35ce707c,b68846e5d34476ee,ffffffff812ca5ac)  ra 
> 0xffffffff812ca6dc sp 0x980000000fd97d40, sz 112
> proc_trampoline+0x1c 
> (980000000fd97be8,434c3cde35ce707c,b68846e5d34476ee,ffffffff812ca5ac)  ra 0x0 
> sp 0x980000000fd97db0, sz 0
> User-level: pid 92532


I have a blind shot which may be related, or may be completley unrelated, or
simple wrong.

It reads that if_cnmac aligns RX packet buffers to CACHELINESIZE and
then stores the saved mbuf * in the word immediately before the aligned
address.

It reads that we allign mbuf clusters always at 64-byte, so, a cluster
already aligned to 128 bytes makes that write may land outside the
allocated buffer.

Here, I align the buffer base after reserving space for the back-pointer
so the saved mbuf * always stays within the cluster.

Here a diff where I respect CACHELINESIZE align in mbuf.

Thoughts? Tests? OKs?

Index: sys/arch/octeon/dev/if_cnmac.c
===================================================================
RCS file: /home/cvs/src/sys/arch/octeon/dev/if_cnmac.c,v
diff -u -p -r1.86 if_cnmac.c
--- sys/arch/octeon/dev/if_cnmac.c      20 May 2024 23:13:33 -0000      1.86
+++ sys/arch/octeon/dev/if_cnmac.c      4 Apr 2026 00:11:27 -0000
@@ -356,8 +356,8 @@ cnmac_ipd_init(struct cnmac_softc *sc)
 
        ipd_aa.aa_port = sc->sc_port;
        ipd_aa.aa_regt = sc->sc_regt;
-       ipd_aa.aa_first_mbuff_skip = 0/* XXX */;
-       ipd_aa.aa_not_first_mbuff_skip = 0/* XXX */;
+       ipd_aa.aa_first_mbuff_skip = CACHELINESIZE;
+       ipd_aa.aa_not_first_mbuff_skip = CACHELINESIZE;
        cn30xxipd_init(&ipd_aa, &sc->sc_ipd);
 }
 


-- 
wbr, Kirill