Use After Free outages due to the ice driver

Solution Verified - Updated -

Issue

  • System is unstable and crashes when processing traffic in different areas due to unexplained memory corruption. Which could be in the skb_shared_info structure or else where. Also corrupts reference counts making them zero leading to different UAF conditions.
  • We are running nginx as a proxy for our storage service on new hardware in a test environment. When turning on our test load generators, the kernel is quickly panicking.
  • dmesg will show page dumped because: nonzero _refcount errors or similar with different backtraces.
  • A vmcore will be generated often as a result of secondary corruption.

Environment

  • Red Hat Enterprise Linux 9.3 and later
  • Intel E810 adapter
    • Red hat Enterprise Linux inbox ice driver
    • NICs have an MTU of 9000
  • High TCP load

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content