[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Y5g81tvyH6SJg26E@lore-desk>
Date: Tue, 13 Dec 2022 09:50:30 +0100
From: Lorenzo Bianconi <lorenzo@...nel.org>
To: Vladimir Oltean <vladimir.oltean@....com>
Cc: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>,
netdev@...r.kernel.org, claudiu.manoil@....com,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com
Subject: Re: [PATCH v3 net-next 0/2] enetc: unlock XDP_REDIRECT for XDP
non-linear
> On Mon, Dec 12, 2022 at 10:15:31PM +0100, Lorenzo Bianconi wrote:
> > Hi Vladimir,
> >
> > thx for testing. If we perform XDP_REDIRECT with SG XDP frames, the devmap
> > code will always return an error and the driver is responsible to free the
> > pending pages. Looking at the code, can the issue be the following?
> >
> > - enetc_flip_rx_buff() will unmap the page and set rx_swbd->page = NULL if
> > the page is not reusable.
> > - enetc_xdp_free() will not be able to free the page since rx_swbd->page is
> > NULL.
> >
> > What do you think? I am wondering if we have a similar issue for 'linear' XDP
> > buffer as well when xdp_do_redirect() returns an error. What do you think?
>
> A bit more complicated, but that's the gist, yes. Thanks for the hint.
> I was quite sure that this situation does not lead to a leak, because
> even though rx_swbd->page becomes NULL, the reference to it is not lost.
> But wrong I was. Not sure if you pointed out the condition where the
> page is not reusable because that's the only part that's problematic,
> or because you simply didn't notice that enetc_put_rx_buff() makes
> rx_swbd->page = NULL too. In any case, it's normally quite rare for a
> page to not be reusable, yet in this case, the way in which the page
> becomes non reusable is the key to the bug.
>
> Anyway, I've tested your patch set again with that fixed, and also
> submitted the fix here:
> https://patchwork.kernel.org/project/netdevbpf/patch/20221213001908.2347046-1-vladimir.oltean@nxp.com/
>
> It works as it should now. And yes, the issue should also be
> reproducible with single buffer XDP, if we redirect to a devmap which
> doesn't implement ndo_xdp_xmit or is down, for example.
ack, cool now it is fixed. I will repost the series when net-next is open
adding your tested-by.
Regards,
Lorenzo
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists