Hi Saeed,
On 11/14/2016 07:15 PM, Saeed Mahameed wrote:
On 11/14/2016 02:43 AM, Daniel Borkmann wrote:
In mlx5e_create_rq(), when creating a new queue, we call bpf_prog_add() but
without checking the return value. bpf_prog_add() can fail, so we really
Didn't know this, thanks for noticing, I wonder why taking a reference for an
object would fail ?
especially when someone is requesting from the driver to take a reference to it
ndo_xdp_set ?! sounds like a bad design.
Anyway I will check that later.
See 92117d8443bc ("bpf: fix refcnt overflow").
must check it. Take the reference right when we assign it to the rq from
priv->xdp_prog, and just drop the reference on error path. Destruction in
mlx5e_destroy_rq() looks good, though.
Fixes: 86994156c736 ("net/mlx5e: XDP fast RX drop bpf programs support")
Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 14 +++++++++++---
kernel/bpf/syscall.c | 1 +
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 84e8b25..2b83667 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -489,7 +489,16 @@ static int mlx5e_create_rq(struct mlx5e_channel *c,
rq->channel = c;
rq->ix = c->ix;
rq->priv = c->priv;
+
rq->xdp_prog = priv->xdp_prog;
Why keeping this assignment ? just test priv->xdp_prog.
+ if (rq->xdp_prog) {
+ rq->xdp_prog = bpf_prog_inc(rq->xdp_prog);
+ if (IS_ERR(rq->xdp_prog)) {
+ err = PTR_ERR(rq->xdp_prog);
+ rq->xdp_prog = NULL;
+ goto err_rq_wq_destroy;
+ }
+ }
Try this, simpler and less indentations:
rq->xdp_prog = priv->xdp_prog ? bpf_prog_inc(priv->xdp_prog) : NULL;
if (IS_ERR(rq->xdp_prog)) {
err = PTR_ERR(rq->xdp_prog);
rq->xdp_prog = NULL;
goto err_rq_wq_destroy;
}
Sure, I don't mind. Will do.
Thanks,
Daniel