Re: [PATCH net 1/3] bpf, mlx5: fix mlx5e_create_rq taking reference on prog

Mon, 14 Nov 2016 10:27:01 -0800 

Hi Saeed,

On 11/14/2016 07:15 PM, Saeed Mahameed wrote:

On 11/14/2016 02:43 AM, Daniel Borkmann wrote:

In mlx5e_create_rq(), when creating a new queue, we call bpf_prog_add() but
without checking the return value. bpf_prog_add() can fail, so we really


Didn't know this, thanks for noticing, I wonder why taking a reference for an 
object would fail ?
especially when someone is requesting from the driver to take a reference to it 
ndo_xdp_set ?! sounds like a bad design.

Anyway I will check that later.


See 92117d8443bc ("bpf: fix refcnt overflow").


must check it. Take the reference right when we assign it to the rq from
priv->xdp_prog, and just drop the reference on error path. Destruction in
mlx5e_destroy_rq() looks good, though.

Fixes: 86994156c736 ("net/mlx5e: XDP fast RX drop bpf programs support")
Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
---
  drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 14 +++++++++++---
  kernel/bpf/syscall.c                              |  1 +
  2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c 
b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 84e8b25..2b83667 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -489,7 +489,16 @@ static int mlx5e_create_rq(struct mlx5e_channel *c,
        rq->channel = c;
        rq->ix      = c->ix;
        rq->priv    = c->priv;
+
        rq->xdp_prog = priv->xdp_prog;


Why keeping this assignment ? just test priv->xdp_prog.


+       if (rq->xdp_prog) {
+               rq->xdp_prog = bpf_prog_inc(rq->xdp_prog);
+               if (IS_ERR(rq->xdp_prog)) {
+                       err = PTR_ERR(rq->xdp_prog);
+                       rq->xdp_prog = NULL;
+                       goto err_rq_wq_destroy;
+               }
+       }


Try this, simpler and less indentations:

rq->xdp_prog = priv->xdp_prog ? bpf_prog_inc(priv->xdp_prog) : NULL;
if (IS_ERR(rq->xdp_prog)) {
        err = PTR_ERR(rq->xdp_prog);
        rq->xdp_prog = NULL;
        goto err_rq_wq_destroy;
}


Sure, I don't mind. Will do.

Thanks,
Daniel






















					Reply via email to