Re: [PATCH] net/mlx4_en: Fix bpf_prog_add ref_cnt in mlx4

[Daniel Borkmann]

This is a multi-part message in MIME format.
On 11/09/2016 10:45 AM, Zhiyi Sun wrote:
> On Wed, Nov 09, 2016 at 10:05:31AM +0100, Daniel Borkmann wrote:
> > On 11/09/2016 08:35 AM, Zhiyi Sun wrote:
> > > There are rx_ring_num queues. Each queue will load xdp prog. So
> > > bpf_prog_add() should add rx_ring_num to ref_cnt.
> > >
> > > Signed-off-by: Zhiyi Sun <zhiyisun@xxxxxxxxx>
> >
> > Your analysis looks incorrect to me. Please elaborate in more detail why
> > you think current code is buggy ...
>
> Yes, you are correct. My patch is incorrect. It is not a bug.
>
> > Call path is dev_change_xdp_fd(), which does bpf_prog_get_type() on the
> > fd. This already takes a ref and only drops it in case of error. Thus
> > in mlx4_xdp_set(), you only need priv->rx_ring_num - 1 refs for the rest
> > of the rings, so that dropping refs from old_prog makes sure we release
> > it again. Looks correct to me (maybe a comment would have helped there).
>
> I thought mlx4's code is incorrect because in mlx5's driver, function
> mlx5e_xdp_set() calls a pair of bpf_prog_add/put, the number of add and
> put to the refs are same. I didn't notice that one "add" has been called in its
> calller. So, it seems that mlx5's code is incorrect, right?

Yep, I think the two attached patches are needed.

The other thing I noticed in mlx5e_create_rq() is that it calls
bpf_prog_add(rq->xdp_prog, 1) without actually checking for errors.