Re: [PATCH] net/mlx5e: fix bpf_prog refcnt leaks in mlx5e_alloc_rq
From: Saeed Mahameed
Date: Wed Jul 29 2020 - 15:02:24 EST
On Wed, 2020-07-29 at 20:33 +0800, Xin Xiong wrote:
> The function invokes bpf_prog_inc(), which increases the refcount of
> a
> bpf_prog object "rq->xdp_prog" if the object isn't NULL.
>
> The refcount leak issues take place in two error handling paths. When
> mlx5_wq_ll_create() or mlx5_wq_cyc_create() fails, the function
> simply
> returns the error code and forgets to drop the refcount increased
> earlier, causing a refcount leak of "rq->xdp_prog".
>
> Fix this issue by jumping to the error handling path
> err_rq_wq_destroy
> when either function fails.
>
Fixes: 422d4c401edd ("net/mlx5e: RX, Split WQ objects for different RQ
types")
>
> Signed-off-by: Xin Xiong <xiongx18@xxxxxxxxxxxx>
> Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
> ---
> drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
> b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
> index a836a02a2116..8e1b1ab416d8 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
> @@ -419,7 +419,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel
> *c,
> err = mlx5_wq_ll_create(mdev, &rqp->wq, rqc_wq, &rq-
> >mpwqe.wq,
> &rq->wq_ctrl);
> if (err)
> - return err;
> + goto err_rq_wq_destroy;
>
> rq->mpwqe.wq.db = &rq->mpwqe.wq.db[MLX5_RCV_DBR];
>
> @@ -470,7 +470,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel
> *c,
> err = mlx5_wq_cyc_create(mdev, &rqp->wq, rqc_wq, &rq-
> >wqe.wq,
> &rq->wq_ctrl);
> if (err)
> - return err;
> + goto err_rq_wq_destroy;
>
> rq->wqe.wq.db = &rq->wqe.wq.db[MLX5_RCV_DBR];
>