On Tue, Aug 11, 2020 at 11:14 AM <sdf@xxxxxxxxxx> wrote:
>
> On 07/21, Andrii Nakryiko wrote:
> > Further refactor XDP attachment code. dev_change_xdp_fd() is split into
> > two
> > parts: getting bpf_progs from FDs and attachment logic, working with
> > bpf_progs. This makes attachment logic a bit more straightforward and
> > prepares code for bpf_xdp_link inclusion, which will share the common
> > logic.
> It looks like this patch breaks xdp tests for me:
> * test_xdping.sh
> * test_xdp_vlan.sh
>
> Can you please verify on your side?
>
> Looking at tools/testing/selftests/bpf/xdping.c I see it has:
> static __u32 xdp_flags = XDP_FLAGS_UPDATE_IF_NOEXIST;
>
> And it attaches program two times in the same net namespace,
> so I don't see how it could've worked before the change :-/
> (unless, of coarse, the previous code was buggy).
Ok, so according to the old logic, XDP_FLAGS_UPDATE_IF_NOEXIST flag is
only checked if new program fd is not -1. So if we are installing a
new program and specify XDP_FLAGS_UPDATE_IF_NOEXIST, we'll be allowed
to do this only if there is no BPF program already attached. But we
are uninstalling program, then XDP_FLAGS_UPDATE_IF_NOEXIST is ignored
and we are allowed to uninstall any BPF program.
I can easily fix this by moving the XDP_FLAGS_UPDATE_IF_NOEXIST check
inside `if (new_prog) {}` section. I'm not sure which semantics was
actually originally intended. Maybe XDP folks can chime in here?
