On Fri, Nov 20, 2020 at 4:17 PM <alardam@xxxxxxxxx> wrote:
>
> From: Marek Majtyka <marekx.majtyka@xxxxxxxxx>
>
> Fix incorrect netdev reference count in xsk_bind operation. Incorrect
> reference count of the device appears when a user calls bind with the
> XDP_ZEROCOPY flag on an interface which does not support zero-copy.
> In such a case, an error is returned but the reference count is not
> decreased. This change fixes the fault, by decreasing the reference count
> in case of such an error.
>
> The problem being corrected appeared in '162c820ed896' for the first time,
> and the code was moved to new file location over the time with commit
> 'c2d3d6a47462'. This specific patch applies to all version starting
> from 'c2d3d6a47462'. The same solution should be applied but on different
> file (net/xdp/xdp_umem.c) and function (xdp_umem_assign_dev) for versions
> from '162c820ed896' to 'c2d3d6a47462' excluded.
>
> Fixes: 162c820ed896 ("xdp: hold device for umem regardless of zero- ...")
> Signed-off-by: Marek Majtyka <marekx.majtyka@xxxxxxxxx>
> ---
> net/xdp/xsk_buff_pool.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/xdp/xsk_buff_pool.c b/net/xdp/xsk_buff_pool.c
> index 8a3bf4e1318e..46d09bfb1923 100644
> --- a/net/xdp/xsk_buff_pool.c
> +++ b/net/xdp/xsk_buff_pool.c
> @@ -185,8 +185,10 @@ static int __xp_assign_dev(struct xsk_buff_pool *pool,
> err_unreg_pool:
> if (!force_zc)
> err = 0; /* fallback to copy mode */
> - if (err)
> + if (err) {
> xsk_clear_pool_at_qid(netdev, queue_id);
> + dev_put(netdev);
> + }
> return err;
> }
Thank you Marek for spotting and fixing this!
Acked-by: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>
> --
> 2.27.0
>
