On Wed, Jan 25, 2023 at 08:48:59AM +0100, Magnus Karlsson wrote:
> From: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>
>
> Make sure that xdp_do_flush() is always executed before
> napi_complete_done(). This is important for two reasons. First, a
> redirect to an XSKMAP assumes that a call to xdp_do_redirect() from
> napi context X on CPU Y will be followed by a xdp_do_flush() from the
> same napi context and CPU. This is not guaranteed if the
> napi_complete_done() is executed before xdp_do_flush(), as it tells
> the napi logic that it is fine to schedule napi context X on another
> CPU. Details from a production system triggering this bug using the
> veth driver can be found following the first link below.
>
> The second reason is that the XDP_REDIRECT logic in itself relies on
> being inside a single NAPI instance through to the xdp_do_flush() call
> for RCU protection of all in-kernel data structures. Details can be
> found in the second link below.
>
> Fixes: 186b3c998c50 ("virtio-net: support XDP_REDIRECT")
> Signed-off-by: Magnus Karlsson <magnus.karlsson@xxxxxxxxx>
> Acked-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
> Link: https://lore.kernel.org/r/20221220185903.1105011-1-sbohrer@xxxxxxxxxxxxxx
> Link: https://lore.kernel.org/all/20210624160609.292325-1-toke@xxxxxxxxxx/
Acked-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> ---
> drivers/net/virtio_net.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 18b3de854aeb..6df14dd5bf46 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -1677,13 +1677,13 @@ static int virtnet_poll(struct napi_struct *napi, int budget)
>
> received = virtnet_receive(rq, budget, &xdp_xmit);
>
> + if (xdp_xmit & VIRTIO_XDP_REDIR)
> + xdp_do_flush();
> +
> /* Out of packets? */
> if (received < budget)
> virtqueue_napi_complete(napi, rq->vq, received);
>
> - if (xdp_xmit & VIRTIO_XDP_REDIR)
> - xdp_do_flush();
> -
> if (xdp_xmit & VIRTIO_XDP_TX) {
> sq = virtnet_xdp_get_sq(vi);
> if (virtqueue_kick_prepare(sq->vq) && virtqueue_notify(sq->vq)) {
> --
> 2.34.1
