Re: [PATCH net-next v2 5/6] tsnep: Add XDP socket zero-copy RX support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 18.04.23 10:22, Paolo Abeni wrote:

On Sat, 2023-04-15 at 16:42 +0200, Gerhard Engleder wrote:

@@ -892,6 +900,37 @@ static int tsnep_rx_desc_available(struct tsnep_rx *rx)
  		return rx->read - rx->write - 1;
  }
+static void tsnep_rx_free_page_buffer(struct tsnep_rx *rx) 
+{
+	struct page **page;
+
+	page = rx->page_buffer;
+	while (*page) {
+		page_pool_put_full_page(rx->page_pool, *page, false);
+		*page = NULL;
+		page++;
+	}
+}


[...]


  static void tsnep_rx_close(struct tsnep_rx *rx)
  {
+	if (rx->xsk_pool)
+		tsnep_rx_free_page_buffer(rx);


It looks like the above could call tsnep_rx_free_page_buffer() with
each page ptr in rx->page_buffer not zero. If so
tsnep_rx_free_page_buffer() will do an out of bound access.


rx->page_buffer has space for up to TSNEP_RING_SIZE ptr's. The
descriptor ring is filled with at most TSNEP_RING_SIZE - 1
pages. Thus, the last ptr in rx->page_buffer is always zero.


Also, why testing rx->xsk_pool instead of rx->page_buffer?


Testing for rx->xsk_pool is done for all code, which is only needed
if XSK zero-copy is enabled. For me this is more consistent to the
rest of the code.

Thanks!

Gerhard
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux