On 27/04/2021 22:09, Ignat Korchagin wrote: > efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is > later used to allocate and traverse efx->xdp_tx_queues lookup array. However, > we may end up not initializing all the array slots with real queues during > probing. This results, for example, in a NULL pointer dereference, when running > "# ethtool -S <iface>", similar to below ... > diff --git a/drivers/net/ethernet/sfc/efx_channels.c b/drivers/net/ethernet/sfc/efx_channels.c > index 1bfeee283ea9..a3ca406a3561 100644 > --- a/drivers/net/ethernet/sfc/efx_channels.c > +++ b/drivers/net/ethernet/sfc/efx_channels.c > @@ -914,6 +914,8 @@ int efx_set_channels(struct efx_nic *efx) > } > } > } > + if (xdp_queue_number) Wait, why is this guard condition needed? What happens if we had nonzero efx->xdp_tx_queue_count initially, but we end up with no TXQs available for XDP at all (so xdp_queue_number == 0)? -ed > + efx->xdp_tx_queue_count = xdp_queue_number; > > rc = netif_set_real_num_tx_queues(efx->net_dev, efx->n_tx_channels); > if (rc) >
