[lvc-project] [PATCH] xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
Alexey
sdl at nppct.ru
Thu Apr 17 13:06:14 MSK 2025
On 17.04.2025 11:51, Juergen Gross wrote:
> On 17.04.25 10:45, Alexey wrote:
>>
>> On 17.04.2025 10:12, Jürgen Groß wrote:
>>> On 17.04.25 09:00, Alexey wrote:
>>>>
>>>> On 17.04.2025 03:58, Jakub Kicinski wrote:
>>>>> On Mon, 14 Apr 2025 18:34:01 +0000 Alexey Nepomnyashih wrote:
>>>>>> get_page(pdata);
>>>>> Please notice this get_page() here.
>>>>>
>>>>>> xdpf = xdp_convert_buff_to_frame(xdp);
>>>>>> + if (unlikely(!xdpf)) {
>>>>>> + trace_xdp_exception(queue->info->netdev, prog, act);
>>>>>> + break;
>>>>>> + }
>>>> Do you mean that it would be better to move the get_page(pdata)
>>>> call lower,
>>>> after checking for NULL in xdpf, so that the reference count is
>>>> only increased
>>>> after a successful conversion?
>>>
>>> I think the error handling here is generally broken (or at least very
>>> questionable).
>>>
>>> I suspect that in case of at least some errors the get_page() is
>>> leaking
>>> even without this new patch.
>>>
>>> In case I'm wrong a comment reasoning why there is no leak should be
>>> added.
>>>
>>>
>>> Juergen
>>
>> I think pdata is freed in xdp_return_frame_rx_napi() -> __xdp_return()
>
> Agreed. But what if xennet_xdp_xmit() returns an error < 0?
>
> In this case xdp_return_frame_rx_napi() won't be called.
>
>
> Juergen
Agreed. There is no explicit freed pdata in the calling function
xennet_get_responses(). Without this, the page referenced by pdata
could be leaked.
I suggest:
case XDP_TX: -get_page(pdata); xdpf = xdp_convert_buff_to_frame(xdp);
+if (unlikely(!xdpf)) { +trace_xdp_exception(queue->info->netdev, prog,
act); +break; +} +get_page(pdata); err =
xennet_xdp_xmit(queue->info->netdev, 1, &xdpf, 0); if (unlikely(!err))
xdp_return_frame_rx_napi(xdpf); -else if (unlikely(err < 0)) +else if
(unlikely(err < 0)) { trace_xdp_exception(queue->info->netdev, prog,
act); +xdp_return_frame_rx_napi(xdpf); +} break; case XDP_REDIRECT:
get_page(pdata); err = xdp_do_redirect(queue->info->netdev, xdp, prog);
*need_xdp_flush = true; -if (unlikely(err)) +if (unlikely(err)) {
trace_xdp_exception(queue->info->netdev, prog, act);
+__xdp_return(page_address(pdata), &xdp->mem, true, xdp); +} break;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20250417/964b808e/attachment.html>
More information about the lvc-project
mailing list