diff mbox series

[net,v2] xdp: xdp_mem_allocator can be NULL in trace_mem_connect().

Message ID YikSav7Y1iEQv8sq@linutronix.de (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [net,v2] xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/cc_maintainers success CCed 14 of 14 maintainers
netdev/build_clang success Errors and warnings before: 18 this patch: 18
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 7 this patch: 7
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Sebastian Andrzej Siewior March 9, 2022, 8:47 p.m. UTC 
Since the commit mentioned below __xdp_reg_mem_model() can return a NULL
pointer. This pointer is dereferenced in trace_mem_connect() which leads
to segfault.

The trace points (mem_connect + mem_disconnect) were put in place to
pair connect/disconnect using the IDs. The ID is only assigned if
__xdp_reg_mem_model() does not return NULL. That connect trace point is
of no use if there is no ID.

Skip that connect trace point if xdp_alloc is NULL.

[ Toke Høiland-Jørgensen delivered the reasoning for skipping the trace
  point ]

Fixes: 4a48ef70b93b8 ("xdp: Allow registering memory model without rxq reference")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
v1…v2:
   - Instead letting the trace point deal with a NULL pointer, skip the
     trace point.

 net/core/xdp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Steven Rostedt March 9, 2022, 9:36 p.m. UTC | #1 
On Wed, 9 Mar 2022 21:47:38 +0100
Sebastian Andrzej Siewior <bigeasy@linutronix.de> wrote:

> --- a/net/core/xdp.c
> +++ b/net/core/xdp.c
> @@ -357,7 +357,8 @@ int xdp_rxq_info_reg_mem_model(struct xdp_rxq_info *xdp_rxq,
>  	if (IS_ERR(xdp_alloc))
>  		return PTR_ERR(xdp_alloc);
>  
> -	trace_mem_connect(xdp_alloc, xdp_rxq);
> +	if (xdp_alloc)

Eliminate the check when tracing is disabled:

	if (trace_mem_connect_enabled() && xdp_alloc)

-- Steve


> +		trace_mem_connect(xdp_alloc, xdp_rxq);
>  	return 0;
>  }
>
Toke Høiland-Jørgensen March 9, 2022, 9:52 p.m. UTC | #2 
Sebastian Andrzej Siewior <bigeasy@linutronix.de> writes:

> Since the commit mentioned below __xdp_reg_mem_model() can return a NULL
> pointer. This pointer is dereferenced in trace_mem_connect() which leads
> to segfault.
>
> The trace points (mem_connect + mem_disconnect) were put in place to
> pair connect/disconnect using the IDs. The ID is only assigned if
> __xdp_reg_mem_model() does not return NULL. That connect trace point is
> of no use if there is no ID.
>
> Skip that connect trace point if xdp_alloc is NULL.
>
> [ Toke Høiland-Jørgensen delivered the reasoning for skipping the trace
>   point ]
>
> Fixes: 4a48ef70b93b8 ("xdp: Allow registering memory model without rxq reference")
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

With Steven's fix:

Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
diff mbox series

Patch

diff --git a/net/core/xdp.c b/net/core/xdp.c
index 7aba355049862..8ebb22eb6497c 100644
--- a/net/core/xdp.c
+++ b/net/core/xdp.c
@@ -357,7 +357,8 @@  int xdp_rxq_info_reg_mem_model(struct xdp_rxq_info *xdp_rxq,
 	if (IS_ERR(xdp_alloc))
 		return PTR_ERR(xdp_alloc);
 
-	trace_mem_connect(xdp_alloc, xdp_rxq);
+	if (xdp_alloc)
+		trace_mem_connect(xdp_alloc, xdp_rxq);
 	return 0;
 }