review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Ciara Loftus <ciara.loftus@intel.com>
	Tue, 14 Jun 2022 07:07:46 +0000 (07:07 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 29 Jun 2022 07:03:21 +0000 (09:03 +0200)
commit	64e6ba7f2d2f022469be6c2a1c179851b94842dc
tree	aa090147e98ba1f9a6b172afaf315a087f89a2af	tree \| snapshot
parent	54abcc525269f5041c1b2851f0be138503d8b43b	commit \| diff

xsk: Fix generic transmit when completion queue reservation fails

[ Upstream commit a6e944f25cdbe6b82275402b8bc9a55ad7aac10b ]

Two points of potential failure in the generic transmit function are:

1. completion queue (cq) reservation failure.
2. skb allocation failure

Originally the cq reservation was performed first, followed by the skb
allocation. Commit 675716400da6 ("xdp: fix possible cq entry leak")
reversed the order because at the time there was no mechanism available
to undo the cq reservation which could have led to possible cq entry leaks
in the event of skb allocation failure. However if the skb allocation is
performed first and the cq reservation then fails, the xsk skb destructor
is called which blindly adds the skb address to the already full cq leading
to undefined behavior.

This commit restores the original order (cq reservation followed by skb
allocation) and uses the xskq_prod_cancel helper to undo the cq reserve
in event of skb allocation failure.

Fixes: 675716400da6 ("xdp: fix possible cq entry leak")
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/bpf/20220614070746.8871-1-ciara.loftus@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>