On Thu, Apr 29, 2021 at 3:22 PM Edward Cree ecree.xilinx@gmail.com wrote:
On 27/04/2021 22:09, Ignat Korchagin wrote:
efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is later used to allocate and traverse efx->xdp_tx_queues lookup array. However, we may end up not initializing all the array slots with real queues during probing. This results, for example, in a NULL pointer dereference, when running "# ethtool -S <iface>", similar to below
...
diff --git a/drivers/net/ethernet/sfc/efx_channels.c b/drivers/net/ethernet/sfc/efx_channels.c index 1bfeee283ea9..a3ca406a3561 100644 --- a/drivers/net/ethernet/sfc/efx_channels.c +++ b/drivers/net/ethernet/sfc/efx_channels.c @@ -914,6 +914,8 @@ int efx_set_channels(struct efx_nic *efx) } } }
if (xdp_queue_number)
Wait, why is this guard condition needed? What happens if we had nonzero efx->xdp_tx_queue_count initially, but we end up with no TXQs available for XDP at all (so xdp_queue_number == 0)?
-ed
My thoughts were: efx->xdp_tx_queue_count is originally used to allocate efx->xdp_tx_queues. So, if xdp_queue_number ends up being 0, we should keep efx->xdp_tx_queue_count positive not to forget to release efx->xdp_tx_queues (because most checks are efx->xdp_tx_queue_count && efx->xdp_tx_queues).
I'm not familiar enough with SFC internals to definitely say if it is even possible to have xdp_queue_number == 0 while having efx->xdp_tx_queue_count > 0, but my understanding is that it should not be possible due to the checks in the driver init path, when we actually determine the number of queues, channels, events per channel etc.
Ignat
efx->xdp_tx_queue_count = xdp_queue_number; rc = netif_set_real_num_tx_queues(efx->net_dev, efx->n_tx_channels); if (rc)