968be23cea
Fix possible segfault when entry is inserted into xskmap. This can
happen if the socket is in a state where the umem has been set up, the
Rx ring created but it has yet to be bound to a device. In this case
the pool has not yet been created and we cannot reference it for the
existence of the fill ring. Fix this by removing the whole
xsk_is_setup_for_bpf_map function. Once upon a time, it was used to
make sure that the Rx and fill rings where set up before the driver
could call xsk_rcv, since there are no tests for the existence of
these rings in the data path. But these days, we have a state variable
that we test instead. When it is XSK_BOUND, everything has been set up
correctly and the socket has been bound. So no reason to have the
xsk_is_setup_for_bpf_map function anymore.
Fixes: 7361f9c3d7
("xsk: Move fill and completion rings to buffer pool")
Reported-by: syzbot+febe51d44243fbc564ee@syzkaller.appspotmail.com
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/1599037569-26690-1-git-send-email-magnus.karlsson@intel.com
51 lines
1.3 KiB
C
51 lines
1.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/* Copyright(c) 2019 Intel Corporation. */
|
|
|
|
#ifndef XSK_H_
|
|
#define XSK_H_
|
|
|
|
/* Masks for xdp_umem_page flags.
|
|
* The low 12-bits of the addr will be 0 since this is the page address, so we
|
|
* can use them for flags.
|
|
*/
|
|
#define XSK_NEXT_PG_CONTIG_SHIFT 0
|
|
#define XSK_NEXT_PG_CONTIG_MASK BIT_ULL(XSK_NEXT_PG_CONTIG_SHIFT)
|
|
|
|
struct xdp_ring_offset_v1 {
|
|
__u64 producer;
|
|
__u64 consumer;
|
|
__u64 desc;
|
|
};
|
|
|
|
struct xdp_mmap_offsets_v1 {
|
|
struct xdp_ring_offset_v1 rx;
|
|
struct xdp_ring_offset_v1 tx;
|
|
struct xdp_ring_offset_v1 fr;
|
|
struct xdp_ring_offset_v1 cr;
|
|
};
|
|
|
|
/* Nodes are linked in the struct xdp_sock map_list field, and used to
|
|
* track which maps a certain socket reside in.
|
|
*/
|
|
|
|
struct xsk_map_node {
|
|
struct list_head node;
|
|
struct xsk_map *map;
|
|
struct xdp_sock **map_entry;
|
|
};
|
|
|
|
static inline struct xdp_sock *xdp_sk(struct sock *sk)
|
|
{
|
|
return (struct xdp_sock *)sk;
|
|
}
|
|
|
|
void xsk_map_try_sock_delete(struct xsk_map *map, struct xdp_sock *xs,
|
|
struct xdp_sock **map_entry);
|
|
int xsk_map_inc(struct xsk_map *map);
|
|
void xsk_map_put(struct xsk_map *map);
|
|
void xsk_clear_pool_at_qid(struct net_device *dev, u16 queue_id);
|
|
int xsk_reg_pool_at_qid(struct net_device *dev, struct xsk_buff_pool *pool,
|
|
u16 queue_id);
|
|
|
|
#endif /* XSK_H_ */
|