diff mbox series

[net,V2,08/14] net/mlx5e: Check the number of elements before walk TC rhashtable

Message ID 20231205061327.44638-9-saeed@kernel.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [net,V2,01/14] net/mlx5e: Honor user choice of IPsec replay window size | expand

Checks

Context Check Description
netdev/series_format success Pull request is its own cover letter
netdev/tree_selection success Clearly marked for net
netdev/ynl success SINGLE THREAD; Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1115 this patch: 1115
netdev/cc_maintainers success CCed 4 of 4 maintainers
netdev/build_clang success Errors and warnings before: 1142 this patch: 1142
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1142 this patch: 1142
netdev/checkpatch warning WARNING: line length of 83 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Saeed Mahameed Dec. 5, 2023, 6:13 a.m. UTC 
From: Jianbo Liu <jianbol@nvidia.com>

After IPSec TX tables are destroyed, the flow rules in TC rhashtable,
which have the destination to IPSec, are restored to the original
one, the uplink.

However, when the device is in switchdev mode and unload driver with
IPSec rules configured, TC rhashtable cleanup is done before IPSec
cleanup, which means tc_ht->tbl is already freed when walking TC
rhashtable, in order to restore the destination. So add the checking
before walking to avoid unexpected behavior.

Fixes: d1569537a837 ("net/mlx5e: Modify and restore TC rules for IPSec TX rules")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Herbert Xu Dec. 8, 2023, 4:47 a.m. UTC | #1 
Saeed Mahameed <saeed@kernel.org> wrote:
> From: Jianbo Liu <jianbol@nvidia.com>
> 
> After IPSec TX tables are destroyed, the flow rules in TC rhashtable,
> which have the destination to IPSec, are restored to the original
> one, the uplink.
> 
> However, when the device is in switchdev mode and unload driver with
> IPSec rules configured, TC rhashtable cleanup is done before IPSec
> cleanup, which means tc_ht->tbl is already freed when walking TC
> rhashtable, in order to restore the destination. So add the checking
> before walking to avoid unexpected behavior.

I'm confused.  If the rhashtable has already been freed, then
surely you can't even read nelems?

Cheers,
Jianbo Liu Dec. 8, 2023, 5:32 a.m. UTC | #2 
On Fri, 2023-12-08 at 12:47 +0800, Herbert Xu wrote:
> Saeed Mahameed <saeed@kernel.org> wrote:
> > From: Jianbo Liu <jianbol@nvidia.com>
> > 
> > After IPSec TX tables are destroyed, the flow rules in TC
> > rhashtable,
> > which have the destination to IPSec, are restored to the original
> > one, the uplink.
> > 
> > However, when the device is in switchdev mode and unload driver
> > with
> > IPSec rules configured, TC rhashtable cleanup is done before IPSec
> > cleanup, which means tc_ht->tbl is already freed when walking TC
> > rhashtable, in order to restore the destination. So add the
> > checking
> > before walking to avoid unexpected behavior.
> 
> I'm confused.  If the rhashtable has already been freed, then
> surely you can't even read nelems?
> 
I think we can as rhashtable struct, not its pointer is declared in
rpriv, and rpriv is not freed.
Anyway, this patch was dropped in V3.

Thanks!
Jianbo

> 
> Cheers,
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c
index 5a0047bdcb51..190f10aba170 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c
@@ -152,7 +152,7 @@  void mlx5_esw_ipsec_restore_dest_uplink(struct mlx5_core_dev *mdev)
 
 	xa_for_each(&esw->offloads.vport_reps, i, rep) {
 		rpriv = rep->rep_data[REP_ETH].priv;
-		if (!rpriv || !rpriv->netdev)
+		if (!rpriv || !rpriv->netdev || !atomic_read(&rpriv->tc_ht.nelems))
 			continue;
 
 		rhashtable_walk_enter(&rpriv->tc_ht, &iter);