On 16-11-18 03:21 PM, Eric Dumazet wrote:
> On Fri, 2016-11-18 at 11:00 -0800, John Fastabend wrote:
> 
> 
>>  static void free_receive_bufs(struct virtnet_info *vi)
>>  {
>> +    struct bpf_prog *old_prog;
>>      int i;
>>  
>>      for (i = 0; i < vi->max_queue_pairs; i++) {
>>              while (vi->rq[i].pages)
>>                      __free_pages(get_a_page(&vi->rq[i], GFP_KERNEL), 0);
>> +
>> +            old_prog = rcu_dereference(vi->rq[i].xdp_prog);
> 
> Seems wrong to me.
> 

Yep it is wrong should be rtnl_dereference() here and the
rcu_dereference() calls earlier in the patch need to be _bh().

> Are you sure lockdep (with CONFIG_PROVE_RCU=y) was happy with this ?

oops you are right it was missing.

> 
>> +            RCU_INIT_POINTER(vi->rq[i].xdp_prog, NULL);
>> +            if (old_prog)
>> +                    bpf_prog_put(old_prog);

bpf_prog_put() waits a grace period of ref count is zero. That said on
driver unload we need to protect the bpf_prog_put with RTNL_LOCK() as
well.

I'll send out a v2 in a bit.

Thanks a lot.

>>      }
>>  }
>>  
>>
> 
> 

Reply via email to