    xdp: fix bug in cpumap teardown code path · ad0ab027
    Jesper Dangaard Brouer authored
    When removing a cpumap entry, a number of syncronization steps happen.
    Eventually the teardown code __cpu_map_entry_free is invoked from/via
    The teardown code __cpu_map_entry_free() flushes remaining xdp_frames,
    by invoking bq_flush_to_queue, which calls xdp_return_frame_rx_napi().
    The issues is that the teardown code is not running in the RX NAPI
    code path.  Thus, it is not allowed to invoke the NAPI variant of
    This bug was found and triggered by using the --stress-mode option to
    the samples/bpf program xdp_redirect_cpu.  It is hard to trigger,
    because the ptr_ring have to be full and cpumap bulk queue max
    contains 8 packets, and a remote CPU is racing to empty the ptr_ring
    Fixes: 389ab7f0 ("xdp: introduce xdp_return_frame_rx_napi")
    Jean-Tsung Hsiao <jhsiao@redhat.com>
    Jesper Dangaard Brouer <brouer@redhat.com>
    Daniel Borkmann <daniel@iogearbox.net>
cpumap.c 18.8 KB