* [DPDK/core Bug 1700] BPF callback wait is not MP safe
@ 2025-04-25 22:47 bugzilla
0 siblings, 0 replies; only message in thread
From: bugzilla @ 2025-04-25 22:47 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 1374 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1700
Bug ID: 1700
Summary: BPF callback wait is not MP safe
Product: DPDK
Version: 25.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: minor
Priority: Normal
Component: core
Assignee: dev@dpdk.org
Reporter: stephen@networkplumber.org
Target Milestone: ---
The mechanism implemented in bpf_pkt.c is like an open coded version of
seqlock.
There is an inherit race because:
If the CPU running the callback doesn't reach the before the count
is executed, it can rance with the CPU doing destroy.
CPU 1: CPU 2:
bpf_eth_unload()
bc = bpf_eth_cbh_find()
bpf_rx_callback_vm (or
bpf_rx_callback_jit)
rte_eth_remove_rx_callback()
bpf_eth_cbi_unload(bc)
bpf_eth_cbi_wait(bc)
at this point bc->inuse == 0 because call back not started
but is going to be used by CPU 2. And calling rte_bpf_destroy
will lead to use after free.
There is no good way to fix this without using RCU.
Also, the code should be consistently using C11 atomic not barriers.
Not sure if anyone ever uses this code anyway!
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 3237 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-25 22:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-25 22:47 [DPDK/core Bug 1700] BPF callback wait is not MP safe bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).