io_uring/zcrx: call netdev_queue_get_dma_dev() under instance lock

[ Upstream commit b6c5f9454ef34fd2753ba7843ef4d9a295c43eee ]

netdev ops must be called under instance lock or rtnl_lock, but
io_register_zcrx_ifq() isn't doing this for netdev_queue_get_dma_dev().
Fix this by taking the instance lock using netdev_get_by_index_lock().

Extended the instance lock section to include attaching a memory
provider. Could not move io_zcrx_create_area() outside, since the dmabuf
codepath IORING_ZCRX_AREA_DMABUF requires ifq->dev.

Fixes: 59b8b32ac8d4 ("io_uring/zcrx: add support for custom DMA devices")
Signed-off-by: David Wei <dw@davidwei.uk>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c
index b1b723222cdb8155e657625c0dbdf3d4e98b1533..875ad40cf65911f7d35d51dcded880cced971fb1 100644 (file)
--- a/io_uring/zcrx.c
+++ b/io_uring/zcrx.c
@@ -599,29 +599,30 @@ int io_register_zcrx_ifq(struct io_ring_ctx *ctx,
        if (ret)
                goto err;
 
-       ifq->netdev = netdev_get_by_index(current->nsproxy->net_ns, reg.if_idx,
-                                         &ifq->netdev_tracker, GFP_KERNEL);
+       ifq->netdev = netdev_get_by_index_lock(current->nsproxy->net_ns, reg.if_idx);
        if (!ifq->netdev) {
                ret = -ENODEV;
                goto err;
        }
+       netdev_hold(ifq->netdev, &ifq->netdev_tracker, GFP_KERNEL);
 
        ifq->dev = netdev_queue_get_dma_dev(ifq->netdev, reg.if_rxq);
        if (!ifq->dev) {
                ret = -EOPNOTSUPP;
-               goto err;
+               goto netdev_put_unlock;
        }
        get_device(ifq->dev);
 
        ret = io_zcrx_create_area(ifq, &area);
        if (ret)
-               goto err;
+               goto netdev_put_unlock;
 
        mp_param.mp_ops = &io_uring_pp_zc_ops;
        mp_param.mp_priv = ifq;
-       ret = net_mp_open_rxq(ifq->netdev, reg.if_rxq, &mp_param);
+       ret = __net_mp_open_rxq(ifq->netdev, reg.if_rxq, &mp_param, NULL);
        if (ret)
-               goto err;
+               goto netdev_put_unlock;
+       netdev_unlock(ifq->netdev);
        ifq->if_rxq = reg.if_rxq;
 
        reg.zcrx_id = id;
@@ -640,6 +641,9 @@ int io_register_zcrx_ifq(struct io_ring_ctx *ctx,
                goto err;
        }
        return 0;
+netdev_put_unlock:
+       netdev_put(ifq->netdev, &ifq->netdev_tracker);
+       netdev_unlock(ifq->netdev);
 err:
        scoped_guard(mutex, &ctx->mmap_lock)
                xa_erase(&ctx->zcrx_ctxs, id);