Re: [PATCH net] net/stmmac: Fix free-after-use panic when interface goes does with XDP

[Paolo Abeni <pabeni@redhat.com>]

On 5/15/26 10:29 AM, Jakub Raczynski wrote:
> On Thu, May 14, 2026 at 02:01:20PM +0200, Paolo Abeni wrote:
>>>
>>> Fix this by following:
>>> - Set STMMAC_DOWN flag before stopping DMA to signal XDP to stop
>>> - Call synchronize_rcu() after stopping DMA but before freeing resources to
>>>   ensure all ongoing NAPI operations complete
>>> - Add STMMAC_DOWN flag checks in XDP code paths (XDP_TX and XDP_REDIRECT) to
>>>   drop packets when interface is going down. This has already been done for
>>>   stmmac_xdp_xmit() so make it consistent
>>> - Clear STMMAC_DOWN flag in __stmmac_open() to restore normal operation.
>>>   This was only done for stmmac_reset_subtask() during abnormal operation,
>>>   which is not enough. This does not affect normal operation as this flag is
>>>   used only for XDP apps
>>
>> The above looks racy. I think instead you should just use
>> napi_synchronize() in __stmmac_release.
>>
> You put this after whole section, but I assume you are talking about
> synchronize_rcu()? Because currently there are 0 checks and it is pure race
> condition. synchronize_rcu() does secure it in some way, but you are correct,
> proper ensuring that napi has finished is napi_synchronize().
> Will fix in v2.
>>
>>> @@ -5267,6 +5279,9 @@ static int stmmac_xdp_xmit_back(struct stmmac_priv *priv,
>>>  	if (unlikely(!xdpf))
>>>  		return STMMAC_XDP_CONSUMED;
>>>  
>>> +	if (unlikely(test_bit(STMMAC_DOWN, &priv->state)))
>>> +		return -ENETDOWN;
>>
>> Sashiko noted here you should return STMMAC_XDP_CONSUMED
>>
>> /P
> Seems good, will fix in v2.

If you use napi_synchronize(), I think you can avoid setting STMMAC_DOWN
and testing it in the fast path: the run-to-completion after irq
disabling should ensure that no tx could happen after that
napi_synchronize() completes.

Side note: it's not clear to me where/when irq disabling take place?!?

/P