net/failsafe: fix crash on slave queue release
Checks
Commit Message
From: Igor Romanov <igor.romanov@oktetlabs.ru>
Releasing a queue that is already released by slave may cause a
segmentation fault. For example, after a successfull device
configuration a queue is set up. Afterwards the device is reconfigured
with an invalid argument, forcing slaves to release the queues
(e.g. rte_eth_dev.data.tx_queues). Finally the failsafe's queues
are released. The queue release functions also try to release slaves'
queues using ETH(sdev)->data->tx_queues which is NULL at the time.
Add checks for NULL slaves' Tx and Rx queues before releasing them.
Fixes: a46f8d584eb8 ("net/failsafe: add fail-safe PMD")
Cc: stable@dpdk.org
Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
drivers/net/failsafe/failsafe_ops.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
Comments
On Fri, Aug 31, 2018 at 05:16:32PM +0100, Andrew Rybchenko wrote:
> From: Igor Romanov <igor.romanov@oktetlabs.ru>
>
> Releasing a queue that is already released by slave may cause a
> segmentation fault. For example, after a successfull device
> configuration a queue is set up. Afterwards the device is reconfigured
> with an invalid argument, forcing slaves to release the queues
> (e.g. rte_eth_dev.data.tx_queues). Finally the failsafe's queues
> are released. The queue release functions also try to release slaves'
> queues using ETH(sdev)->data->tx_queues which is NULL at the time.
>
> Add checks for NULL slaves' Tx and Rx queues before releasing them.
>
> Fixes: a46f8d584eb8 ("net/failsafe: add fail-safe PMD")
> Cc: stable@dpdk.org
>
> Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Gaetan Rivet <gaetan.rivet@6wind.com>
> ---
> drivers/net/failsafe/failsafe_ops.c | 20 ++++++++++++++------
> 1 file changed, 14 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/failsafe/failsafe_ops.c b/drivers/net/failsafe/failsafe_ops.c
> index 24e91c931..94b9769e7 100644
> --- a/drivers/net/failsafe/failsafe_ops.c
> +++ b/drivers/net/failsafe/failsafe_ops.c
> @@ -309,9 +309,13 @@ fs_rx_queue_release(void *queue)
> fs_lock(dev, 0);
> if (rxq->event_fd > 0)
> close(rxq->event_fd);
> - FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE)
> - SUBOPS(sdev, rx_queue_release)
> - (ETH(sdev)->data->rx_queues[rxq->qid]);
> + FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE) {
> + if (ETH(sdev)->data->rx_queues != NULL &&
> + ETH(sdev)->data->rx_queues[rxq->qid] != NULL) {
> + SUBOPS(sdev, rx_queue_release)
> + (ETH(sdev)->data->rx_queues[rxq->qid]);
> + }
> + }
> dev->data->rx_queues[rxq->qid] = NULL;
> rte_free(rxq);
> fs_unlock(dev, 0);
> @@ -477,9 +481,13 @@ fs_tx_queue_release(void *queue)
> txq = queue;
> dev = txq->priv->dev;
> fs_lock(dev, 0);
> - FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE)
> - SUBOPS(sdev, tx_queue_release)
> - (ETH(sdev)->data->tx_queues[txq->qid]);
> + FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE) {
> + if (ETH(sdev)->data->tx_queues != NULL &&
> + ETH(sdev)->data->tx_queues[txq->qid] != NULL) {
> + SUBOPS(sdev, tx_queue_release)
> + (ETH(sdev)->data->tx_queues[txq->qid]);
> + }
> + }
> dev->data->tx_queues[txq->qid] = NULL;
> rte_free(txq);
> fs_unlock(dev, 0);
> --
> 2.17.1
>
On 9/19/2018 4:14 PM, Gaëtan Rivet wrote:
> On Fri, Aug 31, 2018 at 05:16:32PM +0100, Andrew Rybchenko wrote:
>> From: Igor Romanov <igor.romanov@oktetlabs.ru>
>>
>> Releasing a queue that is already released by slave may cause a
>> segmentation fault. For example, after a successfull device
>> configuration a queue is set up. Afterwards the device is reconfigured
>> with an invalid argument, forcing slaves to release the queues
>> (e.g. rte_eth_dev.data.tx_queues). Finally the failsafe's queues
>> are released. The queue release functions also try to release slaves'
>> queues using ETH(sdev)->data->tx_queues which is NULL at the time.
>>
>> Add checks for NULL slaves' Tx and Rx queues before releasing them.
>>
>> Fixes: a46f8d584eb8 ("net/failsafe: add fail-safe PMD")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
>> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
>
> Acked-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Applied to dpdk-next-net/master, thanks.
@@ -309,9 +309,13 @@ fs_rx_queue_release(void *queue)
fs_lock(dev, 0);
if (rxq->event_fd > 0)
close(rxq->event_fd);
- FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE)
- SUBOPS(sdev, rx_queue_release)
- (ETH(sdev)->data->rx_queues[rxq->qid]);
+ FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE) {
+ if (ETH(sdev)->data->rx_queues != NULL &&
+ ETH(sdev)->data->rx_queues[rxq->qid] != NULL) {
+ SUBOPS(sdev, rx_queue_release)
+ (ETH(sdev)->data->rx_queues[rxq->qid]);
+ }
+ }
dev->data->rx_queues[rxq->qid] = NULL;
rte_free(rxq);
fs_unlock(dev, 0);
@@ -477,9 +481,13 @@ fs_tx_queue_release(void *queue)
txq = queue;
dev = txq->priv->dev;
fs_lock(dev, 0);
- FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE)
- SUBOPS(sdev, tx_queue_release)
- (ETH(sdev)->data->tx_queues[txq->qid]);
+ FOREACH_SUBDEV_STATE(sdev, i, dev, DEV_ACTIVE) {
+ if (ETH(sdev)->data->tx_queues != NULL &&
+ ETH(sdev)->data->tx_queues[txq->qid] != NULL) {
+ SUBOPS(sdev, tx_queue_release)
+ (ETH(sdev)->data->tx_queues[txq->qid]);
+ }
+ }
dev->data->tx_queues[txq->qid] = NULL;
rte_free(txq);
fs_unlock(dev, 0);