[1/2] net/sfc: fix an Rx queue double release possibility
Checks
Commit Message
From: Igor Romanov <igor.romanov@oktetlabs.ru>
There are two function that call sfc_rx_qfini():
sfc_rx_fini_queues() and sfc_rx_queue_release(). But only
sfc_rx_queue_release() sets rx_queues pointer of the device data to NULL.
It may lead to the scenario in which a queue is destroyed by
sfc_rx_fini_queues() and after the queue is attempted to be destroyed again
by sfc_rx_queue_release().
Move NULL assignment to sfc_rx_qfini().
Fixes: ce35b05c635e ("net/sfc: implement Rx queue setup release operations")
Cc: stable@dpdk.org
Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
drivers/net/sfc/sfc_ethdev.c | 2 --
drivers/net/sfc/sfc_rx.c | 1 +
2 files changed, 1 insertion(+), 2 deletions(-)
Comments
On 9/14/2018 8:31 AM, Andrew Rybchenko wrote:
> From: Igor Romanov <igor.romanov@oktetlabs.ru>
>
> There are two function that call sfc_rx_qfini():
> sfc_rx_fini_queues() and sfc_rx_queue_release(). But only
> sfc_rx_queue_release() sets rx_queues pointer of the device data to NULL.
> It may lead to the scenario in which a queue is destroyed by
> sfc_rx_fini_queues() and after the queue is attempted to be destroyed again
> by sfc_rx_queue_release().
>
> Move NULL assignment to sfc_rx_qfini().
>
> Fixes: ce35b05c635e ("net/sfc: implement Rx queue setup release operations")
> Cc: stable@dpdk.org
>
> Signed-off-by: Igor Romanov <igor.romanov@oktetlabs.ru>
> Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
Series applied to dpdk-next-net/master, thanks.
@@ -444,8 +444,6 @@ sfc_rx_queue_release(void *queue)
sfc_log_init(sa, "RxQ=%u", sw_index);
- sa->eth_dev->data->rx_queues[sw_index] = NULL;
-
sfc_rx_qfini(sa, sw_index);
sfc_adapter_unlock(sa);
@@ -1104,6 +1104,7 @@ sfc_rx_qfini(struct sfc_adapter *sa, unsigned int sw_index)
struct sfc_rxq *rxq;
SFC_ASSERT(sw_index < sa->rxq_count);
+ sa->eth_dev->data->rx_queues[sw_index] = NULL;
rxq_info = &sa->rxq_info[sw_index];