From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id EFDAB2904 for ; Mon, 25 Apr 2016 04:37:46 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP; 24 Apr 2016 19:37:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,530,1455004800"; d="scan'208";a="939359898" Received: from dpdk06.sh.intel.com ([10.239.128.225]) by orsmga001.jf.intel.com with ESMTP; 24 Apr 2016 19:37:44 -0700 From: Jianfeng Tan To: dev@dpdk.org Cc: huawei.xie@intel.com, yuanhan.liu@linux.intel.com, Jianfeng Tan Date: Mon, 25 Apr 2016 02:37:45 +0000 Message-Id: <1461551865-15930-1-git-send-email-jianfeng.tan@intel.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1461242170-146337-1-git-send-email-jianfeng.tan@intel.com> References: <1461242170-146337-1-git-send-email-jianfeng.tan@intel.com> Subject: [dpdk-dev] [PATCH v2] virtio: fix segfault when transmit pkts X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 02:37:47 -0000 Issue: when using virtio nic to transmit pkts, it causes segment fault. How to reproduce: Basically, we need to construct a case with vm send packets to vhost-user, and this issue does not happen when transmitting packets using indirect desc. Besides, make sure all descriptors are exhausted before vhost dequeues any packets. a. start testpmd with vhost. $ testpmd -c 0x3 -n 4 --socket-mem 1024,0 --no-pci \ --vdev 'eth_vhost0,iface=/tmp/sock0,queues=1' -- -i --nb-cores=1 b. start a qemu with a virtio nic connected with the vhost-user port, just make sure mrg_rxbuf is enabled. c. enable testpmd on the host. testpmd> set fwd io testpmd> start (better without start vhost-user) d. start testpmd in VM. $testpmd -c 0x3 -n 4 -m 1024 -- -i --disable-hw-vlan-filter --txqflags=0xf01 testpmd> set fwd txonly testpmd> start How to fix: this bug is because inside virtqueue_enqueue_xmit(), the flag of desc has been updated inside the do {} while (), not necessary to update after the loop. (And if we do that after the loop, if all descs could have run out, idx is VQ_RING_DESC_CHAIN_END (32768), use this idx to reference the start_dp array will lead to segment fault.) Fixes: dd856dfcb9e ("virtio: use any layout on Tx") Signed-off-by: Jianfeng Tan --- v2: refine the commit message. drivers/net/virtio/virtio_rxtx.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/net/virtio/virtio_rxtx.c b/drivers/net/virtio/virtio_rxtx.c index ef21d8e..432aeab 100644 --- a/drivers/net/virtio/virtio_rxtx.c +++ b/drivers/net/virtio/virtio_rxtx.c @@ -271,8 +271,6 @@ virtqueue_enqueue_xmit(struct virtqueue *txvq, struct rte_mbuf *cookie, idx = start_dp[idx].next; } while ((cookie = cookie->next) != NULL); - start_dp[idx].flags &= ~VRING_DESC_F_NEXT; - if (use_indirect) idx = txvq->vq_ring.desc[head_idx].next; -- 2.1.4