From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 92E712B8E for ; Tue, 19 Jul 2016 04:36:10 +0200 (CEST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP; 18 Jul 2016 19:36:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,387,1464678000"; d="scan'208";a="141601028" Received: from yliu-dev.sh.intel.com ([10.239.67.162]) by fmsmga004.fm.intel.com with ESMTP; 18 Jul 2016 19:36:08 -0700 From: Yuanhan Liu To: dev@dpdk.org Cc: Thomas Monjalon , Yuanhan Liu Date: Tue, 19 Jul 2016 10:39:53 +0800 Message-Id: <1468895993-3292-1-git-send-email-yuanhan.liu@linux.intel.com> X-Mailer: git-send-email 1.9.0 In-Reply-To: <95aa6068-2444-304e-2dc1-ff1975f6132a@6wind.com> References: <95aa6068-2444-304e-2dc1-ff1975f6132a@6wind.com> Subject: [dpdk-dev] [PATCH] net/virtio: fix crash on null dereference X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2016 02:36:11 -0000 The rxq/txq for the queue_release callback could be NULL, say when rte_eth_dev_configure() fails that the queue is not setup at all. Do a simple NULL check would fix the crash issue. Fixes: 01ad44fd374f ("net/virtio: split Rx/Tx queue") Reported-by: Olivier Matz Signed-off-by: Yuanhan Liu --- drivers/net/virtio/virtio_rxtx.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/drivers/net/virtio/virtio_rxtx.c b/drivers/net/virtio/virtio_rxtx.c index a27208e..2f967de 100644 --- a/drivers/net/virtio/virtio_rxtx.c +++ b/drivers/net/virtio/virtio_rxtx.c @@ -467,13 +467,19 @@ void virtio_dev_rx_queue_release(void *rxq) { struct virtnet_rx *rxvq = rxq; - struct virtqueue *vq = rxvq->vq; - /* rxvq is freed when vq is freed, and as mz should be freed after the + struct virtqueue *vq; + const struct rte_memzone *mz; + + if (rxvq == NULL) + return; + + /* + * rxvq is freed when vq is freed, and as mz should be freed after the * del_queue, so we reserve the mz pointer first. */ - const struct rte_memzone *mz = rxvq->mz; + vq = rxvq->vq; + mz = rxvq->mz; - /* no need to free rxq as vq and rxq are allocated together */ virtio_dev_queue_release(vq); rte_memzone_free(mz); } @@ -553,12 +559,20 @@ void virtio_dev_tx_queue_release(void *txq) { struct virtnet_tx *txvq = txq; - struct virtqueue *vq = txvq->vq; - /* txvq is freed when vq is freed, and as mz should be freed after the + struct virtqueue *vq; + const struct rte_memzone *mz; + const struct rte_memzone *hdr_mz; + + if (txvq == NULL) + return; + + /* + * txvq is freed when vq is freed, and as mz should be freed after the * del_queue, so we reserve the mz pointer first. */ - const struct rte_memzone *hdr_mz = txvq->virtio_net_hdr_mz; - const struct rte_memzone *mz = txvq->mz; + vq = txvq->vq; + mz = txvq->mz; + hdr_mz = txvq->virtio_net_hdr_mz; virtio_dev_queue_release(vq); rte_memzone_free(mz); -- 1.9.0