[dpdk-dev] i40evf: potential segfault

[dpdk-dev] i40evf: potential segfault

[Stefan Baranoff]

Hi all!

I was chasing a potential segfault and it appears, if I'm reading this
driver correctly, that in i40evf_init_vf() the value vf->adapter->eth_dev
is never set like pf->adapter->eth_dev is in eth_i40e_dev_init().

I believe this is leading to a segfault when something like
i40e_recv_scattered_pkts calls:
dev = I40E_VSI_TO_ETH_DEV(rxq->vsi); // dev ends up NULL here
dev->data->rx_mbuf_alloc_failed++; // this generates a NULL pointer
dereference/segfault


I'm not completely confident in my understanding of the PF/VF drivers so I
may be missing something; but we are seeing the segfault on those lines in
v20.05 at least. I couldn't find a related patch/commit but wanted to check
if my reasoning was correct before adding this 1 line fix.


Thanks,
Stefan Baranoff

Re: [dpdk-dev] i40evf: potential segfault

[Ferruh Yigit]

On 8/20/2021 7:18 PM, Stefan Baranoff wrote:
> Hi all!
> 
> I was chasing a potential segfault and it appears, if I'm reading this
> driver correctly, that in i40evf_init_vf() the value vf->adapter->eth_dev
> is never set like pf->adapter->eth_dev is in eth_i40e_dev_init().
> 
> I believe this is leading to a segfault when something like
> i40e_recv_scattered_pkts calls:
> dev = I40E_VSI_TO_ETH_DEV(rxq->vsi); // dev ends up NULL here
> dev->data->rx_mbuf_alloc_failed++; // this generates a NULL pointer
> dereference/segfault
> 
> 
> I'm not completely confident in my understanding of the PF/VF drivers so I
> may be missing something; but we are seeing the segfault on those lines in
> v20.05 at least. I couldn't find a related patch/commit but wanted to check
> if my reasoning was correct before adding this 1 line fix.
> 
> 
> Thanks,
> Stefan Baranoff
> 

+cc maintainers.

Re: [dpdk-dev] i40evf: potential segfault

[Xing, Beilei]

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Stefan Baranoff
> Sent: Saturday, August 21, 2021 2:18 AM
> To: dev@dpdk.org
> Subject: [dpdk-dev] i40evf: potential segfault
> 
> Hi all!
> 
> I was chasing a potential segfault and it appears, if I'm reading this driver
> correctly, that in i40evf_init_vf() the value vf->adapter->eth_dev is never set
> like pf->adapter->eth_dev is in eth_i40e_dev_init().

Good catch.
You can submit the fix according to iavf_dev_init() where adapter->eth_dev is initialized.
Thanks.

> 
> I believe this is leading to a segfault when something like
> i40e_recv_scattered_pkts calls:
> dev = I40E_VSI_TO_ETH_DEV(rxq->vsi); // dev ends up NULL here
> dev->data->rx_mbuf_alloc_failed++; // this generates a NULL pointer
> dereference/segfault
> 
> 
> I'm not completely confident in my understanding of the PF/VF drivers so I
> may be missing something; but we are seeing the segfault on those lines in
> v20.05 at least. I couldn't find a related patch/commit but wanted to check if
> my reasoning was correct before adding this 1 line fix.
> 
> 
> Thanks,
> Stefan Baranoff