| Bug ID | 1199 |
|---|---|
| Summary | mlx5: segmentation fault with rte_flow_configure function |
| Product | DPDK |
| Version | 23.03 |
| Hardware | All |
| OS | All |
| Status | UNCONFIRMED |
| Severity | major |
| Priority | Normal |
| Component | ethdev |
| Assignee | dev@dpdk.org |
| Reporter | ccm@ccm.ink |
| Target Milestone | --- |
I encountered a segmentation fault when attempting to configure queues for the asynchronous version of rte_flow using the DPDK rte_flow_configure function and assigning varying sizes to each queue. Just like this: const struct rte_flow_queue_attr *queue_attr[2]; struct rte_flow_queue_attr setup_queue_attr = {.size = 32}; struct rte_flow_queue_attr normal_queue_attr = {.size = 100}; queue_attr[0] = &setup_queue_attr; queue_attr[1] = &normal_queue_attr; rte_flow_configure(port_id, &port_attr, 2, queue_attr, &err); Upon reviewing the source code, I discovered that an attempt was made to free an unallocated memory, which could potentially result in a segmentation fault(line 7470). [mlx5_flow_hw.c] 7226 if (_queue_attr[i]->size != _queue_attr[0]->size) { rte_errno = EINVAL; goto err; 7229 } ... 7239 priv->hw_q = mlx5_malloc(MLX5_MEM_ZERO, mem_size, 7240 64, SOCKET_ID_ANY); ... 7444 err: ... 7469 for (i = 0; i < nb_q_updated; i++) { 7470 rte_ring_free(priv->hw_q[i].indir_iq); rte_ring_free(priv->hw_q[i].indir_cq); } 7473 mlx5_free(priv->hw_q);