* [DPDK/ethdev Bug 1403] PMD: IDPF segfaults during init on GCP baremetal
@ 2024-03-14 20:41 bugzilla
0 siblings, 0 replies; only message in thread
From: bugzilla @ 2024-03-14 20:41 UTC (permalink / raw)
To: dev
[-- Attachment #1: Type: text/plain, Size: 3797 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1403
Bug ID: 1403
Summary: PMD: IDPF segfaults during init on GCP baremetal
Product: DPDK
Version: unspecified
Hardware: All
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: jordanrhee@google.com
Target Milestone: ---
The DPDK IDPF driver (as of 23.11) segfaults during initialization while
handling response to `VIRTCHNL2_OP_SET_RSS_HASH` message.
Segfault is due to load from invalid address contained in
`ctlq_msg.ctx.indirect.payload`.
```
idpf_handle_virtchnl_msg()
...
rte_memcpy(adapter->mbx_resp, ctlq_msg.ctx.indirect.payload->va,
IDPF_DFLT_MBX_BUF_SIZE);
```
`payload` only contains a valid address if the message is an 'indirect'
message. It is not valid if it is a 'direct' message. If `ctlq_msg.data_len` is
0, then it is a direct message and the caller should not access
`ctlq_msg.ctx.indirect`. `VIRTCHNL2_OP_SET_RSS_HASH` has a zero-length
response.
The following patch enables the DPDK IDPF driver to load and run successfully:
```
diff --git a/drivers/net/idpf/idpf_ethdev.c b/drivers/net/idpf/idpf_ethdev.c
index 6ae2ac2681..c273e9ba38 100644
--- a/drivers/net/idpf/idpf_ethdev.c
+++ b/drivers/net/idpf/idpf_ethdev.c
@@ -1087,8 +1087,10 @@ idpf_handle_virtchnl_msg(struct idpf_adapter_ext
*adapter_ex)
return;
}
- rte_memcpy(adapter->mbx_resp,
ctlq_msg.ctx.indirect.payload->va,
+ if (ctlq_msg.data_len) {
+ rte_memcpy(adapter->mbx_resp,
ctlq_msg.ctx.indirect.payload->va,
IDPF_DFLT_MBX_BUF_SIZE);
+ }
mbx_op = rte_le_to_cpu_16(ctlq_msg.opcode);
vc_op = rte_le_to_cpu_32(ctlq_msg.cookie.mbx.chnl_opcode);
```
Stack:
```
#0 0x000000000108fc61 in idpf_handle_virtchnl_msg (adapter_ex=0x1003d7b40) at
../drivers/net/idpf/idpf_ethdev.c:1090
#1 0x00000000010912e3 in idpf_dev_alarm_handler (param=0x1003d7b40) at
../drivers/net/idpf/idpf_ethdev.c:1145
#2 0x000000000211e8fc in eal_alarm_callback (arg=0x0) at
../lib/eal/linux/eal_alarm.c:105
#3 0x0000000002123c3d in eal_intr_process_interrupts (events=0x7f4a69a052e0,
nfds=1) at ../lib/eal/linux/eal_interrupts.c:1017
#4 0x0000000002123f1c in eal_intr_handle_interrupts (pfd=6, totalfds=3) at
../lib/eal/linux/eal_interrupts.c:1091
#5 0x00000000021240ee in eal_intr_thread_main (arg=0x0) at
../lib/eal/linux/eal_interrupts.c:1163
#6 0x0000000002103bc4 in control_thread_start (arg=0x90c4f00) at
../lib/eal/common/eal_common_thread.c:282
#7 0x000000000211b7a0 in thread_start_wrapper (arg=0x7fff25a9c5a0) at
../lib/eal/unix/rte_thread.c:112
#8 0x00007f4a69fe96ea in start_thread () from /lib64/libpthread.so.0
#9 0x00007f4a69b2150f in clone () from /lib64/libc.so.6
(gdb) print ctlq_msg
$7 = {
vmvf_type = 2 '\002',
host_id = 117 'u',
opcode = 2051,
data_len = 0, <--- direct message
{
func_id = 26624,
status = 26624
},
cookie = {
mbx = {
chnl_opcode = 518, <--- VIRTCHNL2_OP_SET_RSS_HASH
chnl_retval = 0
}
},
ctx = {
direct = "\000\000\000\000\000\000\000\000x\357\336\277\374\026\000",
indirect = {
context = "\000\000\000\000\000\000\000",
payload = 0x16fcbfdeef78 <---- Invalid address
},
sw_cookie = {
rsvd = 0,
data = 0,
flags = 0
}
}
}
```
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 5736 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-14 20:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-14 20:41 [DPDK/ethdev Bug 1403] PMD: IDPF segfaults during init on GCP baremetal bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).