From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0FFA3A0C45;
	Tue, 21 Sep 2021 19:45:25 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id C838340DF8;
	Tue, 21 Sep 2021 19:45:24 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mails.dpdk.org (Postfix) with ESMTP id B582040151
 for <dev@dpdk.org>; Tue, 21 Sep 2021 19:45:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1632246323;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Mac2ULAHXF/eYam+f0z78HEdvQyemzP9DPzU4YVYRaA=;
 b=PxOK+6dcXry/0Jefg09wB31wL3MAhsxL7L6RC17f0KDcgrkovt02JzwmfM80/ppVyDdTIE
 TVxiZ7TyO3aF/jXnSZZ1z2NxDazbfJugty2Cfn3pxqTSu/04KaNt/tTQrFbIRyS0Vp33Gb
 Fk2BoRn0KZi23eEffp4VSR/VoVBTCvg=
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
 [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-314-Fq6GZN4vNHW0r9KfDn2yrQ-1; Tue, 21 Sep 2021 13:45:19 -0400
X-MC-Unique: Fq6GZN4vNHW0r9KfDn2yrQ-1
Received: by mail-wr1-f70.google.com with SMTP id
 c15-20020a5d4ccf000000b0015dff622f39so9463045wrt.21
 for <dev@dpdk.org>; Tue, 21 Sep 2021 10:45:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent
 :content-language:to:cc:references:from:subject:in-reply-to
 :content-transfer-encoding;
 bh=Mac2ULAHXF/eYam+f0z78HEdvQyemzP9DPzU4YVYRaA=;
 b=AtVV6XuEABlwUeBUMoutdnUNzZF8SlHWeMN/nLSHmPe/ZGVMv2VXuhlGdTIvXPFnYd
 WgcdHgKfMToBEhl2fqikrCcn9vcyUXHTbktGgvZE/4cgnHLJJuGAHCdAmNtWjDwOkAME
 t1o499h96kK1EyFQ5A180DndlI4I02RD/WXhC2PgTDIyWjENQ3AioWlu72C4lOZF/gn+
 ysP3GZgv05GN41eJYpwsG4m3cmYcf3RGRnHJuwU61ADwMzoR/kJj6/oP1g4eu/RGvwPV
 ioxqzXgFAYrOHDEOBeFAiUX098kz8VgGFQKHJm7IkfvpTATWhYK6/C5CzeU/thxROQ+M
 3JXg==
X-Gm-Message-State: AOAM531X+WnHohgkEl/upd5UqmlTXvhZMdBtFnd2ToogwTxO/JA/eweo
 1Gk4+UsZpyHPIOqBYrtgTb+e0+aCyO/JJqVyKEDbQH3PnbceO1quxmeA26BwknN+/53HHIGdZa5
 d6h4=
X-Received: by 2002:a5d:4950:: with SMTP id r16mr37107793wrs.265.1632246317843; 
 Tue, 21 Sep 2021 10:45:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzbtcYZ06/KBa0Y0CGVQb1wiinbRkgdR7rLXpmFVFFjsGnGhBstQGGaoZlj4vODdk4sxdS/Aw==
X-Received: by 2002:a5d:4950:: with SMTP id r16mr37107775wrs.265.1632246317703; 
 Tue, 21 Sep 2021 10:45:17 -0700 (PDT)
Received: from [192.168.0.36] ([78.18.26.217])
 by smtp.gmail.com with ESMTPSA id l124sm3633962wml.8.2021.09.21.10.45.16
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 21 Sep 2021 10:45:17 -0700 (PDT)
Message-ID: <f9f2dd79-c3a3-8eec-f7c1-5a20caa78fe8@redhat.com>
Date: Tue, 21 Sep 2021 18:45:16 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.1.0
To: David Marchand <david.marchand@redhat.com>,
 Zhihong Peng <zhihongx.peng@intel.com>
Cc: "Xia, Chenbo" <chenbo.xia@intel.com>,
 Maxime Coquelin <maxime.coquelin@redhat.com>, dev <dev@dpdk.org>,
 Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>, dpdk stable <stable@dpdk.org>,
 Christian Ehrhardt <christian.ehrhardt@canonical.com>,
 "Xueming(Steven) Li" <xuemingl@nvidia.com>, Luca Boccassi <bluca@debian.org>
References: <20210804083128.64981-1-zhihongx.peng@intel.com>
 <CAJFAV8yjvEvk-YQgwBb=ZAWCrn_P2NDzcugC2W-O+7JzoyDM0Q@mail.gmail.com>
From: Kevin Traynor <ktraynor@redhat.com>
In-Reply-To: <CAJFAV8yjvEvk-YQgwBb=ZAWCrn_P2NDzcugC2W-O+7JzoyDM0Q@mail.gmail.com>
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [dpdk-stable] [DPDK] net/virtio: fix check scatter
 on all Rx queues
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 15/09/2021 19:37, David Marchand wrote:
> On Wed, Aug 4, 2021 at 10:36 AM <zhihongx.peng@intel.com> wrote:
>>
>> From: Zhihong Peng <zhihongx.peng@intel.com>
>>
>> This patch fixes the wrong way to obtain virtqueue.
>> The end of virtqueue cannot be judged based on whether
>> the array is NULL.
> 
> Indeed, good catch.
> 
> I can reproduce a crash with v20.11.3 which has backport of 4e8169eb0d2d.
> I can not see it with main: maybe due to a lucky allocation or size
> requested to rte_zmalloc... ?
> 
> The usecase is simple, I am surprised no validation caught it.
> 
> # gdb ./build/app/dpdk-testpmd -ex 'run --vdev
> net_virtio_user0,path=/dev/vhost-net,iface=titi,queues=3 -a 0:0:0.0 --
> -i'
> 
> ...
> 
> Thread 1 "dpdk-testpmd" received signal SIGSEGV, Segmentation fault.
> virtio_rx_mem_pool_buf_size (mp=0x110429983) at
> ../drivers/net/virtio/virtio_ethdev.c:873
> 873        return rte_pktmbuf_data_room_size(mp) - RTE_PKTMBUF_HEADROOM;
> Missing separate debuginfos, use: yum debuginfo-install
> elfutils-libelf-0.182-3.el8.x86_64 libbpf-0.2.0-1.el8.x86_64
> (gdb) bt
> #0  virtio_rx_mem_pool_buf_size (mp=0x110429983) at
> ../drivers/net/virtio/virtio_ethdev.c:873
> #1  0x0000000000e370d1 in virtio_check_scatter_on_all_rx_queues
> (frame_size=1530, dev=0x1799a40 <rte_eth_devices>) at
> ../drivers/net/virtio/virtio_ethdev.c:907
> #2  virtio_mtu_set (dev=0x1799a40 <rte_eth_devices>, mtu=<optimized
> out>) at ../drivers/net/virtio/virtio_ethdev.c:938
> #3  0x00000000008c30e5 in rte_eth_dev_set_mtu
> (port_id=port_id@entry=0, mtu=<optimized out>) at
> ../lib/librte_ethdev/rte_ethdev.c:3484
> #4  0x00000000006a61d8 in update_jumbo_frame_offload
> (portid=portid@entry=0) at ../app/test-pmd/testpmd.c:3371
> #5  0x00000000006a62bc in init_config_port_offloads (pid=0,
> socket_id=0) at ../app/test-pmd/testpmd.c:1416
> #6  0x000000000061770c in init_config () at ../app/test-pmd/testpmd.c:1505
> #7  main (argc=<optimized out>, argv=<optimized out>) at
> ../app/test-pmd/testpmd.c:3800
> (gdb) f 1
> #1  0x0000000000e370d1 in virtio_check_scatter_on_all_rx_queues
> (frame_size=1530, dev=0x1799a40 <rte_eth_devices>) at
> ../drivers/net/virtio/virtio_ethdev.c:907
> 907            buf_size = virtio_rx_mem_pool_buf_size(rxvq->mpool);
> (gdb) p hw->max_queue_pairs
> $1 = 3
> (gdb) p qidx
> $2 = 5
> (gdb) p hw->vqs[0]
> $3 = (struct virtqueue *) 0x17ffb03c0
> (gdb) p hw->vqs[2]
> $4 = (struct virtqueue *) 0x17ff9dcc0
> (gdb) p hw->vqs[4]
> $5 = (struct virtqueue *) 0x17ff8acc0
> (gdb) p hw->vqs[6]
> $6 = (struct virtqueue *) 0x17ff77cc0
> (gdb) p hw->vqs[7]
> $7 = (struct virtqueue *) 0x0
> (gdb) p hw->vqs[8]
> $8 = (struct virtqueue *) 0x100004ac0
> (gdb) p hw->vqs[9]
> $9 = (struct virtqueue *) 0x17ffb1600
> (gdb) p hw->vqs[10]
> $10 = (struct virtqueue *) 0x17ffb18c0
> 
> 
> 

For reference, also observed when 20.11.3 is paired with OVS

https://mail.openvswitch.org/pipermail/ovs-dev/2021-September/387940.html