From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 9D2992B85 for ; Fri, 10 Jun 2016 11:22:51 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP; 10 Jun 2016 02:22:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,449,1459839600"; d="scan'208";a="972872994" Received: from bricha3-mobl3.ger.corp.intel.com ([10.237.220.74]) by orsmga001.jf.intel.com with SMTP; 10 Jun 2016 02:22:37 -0700 Received: by (sSMTP sendmail emulation); Fri, 10 Jun 2016 10:22:36 +0025 Date: Fri, 10 Jun 2016 10:22:36 +0100 From: Bruce Richardson To: John Daley Cc: dev@dpdk.org Message-ID: <20160610092236.GA11860@bricha3-MOBL3> References: <20160609160808.GJ12520@bricha3-MOBL3> <1465498569-5857-1-git-send-email-johndale@cisco.com> <1465498569-5857-2-git-send-email-johndale@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1465498569-5857-2-git-send-email-johndale@cisco.com> Organization: Intel Research and =?iso-8859-1?Q?De=ACvel?= =?iso-8859-1?Q?opment?= Ireland Ltd. User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [dpdk-dev] [PATCH v3 1/2] enic: fix seg fault when releasing queues X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 09:22:52 -0000 On Thu, Jun 09, 2016 at 11:56:08AM -0700, John Daley wrote: > If device configuration failed due to a lack of resources, such as > if more queues are requested than are available, the queue release > function is called with NULL pointers which were being dereferenced. > > Skip releasing queues if they are NULL pointers. > > Fixes: fefed3d1e62c ("enic: new driver") > Signed-off-by: John Daley > --- > > v3: bail out of free rq function if rq is null instead of if > around != NULL. > > drivers/net/enic/enic_main.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c > index 996f999..5939b9d 100644 > --- a/drivers/net/enic/enic_main.c > +++ b/drivers/net/enic/enic_main.c > @@ -429,6 +429,9 @@ void enic_free_rq(void *rxq) > struct vnic_rq *rq = (struct vnic_rq *)rxq; > struct enic *enic = vnic_dev_priv(rq->vdev); This doesn't look safe to me. You are referencing the pointer before checking it for NULL. > > + if (rxq == NULL) > + return; > + /Bruce > enic_rxmbuf_queue_release(enic, rq); > rte_free(rq->mbuf_ring); > rq->mbuf_ring = NULL; > -- > 2.7.0 >