DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] fix for 2 consecutive rte_eth_dev_start() can cause a SIGSEGV
@ 2014-05-23 11:08 Konstantin Ananyev
  2014-05-26 16:41 ` Thomas Monjalon
  0 siblings, 1 reply; 3+ messages in thread
From: Konstantin Ananyev @ 2014-05-23 11:08 UTC (permalink / raw)
  To: dev, dev

1)If igb_alloc_rx_queue_mbufs() would fail to allocate an mbuf for RX queue,
it calls igb_rx_queue_release(rxq).
That causes rxq to be silently freed, without updating  dev->data->rx_queues[].
So any firther reference to it will trigger the SIGSEGV.
Same thing in em PMD too.
To fix: igb_alloc_rx_queue_mbufs() should just return an error to the caller
and let upper layer to deal with the probem.
That's what ixgbe PMD doing right now. 
2)In tx_queue_setup (for all 3 PMDs: ixgbe, igb, em) we call
tx_queue_release(dev->data->tx_queues[queue_idx])
without setting dev->data->tx_queues[queue_idx] = NULL
afterwards.
3)Prevent rte_eth_dev_start/stop to call underneath dev_start/dev_stop
for already started/stopped device.
4) fix compiler warning on PMD_DEBUG_TRACE() formats.


Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ether/rte_ethdev.c     |   29 ++++++++++++++++++++++++-----
 lib/librte_pmd_e1000/em_rxtx.c    |    1 -
 lib/librte_pmd_e1000/igb_rxtx.c   |    5 +++--
 lib/librte_pmd_ixgbe/ixgbe_rxtx.c |    8 ++++++--
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
index 0ddedfb..c052283 100644
--- a/lib/librte_ether/rte_ethdev.c
+++ b/lib/librte_ether/rte_ethdev.c
@@ -448,7 +448,8 @@ rte_eth_dev_check_mq_mode(uint8_t port_id, uint16_t nb_rx_q, uint16_t nb_tx_q,
 		    (dev_conf->rxmode.mq_mode == ETH_MQ_RX_DCB_RSS) ||
 		    (dev_conf->txmode.mq_mode == ETH_MQ_TX_DCB)) {
 			/* SRIOV only works in VMDq enable mode */
-			PMD_DEBUG_TRACE("ethdev port_id=%hhu SRIOV active, "
+			PMD_DEBUG_TRACE("ethdev port_id=%" PRIu8
+					" SRIOV active, "
 					"wrong VMDQ mq_mode rx %u tx %u\n", 
 					port_id,
 					dev_conf->rxmode.mq_mode,
@@ -461,7 +462,8 @@ rte_eth_dev_check_mq_mode(uint8_t port_id, uint16_t nb_rx_q, uint16_t nb_tx_q,
 		case ETH_MQ_RX_VMDQ_DCB:
 		case ETH_MQ_RX_VMDQ_DCB_RSS:
 			/* DCB/RSS VMDQ in SRIOV mode, not implement yet */
-			PMD_DEBUG_TRACE("ethdev port_id=%hhu SRIOV active, "
+			PMD_DEBUG_TRACE("ethdev port_id=%" PRIu8
+					" SRIOV active, "
 					"unsupported VMDQ mq_mode rx %u\n", 
 					port_id, dev_conf->rxmode.mq_mode);
 			return (-EINVAL);
@@ -476,7 +478,8 @@ rte_eth_dev_check_mq_mode(uint8_t port_id, uint16_t nb_rx_q, uint16_t nb_tx_q,
 		switch (dev_conf->txmode.mq_mode) {
 		case ETH_MQ_TX_VMDQ_DCB:
 			/* DCB VMDQ in SRIOV mode, not implement yet */
-			PMD_DEBUG_TRACE("ethdev port_id=%hhu SRIOV active, "
+			PMD_DEBUG_TRACE("ethdev port_id=%" PRIu8
+					" SRIOV active, "
 					"unsupported VMDQ mq_mode tx %u\n", 
 					port_id, dev_conf->txmode.mq_mode);
 			return (-EINVAL);
@@ -759,12 +762,20 @@ rte_eth_dev_start(uint8_t port_id)
 	PROC_PRIMARY_OR_ERR_RET(-E_RTE_SECONDARY);
 
 	if (port_id >= nb_ports) {
-		PMD_DEBUG_TRACE("Invalid port_id=%d\n", port_id);
+		PMD_DEBUG_TRACE("Invalid port_id=%" PRIu8 "\n", port_id);
 		return (-EINVAL);
 	}
 	dev = &rte_eth_devices[port_id];
 
 	FUNC_PTR_OR_ERR_RET(*dev->dev_ops->dev_start, -ENOTSUP);
+
+	if (dev->data->dev_started != 0) {
+		PMD_DEBUG_TRACE("Device with port_id=%" PRIu8
+			" already started\n",
+			port_id);
+		return (0);
+	}
+
 	diag = (*dev->dev_ops->dev_start)(dev);
 	if (diag == 0)
 		dev->data->dev_started = 1;
@@ -786,12 +797,20 @@ rte_eth_dev_stop(uint8_t port_id)
 	PROC_PRIMARY_OR_RET();
 
 	if (port_id >= nb_ports) {
-		PMD_DEBUG_TRACE("Invalid port_id=%d\n", port_id);
+		PMD_DEBUG_TRACE("Invalid port_id=%" PRIu8 "\n", port_id);
 		return;
 	}
 	dev = &rte_eth_devices[port_id];
 
 	FUNC_PTR_OR_RET(*dev->dev_ops->dev_stop);
+
+	if (dev->data->dev_started == 0) {
+		PMD_DEBUG_TRACE("Device with port_id=%" PRIu8
+			" already stopped\n",
+			port_id);
+		return;
+	}
+
 	dev->data->dev_started = 0;
 	(*dev->dev_ops->dev_stop)(dev);
 }
diff --git a/lib/librte_pmd_e1000/em_rxtx.c b/lib/librte_pmd_e1000/em_rxtx.c
index 4f98a3f..5ed4def 100644
--- a/lib/librte_pmd_e1000/em_rxtx.c
+++ b/lib/librte_pmd_e1000/em_rxtx.c
@@ -1580,7 +1580,6 @@ em_alloc_rx_queue_mbufs(struct em_rx_queue *rxq)
 		if (mbuf == NULL) {
 			PMD_INIT_LOG(ERR, "RX mbuf alloc failed "
 				"queue_id=%hu\n", rxq->queue_id);
-			em_rx_queue_release(rxq);
 			return (-ENOMEM);
 		}
 
diff --git a/lib/librte_pmd_e1000/igb_rxtx.c b/lib/librte_pmd_e1000/igb_rxtx.c
index 4608595..877513e 100644
--- a/lib/librte_pmd_e1000/igb_rxtx.c
+++ b/lib/librte_pmd_e1000/igb_rxtx.c
@@ -1212,8 +1212,10 @@ eth_igb_tx_queue_setup(struct rte_eth_dev *dev,
 			"the TX WTHRESH value to 4, 8, or 16.\n");
 
 	/* Free memory prior to re-allocation if needed */
-	if (dev->data->tx_queues[queue_idx] != NULL)
+	if (dev->data->tx_queues[queue_idx] != NULL) {
 		igb_tx_queue_release(dev->data->tx_queues[queue_idx]);
+		dev->data->tx_queues[queue_idx] = NULL;
+	}
 
 	/* First allocate the tx queue data structure */
 	txq = rte_zmalloc("ethdev TX queue", sizeof(struct igb_tx_queue),
@@ -1721,7 +1723,6 @@ igb_alloc_rx_queue_mbufs(struct igb_rx_queue *rxq)
 		if (mbuf == NULL) {
 			PMD_INIT_LOG(ERR, "RX mbuf alloc failed "
 				"queue_id=%hu\n", rxq->queue_id);
-			igb_rx_queue_release(rxq);
 			return (-ENOMEM);
 		}
 		dma_addr =
diff --git a/lib/librte_pmd_ixgbe/ixgbe_rxtx.c b/lib/librte_pmd_ixgbe/ixgbe_rxtx.c
index c3bdffd..83cfbd1 100644
--- a/lib/librte_pmd_ixgbe/ixgbe_rxtx.c
+++ b/lib/librte_pmd_ixgbe/ixgbe_rxtx.c
@@ -1802,8 +1802,10 @@ ixgbe_dev_tx_queue_setup(struct rte_eth_dev *dev,
 	}
 
 	/* Free memory prior to re-allocation if needed... */
-	if (dev->data->tx_queues[queue_idx] != NULL)
+	if (dev->data->tx_queues[queue_idx] != NULL) {
 		ixgbe_tx_queue_release(dev->data->tx_queues[queue_idx]);
+		dev->data->tx_queues[queue_idx] = NULL;
+	}
 
 	/* First allocate the tx queue data structure */
 	txq = rte_zmalloc_socket("ethdev TX queue", sizeof(struct igb_tx_queue),
@@ -2061,8 +2063,10 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
 	}
 
 	/* Free memory prior to re-allocation if needed... */
-	if (dev->data->rx_queues[queue_idx] != NULL)
+	if (dev->data->rx_queues[queue_idx] != NULL) {
 		ixgbe_rx_queue_release(dev->data->rx_queues[queue_idx]);
+		dev->data->rx_queues[queue_idx] = NULL;
+	}
 
 	/* First allocate the rx queue data structure */
 	rxq = rte_zmalloc_socket("ethdev RX queue", sizeof(struct igb_rx_queue),
-- 
1.7.7.6

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] fix for 2 consecutive rte_eth_dev_start() can cause a SIGSEGV
  2014-05-23 11:08 [dpdk-dev] [PATCH] fix for 2 consecutive rte_eth_dev_start() can cause a SIGSEGV Konstantin Ananyev
@ 2014-05-26 16:41 ` Thomas Monjalon
  2014-05-28  9:28   ` Ananyev, Konstantin
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Monjalon @ 2014-05-26 16:41 UTC (permalink / raw)
  To: Konstantin Ananyev; +Cc: dev

2014-05-23 12:08, Konstantin Ananyev:
> 1)If igb_alloc_rx_queue_mbufs() would fail to allocate an mbuf for RX queue,
> it calls igb_rx_queue_release(rxq).
> That causes rxq to be silently freed, without updating 
> dev->data->rx_queues[]. So any firther reference to it will trigger the
> SIGSEGV.
> Same thing in em PMD too.
> To fix: igb_alloc_rx_queue_mbufs() should just return an error to the caller
> and let upper layer to deal with the probem.
> That's what ixgbe PMD doing right now.
> 2)In tx_queue_setup (for all 3 PMDs: ixgbe, igb, em) we call
> tx_queue_release(dev->data->tx_queues[queue_idx])
> without setting dev->data->tx_queues[queue_idx] = NULL
> afterwards.
> 3)Prevent rte_eth_dev_start/stop to call underneath dev_start/dev_stop
> for already started/stopped device.
> 4) fix compiler warning on PMD_DEBUG_TRACE() formats.

Please, only 1 fix per patch.
This way, we'll hopefully have a nice title for each fix.
It's simpler for changelog.

Thanks
-- 
Thomas

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] fix for 2 consecutive rte_eth_dev_start() can cause a SIGSEGV
  2014-05-26 16:41 ` Thomas Monjalon
@ 2014-05-28  9:28   ` Ananyev, Konstantin
  0 siblings, 0 replies; 3+ messages in thread
From: Ananyev, Konstantin @ 2014-05-28  9:28 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: dev

Hi Thomas,

>> 1)If igb_alloc_rx_queue_mbufs() would fail to allocate an mbuf for RX queue,
>> it calls igb_rx_queue_release(rxq).
>> That causes rxq to be silently freed, without updating 
>> dev->data->rx_queues[]. So any firther reference to it will trigger the
>> SIGSEGV.
>> Same thing in em PMD too.
>> To fix: igb_alloc_rx_queue_mbufs() should just return an error to the caller
>> and let upper layer to deal with the probem.
>> That's what ixgbe PMD doing right now.
>> 2)In tx_queue_setup (for all 3 PMDs: ixgbe, igb, em) we call
>> tx_queue_release(dev->data->tx_queues[queue_idx])
>> without setting dev->data->tx_queues[queue_idx] = NULL
>> afterwards.
>> 3)Prevent rte_eth_dev_start/stop to call underneath dev_start/dev_stop
>> for already started/stopped device.
>> 4) fix compiler warning on PMD_DEBUG_TRACE() formats.

>Please, only 1 fix per patch.
>This way, we'll hopefully have a nice title for each fix.
>It's simpler for changelog.

It is all fix for the same problem (except #4 of course).
I just put 1,2,3 to make it clear from what sub-parts fix consists.

Konstantin 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-05-28  9:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-23 11:08 [dpdk-dev] [PATCH] fix for 2 consecutive rte_eth_dev_start() can cause a SIGSEGV Konstantin Ananyev
2014-05-26 16:41 ` Thomas Monjalon
2014-05-28  9:28   ` Ananyev, Konstantin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).