Re: [dpdk-dev] [dpdk-stable] [DPDK] net/virtio: fix check scatter on all Rx queues

DPDK patches and discussions
 help / color / mirror / Atom feed

From: David Marchand <david.marchand@redhat.com>
To: Zhihong Peng <zhihongx.peng@intel.com>
Cc: "Xia, Chenbo" <chenbo.xia@intel.com>,
	Maxime Coquelin <maxime.coquelin@redhat.com>, dev <dev@dpdk.org>,
	 Ivan Ilchenko <ivan.ilchenko@oktetlabs.ru>,
	dpdk stable <stable@dpdk.org>,
	 Christian Ehrhardt <christian.ehrhardt@canonical.com>,
	 "Xueming(Steven) Li" <xuemingl@nvidia.com>,
	Luca Boccassi <bluca@debian.org>,
	 Kevin Traynor <ktraynor@redhat.com>
Subject: Re: [dpdk-dev] [dpdk-stable] [DPDK] net/virtio: fix check scatter on all Rx queues
Date: Wed, 15 Sep 2021 20:37:40 +0200	[thread overview]
Message-ID: <CAJFAV8yjvEvk-YQgwBb=ZAWCrn_P2NDzcugC2W-O+7JzoyDM0Q@mail.gmail.com> (raw)
In-Reply-To: <20210804083128.64981-1-zhihongx.peng@intel.com>

On Wed, Aug 4, 2021 at 10:36 AM <zhihongx.peng@intel.com> wrote:
>
> From: Zhihong Peng <zhihongx.peng@intel.com>
>
> This patch fixes the wrong way to obtain virtqueue.
> The end of virtqueue cannot be judged based on whether
> the array is NULL.

Indeed, good catch.

I can reproduce a crash with v20.11.3 which has backport of 4e8169eb0d2d.
I can not see it with main: maybe due to a lucky allocation or size
requested to rte_zmalloc... ?

The usecase is simple, I am surprised no validation caught it.

# gdb ./build/app/dpdk-testpmd -ex 'run --vdev
net_virtio_user0,path=/dev/vhost-net,iface=titi,queues=3 -a 0:0:0.0 --
-i'

...

Thread 1 "dpdk-testpmd" received signal SIGSEGV, Segmentation fault.
virtio_rx_mem_pool_buf_size (mp=0x110429983) at
../drivers/net/virtio/virtio_ethdev.c:873
873        return rte_pktmbuf_data_room_size(mp) - RTE_PKTMBUF_HEADROOM;
Missing separate debuginfos, use: yum debuginfo-install
elfutils-libelf-0.182-3.el8.x86_64 libbpf-0.2.0-1.el8.x86_64
(gdb) bt
#0  virtio_rx_mem_pool_buf_size (mp=0x110429983) at
../drivers/net/virtio/virtio_ethdev.c:873
#1  0x0000000000e370d1 in virtio_check_scatter_on_all_rx_queues
(frame_size=1530, dev=0x1799a40 <rte_eth_devices>) at
../drivers/net/virtio/virtio_ethdev.c:907
#2  virtio_mtu_set (dev=0x1799a40 <rte_eth_devices>, mtu=<optimized
out>) at ../drivers/net/virtio/virtio_ethdev.c:938
#3  0x00000000008c30e5 in rte_eth_dev_set_mtu
(port_id=port_id@entry=0, mtu=<optimized out>) at
../lib/librte_ethdev/rte_ethdev.c:3484
#4  0x00000000006a61d8 in update_jumbo_frame_offload
(portid=portid@entry=0) at ../app/test-pmd/testpmd.c:3371
#5  0x00000000006a62bc in init_config_port_offloads (pid=0,
socket_id=0) at ../app/test-pmd/testpmd.c:1416
#6  0x000000000061770c in init_config () at ../app/test-pmd/testpmd.c:1505
#7  main (argc=<optimized out>, argv=<optimized out>) at
../app/test-pmd/testpmd.c:3800
(gdb) f 1
#1  0x0000000000e370d1 in virtio_check_scatter_on_all_rx_queues
(frame_size=1530, dev=0x1799a40 <rte_eth_devices>) at
../drivers/net/virtio/virtio_ethdev.c:907
907            buf_size = virtio_rx_mem_pool_buf_size(rxvq->mpool);
(gdb) p hw->max_queue_pairs
$1 = 3
(gdb) p qidx
$2 = 5
(gdb) p hw->vqs[0]
$3 = (struct virtqueue *) 0x17ffb03c0
(gdb) p hw->vqs[2]
$4 = (struct virtqueue *) 0x17ff9dcc0
(gdb) p hw->vqs[4]
$5 = (struct virtqueue *) 0x17ff8acc0
(gdb) p hw->vqs[6]
$6 = (struct virtqueue *) 0x17ff77cc0
(gdb) p hw->vqs[7]
$7 = (struct virtqueue *) 0x0
(gdb) p hw->vqs[8]
$8 = (struct virtqueue *) 0x100004ac0
(gdb) p hw->vqs[9]
$9 = (struct virtqueue *) 0x17ffb1600
(gdb) p hw->vqs[10]
$10 = (struct virtqueue *) 0x17ffb18c0



-- 
David Marchand

next prev parent reply	other threads:[~2021-09-15 18:37 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-04  8:31 [dpdk-dev] " zhihongx.peng
2021-09-13 15:34 ` Maxime Coquelin
2021-09-15 18:37 ` David Marchand [this message]
2021-09-21 17:45   ` [dpdk-dev] [dpdk-stable] " Kevin Traynor
2021-09-22  8:13     ` Peng, ZhihongX
2021-09-30 18:43       ` David Marchand
2021-10-08  5:49 ` [dpdk-dev] [PATCH v2] " zhihongx.peng
2021-10-11  2:22   ` Peng, ZhihongX
2021-10-11  2:25   ` Peng, ZhihongX
2021-10-12  7:44   ` Maxime Coquelin
2021-10-21 12:26   ` Maxime Coquelin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJFAV8yjvEvk-YQgwBb=ZAWCrn_P2NDzcugC2W-O+7JzoyDM0Q@mail.gmail.com' \
    --to=david.marchand@redhat.com \
    --cc=bluca@debian.org \
    --cc=chenbo.xia@intel.com \
    --cc=christian.ehrhardt@canonical.com \
    --cc=dev@dpdk.org \
    --cc=ivan.ilchenko@oktetlabs.ru \
    --cc=ktraynor@redhat.com \
    --cc=maxime.coquelin@redhat.com \
    --cc=stable@dpdk.org \
    --cc=xuemingl@nvidia.com \
    --cc=zhihongx.peng@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).