* [PATCH dpdk] net/tap: fix interrupt callback crash after failed start
@ 2025-10-17 12:19 Robin Jarry
2025-10-17 23:38 ` Stephen Hemminger
0 siblings, 1 reply; 2+ messages in thread
From: Robin Jarry @ 2025-10-17 12:19 UTC (permalink / raw)
To: dev, Stephen Hemminger, Keith Wiles, Pascal Mazon; +Cc: stable
After moving a tap linux net device to a different namespace,
tap_link_set_up fails with an -ENODEV error. Indeed it relies on an
ioctl call using the interface name as argument:
/* with ifr->ifrn_name = "dtapX" */
ioctl(pmd->ioctl_sock, SIOCGIFFLAGS, ifr)
This causes rte_eth_dev_stop() to do nothing since the device is not
seen as started. And then, when removing the device, the interrupt
callbacks are left there.
If they are invoked, they will be so with a "freed" device pointer:
Thread 2 "dpdk-intr" hit Breakpoint 1, tap_dev_intr_handler
at ../drivers/net/tap/rte_eth_tap.c:1689
1689 struct pmd_internals *pmd = dev->data->dev_private;
(gdb) p *dev
$2 = {
...
data = 0x0,
...
state = RTE_ETH_DEV_UNUSED,
security_ctx = 0x0
}
This causes a crash when dereferencing the data pointer.
When tap_link_set_up fails, ensure to unregister the interrupt callbacks
that were just reinstalled.
Cc: stable@dpdk.org
Fixes: c0bddd3a057f ("net/tap: add link status notification")
Signed-off-by: Robin Jarry <rjarry@redhat.com>
---
drivers/net/tap/rte_eth_tap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index 650ddbd70623..58d70f7dd60f 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -889,8 +889,10 @@ tap_dev_start(struct rte_eth_dev *dev)
return err;
err = tap_link_set_up(dev);
- if (err)
+ if (err) {
+ tap_intr_handle_set(dev, 0);
return err;
+ }
for (i = 0; i < dev->data->nb_tx_queues; i++)
dev->data->tx_queue_state[i] = RTE_ETH_QUEUE_STATE_STARTED;
--
2.51.0
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH dpdk] net/tap: fix interrupt callback crash after failed start
2025-10-17 12:19 [PATCH dpdk] net/tap: fix interrupt callback crash after failed start Robin Jarry
@ 2025-10-17 23:38 ` Stephen Hemminger
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Hemminger @ 2025-10-17 23:38 UTC (permalink / raw)
To: Robin Jarry; +Cc: dev, Keith Wiles, Pascal Mazon, stable
On Fri, 17 Oct 2025 14:19:47 +0200
Robin Jarry <rjarry@redhat.com> wrote:
> After moving a tap linux net device to a different namespace,
> tap_link_set_up fails with an -ENODEV error. Indeed it relies on an
> ioctl call using the interface name as argument:
>
> /* with ifr->ifrn_name = "dtapX" */
> ioctl(pmd->ioctl_sock, SIOCGIFFLAGS, ifr)
>
> This causes rte_eth_dev_stop() to do nothing since the device is not
> seen as started. And then, when removing the device, the interrupt
> callbacks are left there.
>
> If they are invoked, they will be so with a "freed" device pointer:
>
> Thread 2 "dpdk-intr" hit Breakpoint 1, tap_dev_intr_handler
> at ../drivers/net/tap/rte_eth_tap.c:1689
> 1689 struct pmd_internals *pmd = dev->data->dev_private;
> (gdb) p *dev
> $2 = {
> ...
> data = 0x0,
> ...
> state = RTE_ETH_DEV_UNUSED,
> security_ctx = 0x0
> }
>
> This causes a crash when dereferencing the data pointer.
>
> When tap_link_set_up fails, ensure to unregister the interrupt callbacks
> that were just reinstalled.
>
> Cc: stable@dpdk.org
> Fixes: c0bddd3a057f ("net/tap: add link status notification")
>
> Signed-off-by: Robin Jarry <rjarry@redhat.com>
Queued to next-net
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-10-17 15:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-17 12:19 [PATCH dpdk] net/tap: fix interrupt callback crash after failed start Robin Jarry
2025-10-17 23:38 ` Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).