[dpdk-dev,v3,1/2] enic: fix seg fault when releasing queues
Commit Message
If device configuration failed due to a lack of resources, such as
if more queues are requested than are available, the queue release
function is called with NULL pointers which were being dereferenced.
Skip releasing queues if they are NULL pointers.
Fixes: fefed3d1e62c ("enic: new driver")
Signed-off-by: John Daley <johndale@cisco.com>
---
v3: bail out of free rq function if rq is null instead of if
around != NULL.
drivers/net/enic/enic_main.c | 3 +++
1 file changed, 3 insertions(+)
Comments
On Thu, Jun 09, 2016 at 11:56:08AM -0700, John Daley wrote:
> If device configuration failed due to a lack of resources, such as
> if more queues are requested than are available, the queue release
> function is called with NULL pointers which were being dereferenced.
>
> Skip releasing queues if they are NULL pointers.
>
> Fixes: fefed3d1e62c ("enic: new driver")
> Signed-off-by: John Daley <johndale@cisco.com>
> ---
>
> v3: bail out of free rq function if rq is null instead of if
> around != NULL.
>
> drivers/net/enic/enic_main.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c
> index 996f999..5939b9d 100644
> --- a/drivers/net/enic/enic_main.c
> +++ b/drivers/net/enic/enic_main.c
> @@ -429,6 +429,9 @@ void enic_free_rq(void *rxq)
> struct vnic_rq *rq = (struct vnic_rq *)rxq;
> struct enic *enic = vnic_dev_priv(rq->vdev);
This doesn't look safe to me. You are referencing the pointer before checking
it for NULL.
>
> + if (rxq == NULL)
> + return;
> +
/Bruce
> enic_rxmbuf_queue_release(enic, rq);
> rte_free(rq->mbuf_ring);
> rq->mbuf_ring = NULL;
> --
> 2.7.0
>
@@ -429,6 +429,9 @@ void enic_free_rq(void *rxq)
struct vnic_rq *rq = (struct vnic_rq *)rxq;
struct enic *enic = vnic_dev_priv(rq->vdev);
+ if (rxq == NULL)
+ return;
+
enic_rxmbuf_queue_release(enic, rq);
rte_free(rq->mbuf_ring);
rq->mbuf_ring = NULL;