[dpdk-dev] [PATCH v3 1/2] enic: fix seg fault when releasing queues

Bruce Richardson bruce.richardson at intel.com
Fri Jun 10 11:22:36 CEST 2016


On Thu, Jun 09, 2016 at 11:56:08AM -0700, John Daley wrote:
> If device configuration failed due to a lack of resources, such as
> if more queues are requested than are available, the queue release
> function is called with NULL pointers which were being dereferenced.
> 
> Skip releasing queues if they are NULL pointers.
> 
> Fixes: fefed3d1e62c ("enic: new driver")
> Signed-off-by: John Daley <johndale at cisco.com>
> ---
> 
> v3: bail out of free rq function if rq is null instead of if
> around != NULL.
> 
>  drivers/net/enic/enic_main.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c
> index 996f999..5939b9d 100644
> --- a/drivers/net/enic/enic_main.c
> +++ b/drivers/net/enic/enic_main.c
> @@ -429,6 +429,9 @@ void enic_free_rq(void *rxq)
>  	struct vnic_rq *rq = (struct vnic_rq *)rxq;
>  	struct enic *enic = vnic_dev_priv(rq->vdev);

This doesn't look safe to me. You are referencing the pointer before checking
it for NULL.

>  
> +	if (rxq == NULL)
> +		return;
> +

/Bruce

>  	enic_rxmbuf_queue_release(enic, rq);
>  	rte_free(rq->mbuf_ring);
>  	rq->mbuf_ring = NULL;
> -- 
> 2.7.0
> 


More information about the dev mailing list