[dpdk-dev] [PATCH v4 21/24] net/bnxt: prevent interrupt handler from accessing freed memory

[Ajit Khaparde]

In some cases the interrupt handler is accessing cpr, which has
already been freed causing segfaults. This patch avoids such accesses.

Fixes: 7bc8e9a227cc ("net/bnxt: support async link notification")

Signed-off-by: Ajit Khaparde <ajit.khaparde at broadcom.com>
---
 drivers/net/bnxt/bnxt_cpr.c | 2 ++
 drivers/net/bnxt/bnxt_irq.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/drivers/net/bnxt/bnxt_cpr.c b/drivers/net/bnxt/bnxt_cpr.c
index 68979bc43..26b2755e1 100644
--- a/drivers/net/bnxt/bnxt_cpr.c
+++ b/drivers/net/bnxt/bnxt_cpr.c
@@ -183,8 +183,10 @@ void bnxt_free_def_cp_ring(struct bnxt *bp)
 		return;
 
 	bnxt_free_ring(cpr->cp_ring_struct);
+	cpr->cp_ring_struct = NULL;
 	rte_free(cpr->cp_ring_struct);
 	rte_free(cpr);
+	bp->def_cp_ring = NULL;
 }
 
 /* For the default completion ring only */
diff --git a/drivers/net/bnxt/bnxt_irq.c b/drivers/net/bnxt/bnxt_irq.c
index 47cda7e52..79a119623 100644
--- a/drivers/net/bnxt/bnxt_irq.c
+++ b/drivers/net/bnxt/bnxt_irq.c
@@ -55,6 +55,9 @@ static void bnxt_int_handler(void *param)
 	struct cmpl_base *cmp;
 
 	while (1) {
+		if (!cpr || !cpr->cp_ring_struct)
+			return;
+
 		cons = RING_CMP(cpr->cp_ring_struct, raw_cons);
 		cmp = &cpr->cp_desc_ring[cons];
 
-- 
2.13.5 (Apple Git-94)