[dpdk-dev] [PATCH] net/pcap: fix possible crash on exit for infinite Rx

Ferruh Yigit ferruh.yigit at intel.com
Fri Oct 9 18:16:49 CEST 2020


If the infinite Rx argument ('infinite_rx') is provided a ring is
allocated and filled in the '.rx_queue_setup' dev_ops.
Later this ring freed in the '.dev_close' dev_ops.

If the 'infinite_rx' provided and '.dev_close' called before
'.rx_queue_setup', the ring will be NULL and trying to empty/free it
will cause a crash.

This is fixed by adding ring NULL check before trying to empty/free it.

Bugzilla ID: 548
Fixes: a3f5252e5cbd ("net/pcap: enable infinitely Rx a pcap file")
Cc: stable at dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit at intel.com>
---
Cc: rchibois at gmail.com
Cc: cian.ferriter at intel.com
---
 drivers/net/pcap/rte_eth_pcap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/pcap/rte_eth_pcap.c b/drivers/net/pcap/rte_eth_pcap.c
index 057aa9dbfc..49764c0ee6 100644
--- a/drivers/net/pcap/rte_eth_pcap.c
+++ b/drivers/net/pcap/rte_eth_pcap.c
@@ -748,6 +748,13 @@ eth_dev_close(struct rte_eth_dev *dev)
 			struct pcap_rx_queue *pcap_q = &internals->rx_queue[i];
 			struct rte_mbuf *pcap_buf;
 
+			/*
+			 * 'pcap_q->pkts' can be NULL if 'eth_dev_close()'
+			 * called before 'eth_rx_queue_setup()' has been called
+			 */
+			if (pcap_q->pkts == NULL)
+				continue;
+
 			while (!rte_ring_dequeue(pcap_q->pkts,
 					(void **)&pcap_buf))
 				rte_pktmbuf_free(pcap_buf);
-- 
2.26.2



More information about the dev mailing list