[dpdk-dev] [PATCH 08/10] regex/mlx5: fix uninitialized QP destroy

Francis Kelly fkelly at nvidia.com
Fri Oct 22 17:45:58 CEST 2021

Previous message (by thread): [dpdk-dev] [PATCH 07/10] regex/mlx5: removed redundant rxp csr file
Next message (by thread): [dpdk-dev] [PATCH 08/10] regex/mlx5: fix uninitialized QP destroy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ady Agbarih <adypodoman at gmail.com>

The number of QPs for a device are setup during the
 configuration phase, when the user calls
 rte_regexdev_configure(). The mlx5 regex driver then
 pre-allocates QPs, however those QPs are not
 setup/ready for sending jobs. The user has to configure
 each QP using rte_regexdev_queue_pair_setup(). When
 stopping the device the driver destroys all QPs that
 were preallocated assuming that they are all setup. This
 results in an attempt to destroy an uninitialized QP,
 leading to a NULL dereference error.

In order to solve this issue we first check that the
 QP jobs array has been initialized before attempting
 to destroy the QP.

Fixes: 35f8f6c8dbee ("regex/mlx5: add cleanup code")
Cc: orika at nvidia.com

Signed-off-by: Ady Agbarih <adypodoman at gmail.com>
---
 drivers/regex/mlx5/mlx5_regex_control.c  | 3 +++
 drivers/regex/mlx5/mlx5_regex_fastpath.c | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/regex/mlx5/mlx5_regex_control.c b/drivers/regex/mlx5/mlx5_regex_control.c
index 3e0a0cdd71..52f66ecce8 100644
--- a/drivers/regex/mlx5/mlx5_regex_control.c
+++ b/drivers/regex/mlx5/mlx5_regex_control.c
@@ -283,6 +283,9 @@ mlx5_regex_clean_ctrl(struct rte_regexdev *dev)
 		return;
 	for (qp_ind = 0; qp_ind < priv->nb_queues; qp_ind++) {
 		qp = &priv->qps[qp_ind];
+		/* Check if mlx5_regex_qp_setup() was called for this QP */
+		if (!qp->jobs)
+			continue;
 		mlx5_regexdev_teardown_fastpath(priv, qp_ind);
 		mlx5_mr_btree_free(&qp->mr_ctrl.cache_bh);
 		for (i = 0; i < qp->nb_obj; i++)
diff --git a/drivers/regex/mlx5/mlx5_regex_fastpath.c b/drivers/regex/mlx5/mlx5_regex_fastpath.c
index 0833b2817e..26b4cc5c82 100644
--- a/drivers/regex/mlx5/mlx5_regex_fastpath.c
+++ b/drivers/regex/mlx5/mlx5_regex_fastpath.c
@@ -739,6 +739,7 @@ mlx5_regexdev_setup_fastpath(struct mlx5_regex_priv *priv, uint32_t qp_id)
 	err = setup_buffers(priv, qp);
 	if (err) {
 		rte_free(qp->jobs);
+		qp->jobs = NULL;
 		return err;
 	}
 
@@ -791,14 +792,14 @@ mlx5_regexdev_teardown_fastpath(struct mlx5_regex_priv *priv, uint32_t qp_id)
 	struct mlx5_regex_qp *qp = &priv->qps[qp_id];
 	uint32_t i;
 
-	if (qp) {
+	if (qp->jobs) {
 		for (i = 0; i < qp->nb_desc; i++) {
 			if (qp->jobs[i].imkey)
 				claim_zero(mlx5_devx_cmd_destroy
 							(qp->jobs[i].imkey));
 		}
 		free_buffers(qp);
-		if (qp->jobs)
-			rte_free(qp->jobs);
+		rte_free(qp->jobs);
+		qp->jobs = NULL;
 	}
 }
-- 
2.25.1

Previous message (by thread): [dpdk-dev] [PATCH 07/10] regex/mlx5: removed redundant rxp csr file
Next message (by thread): [dpdk-dev] [PATCH 08/10] regex/mlx5: fix uninitialized QP destroy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list