[PATCH dpdk] net/tap: fix interrupt callback crash after failed start

[Robin Jarry]

After moving a tap linux net device to a different namespace,
tap_link_set_up fails with an -ENODEV error. Indeed it relies on an
ioctl call using the interface name as argument:

	/* with ifr->ifrn_name = "dtapX" */
	ioctl(pmd->ioctl_sock, SIOCGIFFLAGS, ifr)

This causes rte_eth_dev_stop() to do nothing since the device is not
seen as started. And then, when removing the device, the interrupt
callbacks are left there.

If they are invoked, they will be so with a "freed" device pointer:

Thread 2 "dpdk-intr" hit Breakpoint 1, tap_dev_intr_handler
    at ../drivers/net/tap/rte_eth_tap.c:1689
1689            struct pmd_internals *pmd = dev->data->dev_private;
(gdb) p *dev
$2 = {
  ...
  data = 0x0,
  ...
  state = RTE_ETH_DEV_UNUSED,
  security_ctx = 0x0
}

This causes a crash when dereferencing the data pointer.

When tap_link_set_up fails, ensure to unregister the interrupt callbacks
that were just reinstalled.

Cc: stable at dpdk.org
Fixes: c0bddd3a057f ("net/tap: add link status notification")

Signed-off-by: Robin Jarry <rjarry at redhat.com>
---
 drivers/net/tap/rte_eth_tap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index 650ddbd70623..58d70f7dd60f 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -889,8 +889,10 @@ tap_dev_start(struct rte_eth_dev *dev)
 		return err;
 
 	err = tap_link_set_up(dev);
-	if (err)
+	if (err) {
+		tap_intr_handle_set(dev, 0);
 		return err;
+	}
 
 	for (i = 0; i < dev->data->nb_tx_queues; i++)
 		dev->data->tx_queue_state[i] = RTE_ETH_QUEUE_STATE_STARTED;
-- 
2.51.0