[PATCH 19.11] net/mlx5: fix invalid memory access in port closing

Christian Ehrhardt christian.ehrhardt at canonical.com
Fri Nov 18 07:38:08 CET 2022


On Thu, Nov 17, 2022 at 4:48 PM Michael Baum <michaelba at nvidia.com> wrote:
>
> The shared IB device (sh) has per port data updated in port creation.
> In port closing this port data is updated even when the SH still exist.
>
> However, this updating is happened after SH has been released and for
> last port it actually accesses to freed memory.
>
> This patch updates the port data before SH releasing.
>
> Fixes: 08c0b56cb304 ("net/mlx5: fix port event cleaning order")
> Cc: michaelba at nvidia.com

Applied, thanks for the ping in regard to this follow on fix, I'd have
missed it since it has no 19.11 in the subject.

> Signed-off-by: Michael Baum <michaelba at nvidia.com>
> Acked-by: Matan Azrad <matan at nvidia.com>
> ---
>  drivers/net/mlx5/mlx5.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/mlx5/mlx5.c b/drivers/net/mlx5/mlx5.c
> index ece8c5e3e1..efeeb8443b 100644
> --- a/drivers/net/mlx5/mlx5.c
> +++ b/drivers/net/mlx5/mlx5.c
> @@ -1405,6 +1405,12 @@ mlx5_dev_close(struct rte_eth_dev *dev)
>                 close(priv->nl_socket_rdma);
>         if (priv->vmwa_context)
>                 mlx5_vlan_vmwa_exit(priv->vmwa_context);
> +       priv->sh->port[priv->ibv_port - 1].nl_ih_port_id = RTE_MAX_ETHPORTS;
> +       /*
> +        * The interrupt handler port id must be reset before priv is reset
> +        * since 'mlx5_dev_interrupt_nl_cb' uses priv.
> +        */
> +       rte_io_wmb();
>         /*
>          * Free the shared context in last turn, because the cleanup
>          * routines above may use some shared fields, like
> @@ -1458,12 +1464,6 @@ mlx5_dev_close(struct rte_eth_dev *dev)
>                 if (!c)
>                         claim_zero(rte_eth_switch_domain_free(priv->domain_id));
>         }
> -       priv->sh->port[priv->ibv_port - 1].nl_ih_port_id = RTE_MAX_ETHPORTS;
> -       /*
> -        * The interrupt handler port id must be reset before priv is reset
> -        * since 'mlx5_dev_interrupt_nl_cb' uses priv.
> -        */
> -       rte_io_wmb();
>         memset(priv, 0, sizeof(*priv));
>         priv->domain_id = RTE_ETH_DEV_SWITCH_DOMAIN_ID_INVALID;
>         /*
> --
> 2.25.1
>


-- 
Christian Ehrhardt
Senior Staff Engineer, Ubuntu Server
Canonical Ltd


More information about the stable mailing list