patch 'net/tap: fix interrupt callback crash after failed start' has been queued to stable release 22.11.11

[luca.boccassi at gmail.com]

Hi,

FYI, your patch has been queued to stable release 22.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/29/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/1669b8b486d6a0114a2c21654a1ef5248dca4725

Thanks.

Luca Boccassi

---
>From 1669b8b486d6a0114a2c21654a1ef5248dca4725 Mon Sep 17 00:00:00 2001
From: Robin Jarry <rjarry at redhat.com>
Date: Fri, 17 Oct 2025 14:19:47 +0200
Subject: [PATCH] net/tap: fix interrupt callback crash after failed start

[ upstream commit c44ed082917316257dbeb2454414932d39f9c321 ]

After moving a tap linux net device to a different namespace,
tap_link_set_up fails with an -ENODEV error. Indeed it relies on an
ioctl call using the interface name as argument:

	/* with ifr->ifrn_name = "dtapX" */
	ioctl(pmd->ioctl_sock, SIOCGIFFLAGS, ifr)

This causes rte_eth_dev_stop() to do nothing since the device is not
seen as started. And then, when removing the device, the interrupt
callbacks are left there.

If they are invoked, they will be so with a "freed" device pointer:

Thread 2 "dpdk-intr" hit Breakpoint 1, tap_dev_intr_handler
    at ../drivers/net/tap/rte_eth_tap.c:1689
1689            struct pmd_internals *pmd = dev->data->dev_private;
(gdb) p *dev
$2 = {
  ...
  data = 0x0,
  ...
  state = RTE_ETH_DEV_UNUSED,
  security_ctx = 0x0
}

This causes a crash when dereferencing the data pointer.

When tap_link_set_up fails, ensure to unregister the interrupt callbacks
that were just reinstalled.

Fixes: c0bddd3a057f ("net/tap: add link status notification")

Signed-off-by: Robin Jarry <rjarry at redhat.com>
---
 drivers/net/tap/rte_eth_tap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index 68f9a5ce34..cb7ed40840 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -952,8 +952,10 @@ tap_dev_start(struct rte_eth_dev *dev)
 		return err;
 
 	err = tap_link_set_up(dev);
-	if (err)
+	if (err) {
+		tap_intr_handle_set(dev, 0);
 		return err;
+	}
 
 	for (i = 0; i < dev->data->nb_tx_queues; i++)
 		dev->data->tx_queue_state[i] = RTE_ETH_QUEUE_STATE_STARTED;
-- 
2.47.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-10-27 15:54:37.227582229 +0000
+++ 0067-net-tap-fix-interrupt-callback-crash-after-failed-st.patch	2025-10-27 15:54:34.843950754 +0000
@@ -1 +1 @@
-From c44ed082917316257dbeb2454414932d39f9c321 Mon Sep 17 00:00:00 2001
+From 1669b8b486d6a0114a2c21654a1ef5248dca4725 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit c44ed082917316257dbeb2454414932d39f9c321 ]
+
@@ -37 +38,0 @@
-Cc: stable at dpdk.org
@@ -45 +46 @@
-index 650ddbd706..58d70f7dd6 100644
+index 68f9a5ce34..cb7ed40840 100644
@@ -48 +49 @@
-@@ -889,8 +889,10 @@ tap_dev_start(struct rte_eth_dev *dev)
+@@ -952,8 +952,10 @@ tap_dev_start(struct rte_eth_dev *dev)