diff mbox series

[1/2] bus/pci: fix a segfault when call callback

Message ID	20220521070523.34983-2-humin29@huawei.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: "Min Hu (Connor)" <humin29@huawei.com> To: <dev@dpdk.org> CC: Huisong Li <lihuisong@huawei.com>, <stable@dpdk.org>, Min Hu <humin29@huawei.com>, Gaetan Rivet <gaetan.rivet@6wind.com> Subject: [PATCH 1/2] bus/pci: fix a segfault when call callback Date: Sat, 21 May 2022 15:05:22 +0800 Message-ID: <20220521070523.34983-2-humin29@huawei.com> In-Reply-To: <20220521070523.34983-1-humin29@huawei.com> References: <20220521070523.34983-1-humin29@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	fix a segfault when call callback \| [0/2] fix a segfault when call callback [1/2] bus/pci: fix a segfault when call callback [2/2] bus/vdev: fix a segfault when call callback

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

humin (Q) May 21, 2022, 7:05 a.m. UTC

  From: Huisong Li <lihuisong@huawei.com>

After the driver probe is executed, the callback in application will
be called. The callback in application may call some APIs which access the
rte_pci_driver::driver by the device::driver pointer to get driver
information. If the rte_pci_device::device::driver pointer isn't pointed to
rte_pci_driver::driver in rte_pci_probe_one_driver, a segfault will occur.
For example, when ethdev driver probe completes, the callback in
application call rte_eth_dev_info_get which use dev->device->driver->name.
So rte_pci_device::device::driver should point to rte_pci_driver::driver
before executing the driver probe.

Fixes: c752998b5e2e ("pci: introduce library and driver")
Cc: stable@dpdk.org

Signed-off-by: Huisong Li <lihuisong@huawei.com>
Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
---
 drivers/bus/pci/pci_common.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

Comments

Thomas Monjalon June 7, 2022, 5:38 p.m. UTC | #1

21/05/2022 09:05, Min Hu (Connor):
> From: Huisong Li <lihuisong@huawei.com>
> 
> After the driver probe is executed, the callback in application will
> be called. The callback in application may call some APIs which access the

What is the "callback in application" ?
Do you mean the callback on probing event like RTE_ETH_EVENT_NEW?

> rte_pci_driver::driver by the device::driver pointer to get driver
> information. If the rte_pci_device::device::driver pointer isn't pointed to
> rte_pci_driver::driver in rte_pci_probe_one_driver, a segfault will occur.
> For example, when ethdev driver probe completes, the callback in
> application call rte_eth_dev_info_get which use dev->device->driver->name.
> So rte_pci_device::device::driver should point to rte_pci_driver::driver
> before executing the driver probe.

I understand the need and I approve the move.

> Fixes: c752998b5e2e ("pci: introduce library and driver")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Huisong Li <lihuisong@huawei.com>
> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
> ---
>  drivers/bus/pci/pci_common.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/bus/pci/pci_common.c b/drivers/bus/pci/pci_common.c
> index 4a3a87f24f..507a654779 100644
> --- a/drivers/bus/pci/pci_common.c
> +++ b/drivers/bus/pci/pci_common.c
> @@ -265,11 +265,22 @@ rte_pci_probe_one_driver(struct rte_pci_driver *dr,
>  			dr->driver.name, dev->id.vendor_id, dev->id.device_id,
>  			loc->domain, loc->bus, loc->devid, loc->function,
>  			dev->device.numa_node);
> +
> +	/*
> +	 * After the driver probe is executed, the callback in application will
> +	 * be called. The callback in application may call some APIs which use
> +	 * dev->device.driver to get some driver information. If the driver
> +	 * pointer isn't pointed to driver->driver here, a segfault will occur.
> +	 */

I would like to make this comment simpler
once I'm sure we share the same understanding.

> +	if (!already_probed)
> +		dev->device.driver = &dr->driver;
> +
>  	/* call the driver probe() function */
>  	ret = dr->probe(dr, dev);
>  	if (already_probed)
>  		return ret; /* no rollback if already succeeded earlier */
>  	if (ret) {
> +		dev->device.driver = NULL;
>  		dev->driver = NULL;
>  		if ((dr->drv_flags & RTE_PCI_DRV_NEED_MAPPING) &&
>  			/* Don't unmap if device is unsupported and
> @@ -282,8 +293,6 @@ rte_pci_probe_one_driver(struct rte_pci_driver *dr,
>  		dev->vfio_req_intr_handle = NULL;
>  		rte_intr_instance_free(dev->intr_handle);
>  		dev->intr_handle = NULL;
> -	} else {
> -		dev->device.driver = &dr->driver;
>  	}
>  
>  	return ret;
>

diff mbox series

Patch

diff --git a/drivers/bus/pci/pci_common.c b/drivers/bus/pci/pci_common.c
index 4a3a87f24f..507a654779 100644
--- a/drivers/bus/pci/pci_common.c
+++ b/drivers/bus/pci/pci_common.c
@@ -265,11 +265,22 @@  rte_pci_probe_one_driver(struct rte_pci_driver *dr,
 			dr->driver.name, dev->id.vendor_id, dev->id.device_id,
 			loc->domain, loc->bus, loc->devid, loc->function,
 			dev->device.numa_node);
+
+	/*
+	 * After the driver probe is executed, the callback in application will
+	 * be called. The callback in application may call some APIs which use
+	 * dev->device.driver to get some driver information. If the driver
+	 * pointer isn't pointed to driver->driver here, a segfault will occur.
+	 */
+	if (!already_probed)
+		dev->device.driver = &dr->driver;
+
 	/* call the driver probe() function */
 	ret = dr->probe(dr, dev);
 	if (already_probed)
 		return ret; /* no rollback if already succeeded earlier */
 	if (ret) {
+		dev->device.driver = NULL;
 		dev->driver = NULL;
 		if ((dr->drv_flags & RTE_PCI_DRV_NEED_MAPPING) &&
 			/* Don't unmap if device is unsupported and
@@ -282,8 +293,6 @@  rte_pci_probe_one_driver(struct rte_pci_driver *dr,
 		dev->vfio_req_intr_handle = NULL;
 		rte_intr_instance_free(dev->intr_handle);
 		dev->intr_handle = NULL;
-	} else {
-		dev->device.driver = &dr->driver;
 	}
 
 	return ret;