[dpdk-dev,1/2] net/enic: fix crash on MTU update or rxq reconfigure

Message ID 20161012211203.23250-1-johndale@cisco.com (mailing list archive)
State Accepted, archived
Delegated to: Bruce Richardson
Headers

Commit Message

John Daley (johndale) Oct. 12, 2016, 9:12 p.m. UTC
The incorrect completion queue corresponding to an RQ would be
freed if multiple Rx queues are in use and the MTU is changed,
or an Rx queue is released. This could lead to a segmentation fault
when the device is disabled or even in the Rx or Tx paths.

The index of the completion queue corresponding to a RQ needed
to be adjusted after Rx scatter was introduced.

Fixes: 856d7ba7ed22 ("net/enic: support scattered Rx")

Signed-off-by: John Daley <johndale@cisco.com>
Reviewed-by: Nelson Escobar <neescoba@cisco.com>
---
 drivers/net/enic/enic.h      | 5 +++++
 drivers/net/enic/enic_main.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
  

Comments

Bruce Richardson Oct. 19, 2016, 9:42 a.m. UTC | #1
On Wed, Oct 12, 2016 at 02:12:02PM -0700, John Daley wrote:
> The incorrect completion queue corresponding to an RQ would be
> freed if multiple Rx queues are in use and the MTU is changed,
> or an Rx queue is released. This could lead to a segmentation fault
> when the device is disabled or even in the Rx or Tx paths.
> 
> The index of the completion queue corresponding to a RQ needed
> to be adjusted after Rx scatter was introduced.
> 
> Fixes: 856d7ba7ed22 ("net/enic: support scattered Rx")
> 
> Signed-off-by: John Daley <johndale@cisco.com>
> Reviewed-by: Nelson Escobar <neescoba@cisco.com>
> ---
Patchset applied to dpdk-next-net/rel_16_11

/Bruce
  

Patch

diff --git a/drivers/net/enic/enic.h b/drivers/net/enic/enic.h
index 4ea4e4a..13a4b31 100644
--- a/drivers/net/enic/enic.h
+++ b/drivers/net/enic/enic.h
@@ -170,6 +170,11 @@  struct enic {
 
 };
 
+/* Get the CQ index from a Start of Packet(SOP) RQ index */
+static inline unsigned int enic_sop_rq_idx_to_cq_idx(unsigned int sop_idx)
+{
+	return sop_idx / 2;
+}
 static inline unsigned int enic_rq_sop(unsigned int sop_rq)
 {
 	return sop_rq / 2;
diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c
index 622b317..65a8307 100644
--- a/drivers/net/enic/enic_main.c
+++ b/drivers/net/enic/enic_main.c
@@ -541,7 +541,7 @@  void enic_free_rq(void *rxq)
 	if (rq_data->in_use)
 		vnic_rq_free(rq_data);
 
-	vnic_cq_free(&enic->cq[rq_sop->index]);
+	vnic_cq_free(&enic->cq[enic_sop_rq_idx_to_cq_idx(rq_sop->index)]);
 
 	rq_sop->in_use = 0;
 	rq_data->in_use = 0;