On 10/06/2017 12:50 PM, Ilya Maximets wrote:
Currently, rx and tx functions for vhost interfaces always obtain
'vid' twice. First time inside 'is_vhost_running' for checking
the value and the second time in enqueue/dequeue function calls to
send/receive packets. But second time we're not checking the
returned value. If vhost device will be destroyed between
checking and enqueue/dequeue, DPDK API will be called with
'-1' instead of valid 'vid'. DPDK API does not validate the 'vid'.
This leads to getting random memory value as a pointer to internal
device structure inside DPDK. Access by this pointer leads to
segmentation fault. For example:
|00503|dpdk|INFO|VHOST_CONFIG: read message VHOST_USER_GET_VRING_BASE
[New Thread 0x7fb6754910 (LWP 21246)]
Program received signal SIGSEGV, Segmentation fault.
rte_vhost_enqueue_burst at lib/librte_vhost/virtio_net.c:630
630 if (dev->features & (1 << VIRTIO_NET_F_MRG_RXBUF))
(gdb) bt full
#0 rte_vhost_enqueue_burst at lib/librte_vhost/virtio_net.c:630
dev = 0xffffffff
#1 __netdev_dpdk_vhost_send at lib/netdev-dpdk.c:1803
tx_pkts = <optimized out>
cur_pkts = 0x7f340084f0
total_pkts = 32
dropped = 0
i = <optimized out>
retries = 0
...
(gdb) p *((struct netdev_dpdk *) netdev)
$8 = { ... ,
flags = (NETDEV_UP | NETDEV_PROMISC), ... ,
vid = {v = -1},
vhost_reconfigured = false, ... }
Issue can be reproduced by stopping DPDK application (testpmd) inside
guest while heavy traffic flows to this VM.
Fix that by obtaining and checking the 'vid' only once.
CC: Ciara Loftus <[email protected]>
Fixes: 0a0f39df1d5a ("netdev-dpdk: Add support for DPDK 16.07")
Signed-off-by: Ilya Maximets <[email protected]>
---
lib/netdev-dpdk.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
Reviewed-by: Maxime Coquelin <[email protected]>
Thanks,
Maxime
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
