diff options
author | Steven <sluong@cisco.com> | 2018-11-04 08:20:01 -0800 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-11-06 18:20:31 +0000 |
commit | 0c4699855f66e8bf89a41cf83b41adc753c30cce (patch) | |
tree | be39709b5e1382131f74ee1b06616936422f3332 /src/vlib/init.c | |
parent | 390036e0d075c632491beeb37aba4e5d07132e06 (diff) |
vhost: crash in vhost_user_tx_avx2
(gdb) bt
bt
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) frame 5
frame 5
293 if (PREDICT_FALSE (rxvq->last_avail_idx == rxvq->avail->idx))
(gdb) p *rxvq
p *rxvq
$3 = {cacheline0 = 0x7f290bcadd80 "\377\003", qsz_mask = 1023, last_avail_idx = 0, last_used_idx = 0, n_since_last_int = 0, desc = 0x0, avail = 0x0, used = 0x0, int_deadline = 0, started = 1 '\001', enabled = 1 '\001', log_used = 0 '\000', cacheline1 = 0x7f290bcaddc0 "\377\377\377\377\016", errfd = -1, callfd_idx = 14, kickfd_idx = 19, log_guest_addr = 5151049792, mode = 0}
The crash is because we access the null pointer rxvq->avail,
which is supposed to be derived from the mmap informed by the driver.
We fixed a similar issue before in
https://gerrit.fd.io/r/#/c/14545/
The reason was the driver ummaps the memory without doing the disconnect in
SR-IOV environment. The fixed was applied to the RX path. Now it happens in the
TX path. We just need to apply the same check in the TX path.
Change-Id: I7b1dfc96797cb5b52845bc6cec09a8c5d4325280
Signed-off-by: Steven <sluong@cisco.com>
Diffstat (limited to 'src/vlib/init.c')
0 files changed, 0 insertions, 0 deletions