diff options
author | Steven <sluong@cisco.com> | 2017-07-30 10:29:26 -0700 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-09-07 13:39:21 +0000 |
commit | bd8a611c7e4558f18e3280ace9e48ecae5673800 (patch) | |
tree | 4815585ccc0f9d8f9b5aec8fc6d3d039fc58079a /src/vppinfra/asm_x86.c | |
parent | 92dc12a01b1f5c75500bb015bd159d6bba0547b5 (diff) |
Devices: Set interface rx-mode may cause SIGSEGV with nonexistent queue
When I type in set interface rx-mode with a nonexistent queue, I got a crash with the following
traceback. It looks like the vm is NULL when vlib_node_get_runtime is called.
DBGvpp# sh int rx
Thread 0 (vpp_main):
node dpdk-input:
TenGigabitEthernet5/0/0 queue 0 (polling)
TenGigabitEthernet5/0/1 queue 0 (polling)
TenGigabitEthernet7/0/0 queue 0 (polling)
TenGigabitEthernet7/0/1 queue 0 (polling)
node vhost-user-input:
VirtualEthernet0/0/2 queue 0 (adaptive)
DBGvpp# set interface rx-mode VirtualEthernet0/0/2 queue 1 polling
Thread 1 "vpp_main" received signal SIGSEGV, Segmentation fault.
0x00007ffff6d4e0bc in vlib_node_get_runtime (vm=0x0, node_index=125)
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92
92 vlib_node_t *n = vec_elt (nm->nodes, node_index);
(gdb) where
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:92
at /home/sluong/vpp/build-data/../src/vlib/node_funcs.h:112
vnm=0x6f0fa0 <vnet_main>, hw_if_index=7, queue_id=1, mode=0x7fffb62099e8)
at /home/sluong/vpp/build-data/../src/vnet/devices/devices.c:307
hw_if_index=7, queue_id=1, mode=VNET_HW_INTERFACE_RX_MODE_POLLING)
at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1192
vm=0x7ffff7b9d440 <vlib_global_main>, input=0x7fffb6209ef0,
cmd=0x7fffb61d5d14)
at /home/sluong/vpp/build-data/../src/vnet/interface_cli.c:1288
vm=0x7ffff7b9d440 <vlib_global_main>,
cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0,
parent_command_index=18)
at /home/sluong/vpp/build-data/../src/vlib/cli.c:588
vm=0x7ffff7b9d440 <vlib_global_main>,
cm=0x7ffff7b9d630 <vlib_global_main+496>, input=0x7fffb6209ef0,
parent_command_index=12)
The fix is to add a check for vec_len(hw->input_node_thread_index_by_queue)
and vec_len (hw->rx_mode_by_queue) to reject the command if the queue_id is
out of bound. While at it, I notice inputting queue_id=-1 is being interpreted
as all queues. An easy fix is to not overload the queue_id variable with -1 to
mean something else.
Change-Id: Id70ec3e7d06ccc67635e6d28ef53420bdac4a988
Signed-off-by: Steven <sluong@cisco.com>
Diffstat (limited to 'src/vppinfra/asm_x86.c')
0 files changed, 0 insertions, 0 deletions