From a3daf77e4cd1f7695926ac67c25b8750f4bed3b0 Mon Sep 17 00:00:00 2001 From: Steven Date: Wed, 28 Feb 2018 11:00:34 -0800 Subject: tapv2: abort in tap_create_if (VPP-1179) The following command sequences cause the crash: create tap id 0 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 set interface state tap0 up set interface state tap1 up delete tap tap0 delete tap tap1 create tap id 0 rx-ring-size 1024 tx-ring-size 1024 0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46 (vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails The reason for the crash is because when the tap interface is deleted, the code does not remove the entry from the device queue. But the interface is deleted anyway from vnet_main.interface_main.hw_interfaces. When an interface is created again, it may encounter the deleted entry in the device queue and crash. Notice create and delete a single entry does not cause a crash. Need to create and delete 2 interfaces to create a "hole" in the device queue. Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f Signed-off-by: Steven (cherry picked from commit 0b8567331c3edf8b6aee51c849b8391a2922d9ab) --- src/vnet/devices/tap/tap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/vnet/devices/tap/tap.c b/src/vnet/devices/tap/tap.c index 7177de7be06..307bc529809 100644 --- a/src/vnet/devices/tap/tap.c +++ b/src/vnet/devices/tap/tap.c @@ -423,6 +423,7 @@ tap_delete_if (vlib_main_t * vm, u32 sw_if_index) /* bring down the interface */ vnet_hw_interface_set_flags (vnm, vif->hw_if_index, 0); vnet_sw_interface_set_flags (vnm, vif->sw_if_index, 0); + vnet_hw_interface_unassign_rx_thread (vnm, vif->hw_if_index, 0); ethernet_delete_interface (vnm, vif->hw_if_index); vif->hw_if_index = ~0; -- cgit 1.2.3-korg