From 834ac655bae247acee5016dc46400f456db047fd Mon Sep 17 00:00:00 2001 From: Yuanhan Liu Date: Tue, 19 Jul 2016 10:39:53 +0800 Subject: [PATCH] net/virtio: fix crash on null dereference The rxq/txq for the queue_release callback could be NULL, say when rte_eth_dev_configure() fails that the queue is not setup at all. Do a simple NULL check would fix the crash issue. Fixes: 01ad44fd374f ("net/virtio: split Rx/Tx queue") Reported-by: Olivier Matz Signed-off-by: Yuanhan Liu --- drivers/net/virtio/virtio_rxtx.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/drivers/net/virtio/virtio_rxtx.c b/drivers/net/virtio/virtio_rxtx.c index 9aba044c66..724517e2b1 100644 --- a/drivers/net/virtio/virtio_rxtx.c +++ b/drivers/net/virtio/virtio_rxtx.c @@ -468,13 +468,19 @@ void virtio_dev_rx_queue_release(void *rxq) { struct virtnet_rx *rxvq = rxq; - struct virtqueue *vq = rxvq->vq; - /* rxvq is freed when vq is freed, and as mz should be freed after the + struct virtqueue *vq; + const struct rte_memzone *mz; + + if (rxvq == NULL) + return; + + /* + * rxvq is freed when vq is freed, and as mz should be freed after the * del_queue, so we reserve the mz pointer first. */ - const struct rte_memzone *mz = rxvq->mz; + vq = rxvq->vq; + mz = rxvq->mz; - /* no need to free rxq as vq and rxq are allocated together */ virtio_dev_queue_release(vq); rte_memzone_free(mz); } @@ -554,12 +560,20 @@ void virtio_dev_tx_queue_release(void *txq) { struct virtnet_tx *txvq = txq; - struct virtqueue *vq = txvq->vq; - /* txvq is freed when vq is freed, and as mz should be freed after the + struct virtqueue *vq; + const struct rte_memzone *mz; + const struct rte_memzone *hdr_mz; + + if (txvq == NULL) + return; + + /* + * txvq is freed when vq is freed, and as mz should be freed after the * del_queue, so we reserve the mz pointer first. */ - const struct rte_memzone *hdr_mz = txvq->virtio_net_hdr_mz; - const struct rte_memzone *mz = txvq->mz; + vq = txvq->vq; + mz = txvq->mz; + hdr_mz = txvq->virtio_net_hdr_mz; virtio_dev_queue_release(vq); rte_memzone_free(mz); -- 2.20.1