From bcd68b68415172815e55fc67cf3947c0433baf74 Mon Sep 17 00:00:00 2001 From: Hyong Youb Kim Date: Mon, 25 Oct 2021 17:02:56 -0700 Subject: [PATCH] net/enic: fix crash caused by changing MTU Changing MTU after the device start causes a segfault in the Rx handler. The MTU handler (enic_set_mtu) performs the following steps. 1. Stop NIC Rx 2. Change Rx handler '(struct rte_eth_dev)->rx_pkt_burst' to the dummy handler and sleep a while to quiesce 3. Re-allocate/initialize Rx structures 4. Change Rx handler back to the real handler (e.g. enic_noscatter_recv_pkts) enic_set_mtu does not update the recently introduced fast-path pointer '(struct rte_eth_fp_ops)->rx_pkt_burst'. Since rte_eth_rx_burst only uses the fast-path pointer, it keeps invoking the real Rx handler, not the dummy one set by (2). And, (3) causes a segfault in the real Rx handler (e.g. dereferencing freed structures). Fix the segfault by updating the fast-path pointer as well. Fixes: c87d435a4d79 ("ethdev: copy fast-path API into separate structure") Signed-off-by: Hyong Youb Kim Reviewed-by: John Daley --- drivers/net/enic/enic_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c index 5cc6d9f017..7f84b5f935 100644 --- a/drivers/net/enic/enic_main.c +++ b/drivers/net/enic/enic_main.c @@ -1665,6 +1665,7 @@ int enic_set_mtu(struct enic *enic, uint16_t new_mtu) /* replace Rx function with a no-op to avoid getting stale pkts */ eth_dev->rx_pkt_burst = enic_dummy_recv_pkts; + rte_eth_fp_ops[enic->port_id].rx_pkt_burst = eth_dev->rx_pkt_burst; rte_mb(); /* Allow time for threads to exit the real Rx function. */ @@ -1699,6 +1700,7 @@ int enic_set_mtu(struct enic *enic, uint16_t new_mtu) /* put back the real receive function */ rte_mb(); enic_pick_rx_handler(eth_dev); + rte_eth_fp_ops[enic->port_id].rx_pkt_burst = eth_dev->rx_pkt_burst; rte_mb(); /* restart Rx traffic */ -- 2.20.1