From c655c547f92d1cf4bfd525a690660f5b399bdceb Mon Sep 17 00:00:00 2001 From: Hyong Youb Kim Date: Thu, 5 Sep 2019 23:50:20 -0700 Subject: [PATCH] net/enic: fix crash in secondary process Both primary and secondary processes may call the queue start/stop, link update handlers. These functions use the rte_eth_dev pointer cached in the adapter private data (struct enic). But, this pointer is valid only in the primary process, as rte_eth_dev addresses may differ in different processes. Using that cached pointer in secondary processes leads to a crash. For the link update handler (enic_link_update), use the rte_eth_dev pointer passed down from the rte layer as it is valid in the current process. For the queue start/stop handlers (enic_start_wq and friends), cache the rte_eth_dev_data pointer in the adapter private data, and use that. rte_eth_dev_data is in shared memory and its address is same across processes. Fixes: 837e68ae94a2 ("net/enic: fix queue stop and start") Fixes: cf8d9826b7be ("net/enic: extract code for checking link status") Cc: stable@dpdk.org Reported-by: Dirk-Holger Lenz Signed-off-by: Hyong Youb Kim Tested-by: Dirk-Holger Lenz Reviewed-by: John Daley --- drivers/net/enic/enic.h | 3 ++- drivers/net/enic/enic_ethdev.c | 5 ++--- drivers/net/enic/enic_main.c | 22 +++++++++++----------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/drivers/net/enic/enic.h b/drivers/net/enic/enic.h index 681109ba93..fac8d57fa2 100644 --- a/drivers/net/enic/enic.h +++ b/drivers/net/enic/enic.h @@ -112,6 +112,7 @@ struct enic { unsigned int port_id; bool overlay_offload; struct rte_eth_dev *rte_dev; + struct rte_eth_dev_data *dev_data; struct enic_fdir fdir; char bdf_name[ENICPMD_BDF_LENGTH]; int dev_fd; @@ -335,7 +336,7 @@ uint16_t enic_simple_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t enic_prep_pkts(void *tx_queue, struct rte_mbuf **tx_pkts, uint16_t nb_pkts); int enic_set_mtu(struct enic *enic, uint16_t new_mtu); -int enic_link_update(struct enic *enic); +int enic_link_update(struct rte_eth_dev *eth_dev); bool enic_use_vector_rx_handler(struct rte_eth_dev *eth_dev); void enic_pick_rx_handler(struct rte_eth_dev *eth_dev); void enic_pick_tx_handler(struct rte_eth_dev *eth_dev); diff --git a/drivers/net/enic/enic_ethdev.c b/drivers/net/enic/enic_ethdev.c index fe18cf3a93..562401ae76 100644 --- a/drivers/net/enic/enic_ethdev.c +++ b/drivers/net/enic/enic_ethdev.c @@ -460,10 +460,8 @@ static void enicpmd_dev_close(struct rte_eth_dev *eth_dev) static int enicpmd_dev_link_update(struct rte_eth_dev *eth_dev, __rte_unused int wait_to_complete) { - struct enic *enic = pmd_priv(eth_dev); - ENICPMD_FUNC_TRACE(); - return enic_link_update(enic); + return enic_link_update(eth_dev); } static int enicpmd_dev_stats_get(struct rte_eth_dev *eth_dev, @@ -1239,6 +1237,7 @@ static int eth_enicpmd_dev_init(struct rte_eth_dev *eth_dev) /* Only the primary sets up adapter and other data in shared memory */ enic->port_id = eth_dev->data->port_id; enic->rte_dev = eth_dev; + enic->dev_data = eth_dev->data; /* Let rte_eth_dev_close() release the port resources */ eth_dev->data->dev_flags |= RTE_ETH_DEV_CLOSE_REMOVE; diff --git a/drivers/net/enic/enic_main.c b/drivers/net/enic/enic_main.c index 30c7b1c864..ce89b81549 100644 --- a/drivers/net/enic/enic_main.c +++ b/drivers/net/enic/enic_main.c @@ -424,9 +424,9 @@ enic_free_consistent(void *priv, rte_free(mze); } -int enic_link_update(struct enic *enic) +int enic_link_update(struct rte_eth_dev *eth_dev) { - struct rte_eth_dev *eth_dev = enic->rte_dev; + struct enic *enic = pmd_priv(eth_dev); struct rte_eth_link link; memset(&link, 0, sizeof(link)); @@ -445,7 +445,7 @@ enic_intr_handler(void *arg) vnic_intr_return_all_credits(&enic->intr[ENICPMD_LSC_INTR_OFFSET]); - enic_link_update(enic); + enic_link_update(dev); _rte_eth_dev_callback_process(dev, RTE_ETH_EVENT_INTR_LSC, NULL); enic_log_q_error(enic); } @@ -738,31 +738,31 @@ void enic_free_rq(void *rxq) void enic_start_wq(struct enic *enic, uint16_t queue_idx) { - struct rte_eth_dev *eth_dev = enic->rte_dev; + struct rte_eth_dev_data *data = enic->dev_data; vnic_wq_enable(&enic->wq[queue_idx]); - eth_dev->data->tx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STARTED; + data->tx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STARTED; } int enic_stop_wq(struct enic *enic, uint16_t queue_idx) { - struct rte_eth_dev *eth_dev = enic->rte_dev; + struct rte_eth_dev_data *data = enic->dev_data; int ret; ret = vnic_wq_disable(&enic->wq[queue_idx]); if (ret) return ret; - eth_dev->data->tx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STOPPED; + data->tx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STOPPED; return 0; } void enic_start_rq(struct enic *enic, uint16_t queue_idx) { + struct rte_eth_dev_data *data = enic->dev_data; struct vnic_rq *rq_sop; struct vnic_rq *rq_data; rq_sop = &enic->rq[enic_rte_rq_idx_to_sop_idx(queue_idx)]; rq_data = &enic->rq[rq_sop->data_queue_idx]; - struct rte_eth_dev *eth_dev = enic->rte_dev; if (rq_data->in_use) { vnic_rq_enable(rq_data); @@ -771,13 +771,13 @@ void enic_start_rq(struct enic *enic, uint16_t queue_idx) rte_mb(); vnic_rq_enable(rq_sop); enic_initial_post_rx(enic, rq_sop); - eth_dev->data->rx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STARTED; + data->rx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STARTED; } int enic_stop_rq(struct enic *enic, uint16_t queue_idx) { + struct rte_eth_dev_data *data = enic->dev_data; int ret1 = 0, ret2 = 0; - struct rte_eth_dev *eth_dev = enic->rte_dev; struct vnic_rq *rq_sop; struct vnic_rq *rq_data; rq_sop = &enic->rq[enic_rte_rq_idx_to_sop_idx(queue_idx)]; @@ -793,7 +793,7 @@ int enic_stop_rq(struct enic *enic, uint16_t queue_idx) else if (ret1) return ret1; - eth_dev->data->rx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STOPPED; + data->rx_queue_state[queue_idx] = RTE_ETH_QUEUE_STATE_STOPPED; return 0; } -- 2.20.1