net/mlx4: fix flow creation before start

The corrupted code causes segmentation fault when user creates
flow with drop action before device starting.

For example, failsafe PMD recreates all the flows before calling
dev_start in plug-in sequence and mlx4 allocated its flow drop
queue in dev_start.
Hence, when failsafe created flow with drop action after plug-in
event, mlx4 tried to dereference flow drop queue which was
uninitialized.

The fix added check to the drop qp accessible and conditioned the
ibv_create_flow calling on device starting.

Fixes: 642fe56a1ba5 ("net/mlx4: use a single drop queue for all drop flows")
Fixes: 46d5736a7049 ("net/mlx4: support basic flow items and actions")
Cc: stable@dpdk.org
Signed-off-by: Matan Azrad <matan@mellanox.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>

diff --git a/drivers/net/mlx4/mlx4_flow.c b/drivers/net/mlx4/mlx4_flow.c
index 8ade106..925c89c 100644 (file)
--- a/drivers/net/mlx4/mlx4_flow.c
+++ b/drivers/net/mlx4/mlx4_flow.c
@@ -977,7 +977,7 @@ priv_flow_create_action_queue(struct priv *priv,
                return NULL;
        }
        if (action->drop) {
-               qp = priv->flow_drop_queue->qp;
+               qp = priv->flow_drop_queue ? priv->flow_drop_queue->qp : NULL;
        } else {
                int ret;
                unsigned int i;
@@ -1015,6 +1015,8 @@ priv_flow_create_action_queue(struct priv *priv,
                rte_flow->qp = qp;
        }
        rte_flow->ibv_attr = ibv_attr;
+       if (!priv->started)
+               return rte_flow;
        rte_flow->ibv_flow = ibv_create_flow(qp, rte_flow->ibv_attr);
        if (!rte_flow->ibv_flow) {
                rte_flow_error_set(error, ENOMEM, RTE_FLOW_ERROR_TYPE_HANDLE,