The corrupted code causes segmentation fault when user creates
flow with drop action before device starting.
For example, failsafe PMD recreates all the flows before calling
dev_start in plug-in sequence and mlx4 allocated its flow drop
queue in dev_start.
Hence, when failsafe created flow with drop action after plug-in
event, mlx4 tried to dereference flow drop queue which was uninitialized.
The fix added check to the drop qp accesibale and conditioned the
ibv_create_flow calling on device starting.
Fixes: 642fe56a1ba5 ("net/mlx4: use a single drop queue for all drop flows")
Fixes: 46d5736a7049 ("net/mlx4: support basic flow items and actions")
Cc: sta...@dpdk.org
Signed-off-by: Matan Azrad <ma...@mellanox.com>
Acked-by: Adrien Mazarguil <adrien.mazarg...@6wind.com>
---
drivers/net/mlx4/mlx4_flow.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
v2 to fix the qp accesible by other way and fix the ibv_create_flow calling
before dev_start.
diff --git a/drivers/net/mlx4/mlx4_flow.c b/drivers/net/mlx4/mlx4_flow.c
index 8ade106..925c89c 100644
--- a/drivers/net/mlx4/mlx4_flow.c
+++ b/drivers/net/mlx4/mlx4_flow.c
@@ -977,7 +977,7 @@ struct rte_flow_drop {
return NULL;
}
if (action->drop) {
- qp = priv->flow_drop_queue->qp;
+ qp = priv->flow_drop_queue ? priv->flow_drop_queue->qp : NULL;
} else {
int ret;
unsigned int i;
@@ -1015,6 +1015,8 @@ struct rte_flow_drop {
rte_flow->qp = qp;
}
rte_flow->ibv_attr = ibv_attr;
+ if (!priv->started)
+ return rte_flow;
rte_flow->ibv_flow = ibv_create_flow(qp, rte_flow->ibv_attr);
if (!rte_flow->ibv_flow) {
rte_flow_error_set(error, ENOMEM, RTE_FLOW_ERROR_TYPE_HANDLE,
--
1.8.3.1
