memif: crash on slave mode (VPP-1006)

ligang/vpp

Crash was seen on recent image with this BT on top of the stack

(gdb) bt full
    (mif=0x7fffb6226568) at
    /vpp/build-data/../src/plugins/memif/memif.c:297
        ring = 0x0 <<<<<<<<<<
        i = 0
        j = 0
        buffer_offset = 65792
        r = 0x7fffb5e59f80
        alloc = {flags = 1, name = 0x7fffb449f965 "memif region",
          size = 4260096, numa_node = 0, addr = 0x7fff41dac000,
          fd = 11,
          log2_page_size = 12, n_pages = 1041}
        err = 0x0
        __FUNCTION__ = "memif_init_regions_and_queues"

The crash happened at this line.
      ring = memif_get_ring (mif, MEMIF_RING_S2M, i);
      ring=>head = ring->tail = 0; <=====

Please note that the crash is caused by dereferencing NULL rinng.
Put breakpoint into the function. I notice that
mif->regions[0].shm is not initialized.

(gdb) p mif->regions[0].shm
$8 = (void *) 0x0

It looks like we forgot to set shm after clib_mem_vm_ext_alloc().
Add the missing cide and the crash is fixed.

Change-Id: Ib722a6c241c77acfa8e33962106b57faa50e1ea7
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 9fefa9a697)

This commit is contained in:

Steven

2017-09-30 10:50:20 -07:00

committed by

steven luong

parent f3d627dd3c

commit 79bfbae54c

1 changed files with 1 additions and 0 deletions

									
										1

src/plugins/memif/memif.c
									
												View File
												
				@ -290,6 +290,7 @@ memif_init_regions_and_queues (memif_if_t * mif)

				    return err;

				  r->fd = alloc.fd;

				  r->shm = alloc.addr;

				  for (i = 0; i < mif->run.num_s2m_rings; i++)

				    {

memif: crash on slave mode (VPP-1006)

1 src/plugins/memif/memif.c Unescape Escape View File

1

src/plugins/memif/memif.c

View File