Getting an unexpected EPOLLOUT for RX queue and crashing due to missing
callback function on write_function to handle EPOLLOUT.
(gdb) f 5
f 5
node=<optimized out>, vm=0x7f948bbe4540 <vlib_global_main>) at /vpp/src/vlib/unix/input.c:325
325 errors[n_errors] = f->write_function (f);
(gdb) p *e
p *e
$21 = {events = 4, data = {ptr = 0x23, fd = 35, u32 = 35, u64 = 35}}
(gdb) p file_main.file_pool[e->data.fd]
p file_main.file_pool[e->data.fd]
$22 = {file_descriptor = 37, flags = 1, polling_thread_index = 0, private_data = 65536,
read_function = 0x7f944a87b140 <memif_int_fd_read_ready>, write_function = 0x0,
error_function = 0x0, description = 0x7f944be22400 "memif0/1 rx 0 int", read_events = 0,
write_events = 1, error_events = 0}
(gdb)
File descriptors are recycled. It is likely that the EPOLLOUT is meant
for the previous owner of the same file descriptor number which memif
recycled and memif RX did not expect to receive an EPOLLOUT. For
defensive play, we create a dummy callback function to ignore the
EPOLLOUT instead of crashing.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I535cadbb9b71d3db2995b118c59a12c71f10af09
clib_fifo_free (mif->msg_queue);
}
+static clib_error_t *
+memif_int_fd_write_ready (clib_file_t * uf)
+{
+ memif_main_t *mm = &memif_main;
+ u16 qid = uf->private_data & 0xFFFF;
+ memif_if_t *mif = vec_elt_at_index (mm->interfaces, uf->private_data >> 16);
+
+ memif_log_warn (mif, "unexpected EPOLLOUT on RX for queue %u", qid);
+ return 0;
+}
+
static clib_error_t *
memif_int_fd_read_ready (clib_file_t * uf)
{
/* *INDENT-ON* */
template.read_function = memif_int_fd_read_ready;
+ template.write_function = memif_int_fd_write_ready;
/* *INDENT-OFF* */
vec_foreach_index (i, mif->tx_queues)
Code Review / vpp.git / commitdiff