From 0b8567331c3edf8b6aee51c849b8391a2922d9ab Mon Sep 17 00:00:00 2001 From: Steven Date: Wed, 28 Feb 2018 11:00:34 -0800 Subject: [PATCH] tapv2: abort in tap_create_if (VPP-1179) The following command sequences cause the crash: create tap id 0 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 set interface state tap0 up set interface state tap1 up delete tap tap0 delete tap tap1 create tap id 0 rx-ring-size 1024 tx-ring-size 1024 0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46 (vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails The reason for the crash is because when the tap interface is deleted, the code does not remove the entry from the device queue. But the interface is deleted anyway from vnet_main.interface_main.hw_interfaces. When an interface is created again, it may encounter the deleted entry in the device queue and crash. Notice create and delete a single entry does not cause a crash. Need to create and delete 2 interfaces to create a "hole" in the device queue. Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f Signed-off-by: Steven --- src/vnet/devices/tap/tap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/vnet/devices/tap/tap.c b/src/vnet/devices/tap/tap.c index de6107a589b..eb5a7a9eb2e 100644 --- a/src/vnet/devices/tap/tap.c +++ b/src/vnet/devices/tap/tap.c @@ -443,6 +443,7 @@ tap_delete_if (vlib_main_t * vm, u32 sw_if_index) /* bring down the interface */ vnet_hw_interface_set_flags (vnm, vif->hw_if_index, 0); vnet_sw_interface_set_flags (vnm, vif->sw_if_index, 0); + vnet_hw_interface_unassign_rx_thread (vnm, vif->hw_if_index, 0); ethernet_delete_interface (vnm, vif->hw_if_index); vif->hw_if_index = ~0; -- 2.16.6