The TAP driver does not initialize all the elements of the rte_flow
structure. This can lead to crash in rte_flow_destroy.
(gdb) where
flow=0x100e99280, error=0x0)
at drivers/net/tap/tap_flow.c:1514
(gdb) p remote_flow
$1 = (struct rte_flow *) 0x6b6b6b6b6b6b6b6b
Which is here:
static int
tap_flow_destroy_pmd(struct pmd_internals *pmd,
struct rte_flow *flow,
struct rte_flow_error *error)
{
struct rte_flow *remote_flow = flow->remote_flow;
...
if (remote_flow) {
remote_flow->msg.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
Simplest fix is to use rte_zmalloc() so remote_flow and other fields
are always set at zero.
Fixes: 2bc06869cd94 ("net/tap: add remote netdevice traffic capture")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
8451387df2