From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 957BDA2EFC for ; Mon, 14 Oct 2019 13:18:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 393851C1BD; Mon, 14 Oct 2019 13:18:00 +0200 (CEST) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by dpdk.org (Postfix) with ESMTP id 758693772 for ; Mon, 14 Oct 2019 13:17:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1571051878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=28DnLsxM1ahOcy4z7IPFe0Ze9WjFMMwnMOW+q0fziGE=; b=eRNIB/RqL118/CRsv67N8/OiPd3J1uiaK2J0LaPJ22lFaSILq6A6FQVzY+aeOvdr62snp7 B8OYdZkIEUeXncfbgSac3D8oP4+0houjjdpvqRrKngusGFpsO5EBbjaULLoLUA2PjnbFLW +NuKt890MMCYrfSlZK7CKRprPD8JDz4= Received: from mail-vk1-f197.google.com (mail-vk1-f197.google.com [209.85.221.197]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-83-z6UQqVg4MIWmP3XavInSHA-1; Mon, 14 Oct 2019 07:17:52 -0400 Received: by mail-vk1-f197.google.com with SMTP id u123so6793487vkf.8 for ; Mon, 14 Oct 2019 04:17:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=En52cFWlFTMcj0Z2Wa+Oi6pa44ufJ3e71MHpYK5DO/M=; b=tHItpDkr+/aMVLvlGFgy6qH43uHWHPS259fuiW1qmSm0MA0MuDnLpQi+zmH/XWOU2H 8nFhoJBRVY1jt2CCGL2r1ePuMIN0WnQaLIQLcRtbYw3/mVsq4YsA2KoEGmlOvJ/YbnMu vZZWbTVPYAfylCqemWSZj8Xo1I6ySukuD1wVqu0CkYjz6/+TYegeofKx8B67fek7NJsL ZiveDnZXQoYp+63XFrjnORV6C3yBPwIaEDKQ5jri8XPePHAjW304LF8W7rKzDjnNAhQt 4qtVpt3oVGzZTVR9XA05m3dYy6J0lCL5FVhruqcmmmYxmGQw5C9L6rRcjuRR91fJnwMs iNHw== X-Gm-Message-State: APjAAAXfa0gCu/vd7x4ypSkC3lznRyrwWrjw+kmXW1d8tJG+gVSDVgY4 bxR4YK/hOaDngta5KE8YEtBv/CLIsjUgfeJO0ePfKm8jhfr61AG36+eWlgUmLOlS30Rs+LraQIL QGIDx/01Cit8G8Prfhe8= X-Received: by 2002:a67:f98c:: with SMTP id b12mr17168568vsq.39.1571051872463; Mon, 14 Oct 2019 04:17:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqy67PPaRj42OBRLVZiBfCsLHrNaXRvLq+SRg6IFpb5xG/++tcbxWe0Pz9mJs8yjANd+tzJgSLNZ9C7/R5YnkIo= X-Received: by 2002:a67:f98c:: with SMTP id b12mr17168553vsq.39.1571051872153; Mon, 14 Oct 2019 04:17:52 -0700 (PDT) MIME-Version: 1.0 References: <156595762238.18723.10089009448135563310.stgit@jrharri1-skx> In-Reply-To: <156595762238.18723.10089009448135563310.stgit@jrharri1-skx> From: David Marchand Date: Mon, 14 Oct 2019 13:17:40 +0200 Message-ID: To: Jim Harris Cc: dev , "Burakov, Anatoly" X-MC-Unique: z6UQqVg4MIWmP3XavInSHA-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-dev] [PATCH] vfio: free mp_reply msgs in failure cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Fri, Aug 16, 2019 at 9:19 PM Jim Harris wrote= : > > The code checks both rte_mp_request_sync() return > code and that the number of messages in the reply > equals 1. If rte_mp_request_sync() succeeds but > there was more than one message, those messages > would get leaked. > > Found via code review by Anatoly Burakov of patches > that used the vhost code as a template for using > rte_mp_request_sync(). The patch looks fine, I just want to make sure its title reflect what it fi= xes. Can you give some insights of how common this issue is? If there are known cases where it happens? I might have spotted another issue (could be worth a followup patch later if confirmed), please see below. > > Signed-off-by: Jim Harris > --- > lib/librte_eal/linux/eal/eal_vfio.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/lib/librte_eal/linux/eal/eal_vfio.c b/lib/librte_eal/linux/e= al/eal_vfio.c > index 501c74f23..d9541b122 100644 > --- a/lib/librte_eal/linux/eal/eal_vfio.c > +++ b/lib/librte_eal/linux/eal/eal_vfio.c [snip] > @@ -1021,7 +1021,7 @@ int > vfio_get_default_container_fd(void) > { > struct rte_mp_msg mp_req, *mp_rep; > - struct rte_mp_reply mp_reply; > + struct rte_mp_reply mp_reply =3D {0}; > struct timespec ts =3D {.tv_sec =3D 5, .tv_nsec =3D 0}; > struct vfio_mp_param *p =3D (struct vfio_mp_param *)mp_req.param; > > @@ -1049,9 +1049,9 @@ vfio_get_default_container_fd(void) > free(mp_reply.msgs); > return mp_rep->fds[0]; Do we have a use after free on mp_rep which points to &mp_reply.msgs[0] ? > } > - free(mp_reply.msgs); > } > > + free(mp_reply.msgs); > RTE_LOG(ERR, EAL, " cannot request default container fd\n"); > return -1; > } --=20 David Marchand