From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0A87C42981; Wed, 19 Apr 2023 01:53:37 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 85D2D40DF8; Wed, 19 Apr 2023 01:53:37 +0200 (CEST) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2068.outbound.protection.outlook.com [40.107.21.68]) by mails.dpdk.org (Postfix) with ESMTP id 007784021F; Wed, 19 Apr 2023 01:53:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pDynSseDAl3K7TPJIPdxRilwecDW88N/JNpDC4dj41w=; b=MvfS4du73nNACbPstHNscCMyuAZuSQ+abw4q/wQaj4Zgql3abVosN+A8e2i/WBkG8XhIlWLuz9x17XRQAlUmqtsIpR9JoV/mreQpmsZWznDv0fWI3+l0zBoGgEG2QJnwMSSiJ3X4ScHzJahtZ11tQ6Qr8qwwD0znXe6r3DemkV4= Received: from AS9PR06CA0413.eurprd06.prod.outlook.com (2603:10a6:20b:461::22) by DU0PR08MB9902.eurprd08.prod.outlook.com (2603:10a6:10:476::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.21; Tue, 18 Apr 2023 23:53:33 +0000 Received: from AM7EUR03FT020.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:461:cafe::c4) by AS9PR06CA0413.outlook.office365.com (2603:10a6:20b:461::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.22 via Frontend Transport; Tue, 18 Apr 2023 23:53:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT020.mail.protection.outlook.com (100.127.140.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.20 via Frontend Transport; Tue, 18 Apr 2023 23:53:32 +0000 Received: ("Tessian outbound 99a3040377ca:v136"); Tue, 18 Apr 2023 23:53:32 +0000 X-CR-MTA-TID: 64aa7808 Received: from 2a87243d23af.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B3410585-377C-4580-8676-F79EDFCC4D48.1; Tue, 18 Apr 2023 23:53:27 +0000 Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2a87243d23af.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 18 Apr 2023 23:53:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=as1APAG/7xRsKlPAJd16RC+fXZ5mhE32xscPzz7wiwu4uGVX6H8Eyn8W/Urx+Da2/3Nxlq6KMYtrO7Dlj0hnKBo4nOyh5/Q2fqAOGJCyGFiTnHhVlNM9LC0ZFVK5wfk6oM1hIL0DeASgG20HiPWzK9V74xSI02cBWOWKqrAlhrQlgWR6QA6585R/GTGJpP/mG3mU/u6bwv3apaxmkp5g9yD1IAZBEwqC6wdKsEWEMBw/itlbTfz/c0dPzLG68YctwYELN3sax4dmt/Qwzvh0dz21EDbxb5dR2IqMQ61XcYKRaYfBDdNP18C9hxJosmQMkvFA+kwIMJ7Zk7unW1FRig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pDynSseDAl3K7TPJIPdxRilwecDW88N/JNpDC4dj41w=; b=HyE3JzRAkqmNEFl9S1vlG88Jo5AONMsWssofBoPMMOsKHREY3sOvLoD8rr+Rn+OrW7Gbp7Oq9RFT1azAXxPgvXjwHL7536Vpp0KMqRWNhjhxm+34ykrxTs8ObBmO3pbohaFJt4zq0Gat3GRJRpuYPAS9JkVsAeCajTOo89mNe85vNduSfbaV+dO7nwmPzCoqBEZKCJcRzHpiBd6yLo7+jqxssPwUFyO2nXsPRbnfYoWeSUZnV2qiHRKEaQjAF7oHEjHZiSwcQx2e3izQu1xeD+EkwEOQ0qpwX0r1R9M/xjh+XPZBhTJLSHrv6cuGv0yjZ4EZcY5WNVeDD7Wb2yWGJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pDynSseDAl3K7TPJIPdxRilwecDW88N/JNpDC4dj41w=; b=MvfS4du73nNACbPstHNscCMyuAZuSQ+abw4q/wQaj4Zgql3abVosN+A8e2i/WBkG8XhIlWLuz9x17XRQAlUmqtsIpR9JoV/mreQpmsZWznDv0fWI3+l0zBoGgEG2QJnwMSSiJ3X4ScHzJahtZ11tQ6Qr8qwwD0znXe6r3DemkV4= Received: from DBAPR08MB5814.eurprd08.prod.outlook.com (2603:10a6:10:1b1::6) by AM8PR08MB6386.eurprd08.prod.outlook.com (2603:10a6:20b:362::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Tue, 18 Apr 2023 23:53:23 +0000 Received: from DBAPR08MB5814.eurprd08.prod.outlook.com ([fe80::621c:838a:cb11:19b7]) by DBAPR08MB5814.eurprd08.prod.outlook.com ([fe80::621c:838a:cb11:19b7%7]) with mapi id 15.20.6298.045; Tue, 18 Apr 2023 23:53:23 +0000 From: Honnappa Nagarahalli To: Yunjian Wang , "dev@dpdk.org" CC: "konstantin.v.ananyev@yandex.ru" , "luyicai@huawei.com" , "stable@dpdk.org" , nd , Honnappa Nagarahalli , nd Subject: RE: [dpdk-dev] [PATCH] ring: fix use after free in ring release Thread-Topic: [dpdk-dev] [PATCH] ring: fix use after free in ring release Thread-Index: AQHZcS5ODwXmKqOtKEurHIAnpAWT1K8xvsqg Date: Tue, 18 Apr 2023 23:53:22 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: B8A5196EBD7493479597DD5D12C957AC.0 x-checkrecipientchecked: true Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; x-ms-traffictypediagnostic: DBAPR08MB5814:EE_|AM8PR08MB6386:EE_|AM7EUR03FT020:EE_|DU0PR08MB9902:EE_ X-MS-Office365-Filtering-Correlation-Id: dc3d2cc8-b4d9-4c87-cd13-08db40681e26 x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 9d9FuRCG4JRiyQArtTL+XlhaMjSz3U5aDvhtPEn2iJ5oEbkzOJjmNDgxT7OvCYItQdaS240QKh1gHoAZuUwAhfRdWigVdXLukDV2ktBZLslnGfEobIMFIMleBviO7ZRw86OBfGrroPMwevsZcKWR6iWgKe4O94sd0e+DIdc0zIObfWLwI+/qUhdK78jkQelnsaeAJ7N1zF8ozAFnxJ/SZpVKKFGDA2UNxNnCKEkuzdrUUFTxAwHXA4hz+PVtSbn0C0mfdn3/7sdbfd5jTUX1QxRGF1oIZEzh6yc/Z0gg62hSQ7Tqn6LPqXXL2K/cFeJZ4I/tZ6YYue19CgnsXJXhqczDf7fhhjgztCFf6hIsPLaN6Et9BCOpTHzyiGF0PPwKbrSXL3Yta1MRFL7yqihxsYs9lo3hBrTe3Ay8Wc4BfL79yLF1Jm7CYzwxubX6tRCyU275idA+0hOBZl9cul9dSWaM66dFkoK+3opcqgHlCZt4pRPgI9evDLbxxiBur+iER2Y4h/wNV7ZktkOocUd3QJOXQ8Q/aJYO5kicqY7xuiL5r+LLF7BBYGzHACbrOZKLa90wuy6GcSOIMeHIjL1d27QrGEhozchDxNaULQUEMJ4sadR+ZEITngazNFfsu0zrlDpkn5K23Z/e733FdR5x/w== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5814.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(39860400002)(346002)(136003)(376002)(396003)(451199021)(6506007)(186003)(9686003)(53546011)(26005)(8676002)(8936002)(38100700002)(41300700001)(4326008)(316002)(54906003)(76116006)(66946007)(33656002)(478600001)(86362001)(110136005)(66556008)(66476007)(64756008)(71200400001)(7696005)(122000001)(55016003)(66446008)(52536014)(2906002)(83380400001)(38070700005)(5660300002)(23180200003); DIR:OUT; SFP:1101; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB6386 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: f8ad5695-0141-4fa6-6278-08db406817fa X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YXf89/2ioGs01vl03XhzUMpCkQY9zogkuh5bVFwkCjjk0vsdwaUD6/qiDMyiYCr23+LaFf/2ggrpLn0xpzCGTalp47oXvjIATsU/B86lp7/Sr6Lj6NBMpPFupq/sSGMiEN87d1V8dZMa2RBXJvxk2j80GINVnXVYG2/0NcC3C7BtJfnsyBsaG/2+l+SVSfbVLh+II1OUEefTxLwjiRPjobEy6JJEEYFS2oP6SEGdUP7cafe9MsK34lsPudIQXo/ov9+xy6UaSn7PbwWBd5WzYmuoziswIJVOT9Yhk1oL4/uJjQDsPGWqreiGazAZKOZNoAgtimARPQHKHf2O+ZZ7lB+DlmzL0A1ppRbJwOQRo1LSENC0Pktuqb7ozoIZ79yns2cbP/ERAXsaR0VMy48HMGs9CvdzyZIiZWtkryAJc+prMeVvJyLo+Q8feq0svjKZeu6qlVlC5z5f617UDtyIkpjgVbnwfQ/jWdkb1UzijK56CFAHRgZlRoxBHQ24Lh9+47Q2yNP3dBwLxzKzCGG6DGhKtf93wH+XaCQULADTjHs8V8aXbvrq7x8VtuccdwleKDS/urih7c2MvAJKJOqgSRkzpgyK1yXwgkpbwCXnRdoVrUBsVz9SQr73RYut3fmBPK8N6Ggb7hQ5w64y52TozuapWeDMm8F6i5g+Tbtfl/XE/Xk9a3zboalS+jyeCFWq9I+lTF60mfQZ0s0h6woeM72OvQ1li6zDer5fhacHjiI= X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230028)(4636009)(376002)(136003)(396003)(346002)(39860400002)(451199021)(46966006)(40470700004)(36840700001)(36860700001)(70206006)(70586007)(450100002)(186003)(9686003)(26005)(2906002)(53546011)(6506007)(83380400001)(47076005)(7696005)(86362001)(336012)(478600001)(52536014)(5660300002)(54906003)(110136005)(33656002)(40460700003)(81166007)(4326008)(356005)(82310400005)(55016003)(41300700001)(40480700001)(82740400003)(8936002)(8676002)(316002)(23180200003); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2023 23:53:32.8911 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dc3d2cc8-b4d9-4c87-cd13-08db40681e26 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB9902 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Yunjian Wang > Sent: Monday, April 17, 2023 8:12 AM > To: dev@dpdk.org > Cc: Honnappa Nagarahalli ; > konstantin.v.ananyev@yandex.ru; luyicai@huawei.com; Yunjian Wang > ; stable@dpdk.org > Subject: [dpdk-dev] [PATCH] ring: fix use after free in ring release >=20 > When using the ring to find out tailq entry, however it had been freed by > rte_memzone_free function. This change prevents that from happening. I am unable to follow the problem you are describing. After the memzone for the ring is released, the contents of the memzone are= not being used. I understand that the variable 'r' is being used, but that= should not cause any issues. >=20 > Fixes: 4e32101f9b01 ("ring: support freeing") > Cc: stable@dpdk.org >=20 > Signed-off-by: Yunjian Wang > --- > lib/ring/rte_ring.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) >=20 > diff --git a/lib/ring/rte_ring.c b/lib/ring/rte_ring.c index > 8ed455043d..17d2d7f8a8 100644 > --- a/lib/ring/rte_ring.c > +++ b/lib/ring/rte_ring.c > @@ -333,11 +333,6 @@ rte_ring_free(struct rte_ring *r) > return; > } >=20 > - if (rte_memzone_free(r->memzone) !=3D 0) { > - RTE_LOG(ERR, RING, "Cannot free memory\n"); > - return; > - } Why do we need to free the memzone later? > - > ring_list =3D RTE_TAILQ_CAST(rte_ring_tailq.head, rte_ring_list); > rte_mcfg_tailq_write_lock(); >=20 > @@ -349,7 +344,7 @@ rte_ring_free(struct rte_ring *r) >=20 > if (te =3D=3D NULL) { > rte_mcfg_tailq_write_unlock(); > - return; > + goto free_memzone; > } >=20 > TAILQ_REMOVE(ring_list, te, next); > @@ -357,6 +352,10 @@ rte_ring_free(struct rte_ring *r) > rte_mcfg_tailq_write_unlock(); >=20 > rte_free(te); > + > +free_memzone: > + if (rte_memzone_free(r->memzone) !=3D 0) > + RTE_LOG(ERR, RING, "Cannot free memory\n"); > } >=20 > /* dump the status of the ring on the console */ > -- > 2.33.0