From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 96C461BAF3; Wed, 11 Apr 2018 14:09:40 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Apr 2018 05:09:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,436,1517904000"; d="scan'208";a="46988714" Received: from irsmsx153.ger.corp.intel.com ([163.33.192.75]) by orsmga001.jf.intel.com with ESMTP; 11 Apr 2018 05:09:25 -0700 Received: from irsmsx102.ger.corp.intel.com ([169.254.2.164]) by IRSMSX153.ger.corp.intel.com ([169.254.9.3]) with mapi id 14.03.0319.002; Wed, 11 Apr 2018 13:09:23 +0100 From: "Ananyev, Konstantin" To: "Legacy, Allain (Wind River)" CC: "dev@dpdk.org" , "Peters, Matt (Wind River)" , "stable@dpdk.org" Thread-Topic: [PATCH v2] ip_frag: fix double free of chained mbufs Thread-Index: AQHTv44lGMPnxe4r5E+0N/1sCPbP9qP7iPSQgAADDTCAABBY4A== Date: Wed, 11 Apr 2018 12:09:23 +0000 Message-ID: <2601191342CEEE43887BDE71AB977258AE9139A5@IRSMSX102.ger.corp.intel.com> References: <20180319141833.21669-1-allain.legacy@windriver.com> <20180319142523.22163-1-allain.legacy@windriver.com> <2601191342CEEE43887BDE71AB977258AE9138DD@IRSMSX102.ger.corp.intel.com> <70A7408C6E1BFB41B192A929744D8523BA9FC6A1@ALA-MBD.corp.ad.wrs.com> In-Reply-To: <70A7408C6E1BFB41B192A929744D8523BA9FC6A1@ALA-MBD.corp.ad.wrs.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNGE1NWMyZDItMGUxYS00Zjg0LWIxMDktMTZkODVmOTM1NmY4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6IndBRnVjUU9OTlQ4R1J5SjhDbldIWVN5RUlsaHBXdmxYSzJiQnc2bDBvVTA9In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-stable] [PATCH v2] ip_frag: fix double free of chained mbufs X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2018 12:09:41 -0000 > -----Original Message----- > From: Legacy, Allain [mailto:Allain.Legacy@windriver.com] > Sent: Wednesday, April 11, 2018 12:28 PM > To: Ananyev, Konstantin > Cc: dev@dpdk.org; Peters, Matt (Wind River) ; = stable@dpdk.org > Subject: RE: [PATCH v2] ip_frag: fix double free of chained mbufs >=20 > > -----Original Message----- > > From: Ananyev, Konstantin [mailto:konstantin.ananyev@intel.com] > > Sent: Wednesday, April 11, 2018 7:02 AM > <..> > > > > > > I wonder why we have to NULL only first and cur entry? > > We probably have to NULL each one in that case, right? >=20 > We have to do first and current entries at those locations because > the code does not clear them properly. All other entries are cleared by > the following piece of code but it does not handle the two cases that I a= m > addressing with my change. >=20 > /* this mbuf should not be accessed directly */ > fp->frags[curr_idx].mb =3D NULL; > curr_idx =3D i; Ah ok, makes sense. >=20 >=20 > > If so, then it probably better to do in the same place we do > > ip_frag_key_invalidate(). >=20 > I don't feel that ip_frag_key_invalidate is the appropriate place to take= care of this. In the interest of code readability and maintainability it > should stick to what its name implies and only invalidate the key and not= hing else. Since the ipv*_frag_reassemble() functions were > already setup to set the pointers to NULL it should continue to be done t= here, but of course since it is does not handle all cases correctly it > should be fixed. >=20 >=20 > > As alternative, and probably better approach - can we modify > > rte_ip_frag_table_destroy(), so it will free mbufs only for entires wit= h valid > > keys? >=20 > If you prefer this approach I can start over. If we already doing that as you pointed above, then probably no need for ne= w solution. Konstantin