From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
To: Olivier MATZ <olivier.matz@6wind.com>
Cc: Bruce Richardson <bruce.richardson@intel.com>, dev <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 3/3] lpm: fix missing free of lpm
Date: Wed, 16 Mar 2016 14:34:28 +0100 [thread overview]
Message-ID: <CAATJJ0LqPQ2Vby_JzB-cKmtxmxk4kK+6vUzCHbyDpK754rQmaA@mail.gmail.com> (raw)
In-Reply-To: <56E95C29.1060600@6wind.com>
Hi,
looking at it I think we have intersections but also parts of yours that I
missed.
More than that while applying your changes I found other potential
use-after free cases.
I'll wrap that all up together in a v3 of my series.
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
On Wed, Mar 16, 2016 at 2:14 PM, Olivier MATZ <olivier.matz@6wind.com>
wrote:
> Hi Christian,
>
> On 03/16/2016 01:33 PM, Christian Ehrhardt wrote:
>
>> Fixing lpm6 regarding a similar issue showed that that in rte_lpm_free lpm
>> might not be freed if it didn't find a te (early return)
>>
>> Acked-by: Bruce Richardson <bruce.richardson@intel.com>
>> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
>> ---
>> lib/librte_lpm/rte_lpm.c | 8 ++------
>> 1 file changed, 2 insertions(+), 6 deletions(-)
>>
>> diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c
>> index ccaaa2a..d5fa1f8 100644
>> --- a/lib/librte_lpm/rte_lpm.c
>> +++ b/lib/librte_lpm/rte_lpm.c
>> @@ -360,12 +360,8 @@ rte_lpm_free_v20(struct rte_lpm_v20 *lpm)
>> if (te->data == (void *) lpm)
>> break;
>> }
>> - if (te == NULL) {
>> - rte_rwlock_write_unlock(RTE_EAL_TAILQ_RWLOCK);
>> - return;
>> - }
>> -
>> - TAILQ_REMOVE(lpm_list, te, next);
>> + if (te != NULL)
>> + TAILQ_REMOVE(lpm_list, te, next);
>>
>> rte_rwlock_write_unlock(RTE_EAL_TAILQ_RWLOCK);
>>
>>
>>
> I've just seen you had already posted a series on this topic.
> It looks that some free() are missing in lpm.c:
>
> Could you please check my version of the patch (which was not as
> complete as your series)?
> http://dpdk.org/dev/patchwork/patch/11526/
>
> Regards,
> Olivier
>
next prev parent reply other threads:[~2016-03-16 13:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-16 12:33 [dpdk-dev] [PATCH 0/3] lpm allocation fixes - v2 Christian Ehrhardt
2016-03-16 12:33 ` [dpdk-dev] [PATCH 1/3] lpm6: fix use after free of lpm in rte_lpm6_create Christian Ehrhardt
2016-03-16 12:33 ` [dpdk-dev] [PATCH 2/3] lpm6: fix missing free of rules_tbl and lpm Christian Ehrhardt
2016-03-16 12:33 ` [dpdk-dev] [PATCH 3/3] lpm: fix missing free of lpm Christian Ehrhardt
2016-03-16 13:14 ` Olivier MATZ
2016-03-16 13:34 ` Christian Ehrhardt [this message]
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 0/5] lpm allocation fixes Christian Ehrhardt
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 1/5] lpm6: fix use after free of lpm in rte_lpm6_create Christian Ehrhardt
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 2/5] lpm6: fix missing free of rules_tbl and lpm Christian Ehrhardt
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 3/5] lpm: fix missing free of lpm Christian Ehrhardt
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 4/5] lpm: fix use after free of lpm in rte_lpm_create* Christian Ehrhardt
2016-03-21 14:06 ` [dpdk-dev] [PATCH v4 5/5] lpm: fix missing free of rules_tbl and lpm in rte_lpm_free* Christian Ehrhardt
2016-03-22 16:14 ` [dpdk-dev] [PATCH v4 0/5] lpm allocation fixes Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAATJJ0LqPQ2Vby_JzB-cKmtxmxk4kK+6vUzCHbyDpK754rQmaA@mail.gmail.com \
--to=christian.ehrhardt@canonical.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=olivier.matz@6wind.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).