From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 60C00A0526;
	Tue, 21 Jul 2020 05:18:25 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id EB07D1BFEE;
	Tue, 21 Jul 2020 05:18:23 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id BF81D1BFEC
 for <dev@dpdk.org>; Tue, 21 Jul 2020 05:18:22 +0200 (CEST)
IronPort-SDR: ISTnJAbpI5V3HYxC1Afd+aL2i7MmOxFwVajEia8ZY5f2aDWxOFCXx4Mxw2ZZHOOgUFcvf3Pi6/
 DwzRmpOd87pg==
X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="211600990"
X-IronPort-AV: E=Sophos;i="5.75,377,1589266800"; d="scan'208";a="211600990"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Jul 2020 20:18:21 -0700
IronPort-SDR: 7c6qp9xrt+6d8mwHVDJ3Bg7BkPM4HP830I+WSKU7wKd0X8I3dK3UP6/AeSEF30hqPF7BDYQCCf
 4034Cgwn+eWA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,377,1589266800"; d="scan'208";a="310078089"
Received: from npg-dpdk-patrickfu-casc1.sh.intel.com ([10.67.111.105])
 by fmsmga004.fm.intel.com with ESMTP; 20 Jul 2020 20:18:20 -0700
From: patrick.fu@intel.com
To: dev@dpdk.org,
	maxime.coquelin@redhat.com,
	chenbo.xia@intel.com
Cc: Patrick Fu <patrick.fu@intel.com>
Date: Tue, 21 Jul 2020 12:10:57 +0000
Message-Id: <20200721121057.32597-1-patrick.fu@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200715155848.9501-1-patrick.fu@intel.com>
References: <20200715155848.9501-1-patrick.fu@intel.com>
Subject: [dpdk-dev] [PATCH v2] vhost: fix double-free with zero-copy
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Patrick Fu <patrick.fu@intel.com>

zmbufs should be set to NULL when getting freed to avoid double free on
the same buffer pointer

Fixes: b0a985d1f340 ("vhost: add dequeue zero copy")

Signed-off-by: Patrick Fu <patrick.fu@intel.com>
---
v2:
 - revise commit message title

 lib/librte_vhost/vhost_user.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index df0db8a07..9ddeae362 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1934,6 +1934,7 @@ free_zmbufs(struct vhost_virtqueue *vq)
 	drain_zmbuf_list(vq);
 
 	rte_free(vq->zmbufs);
+	vq->zmbufs = NULL;
 }
 
 /*
-- 
2.17.1