From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <christian.ehrhardt@canonical.com>
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com
 [209.85.220.179]) by dpdk.org (Postfix) with ESMTP id 6CD592BEF
 for <dev@dpdk.org>; Fri, 11 Mar 2016 08:03:54 +0100 (CET)
Received: by mail-qk0-f179.google.com with SMTP id s68so44397594qkh.3
 for <dev@dpdk.org>; Thu, 10 Mar 2016 23:03:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=canonical-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=LOcaVJ/ym4UMI1dVlEoSljCE3WFA0EUf/zwNgqCOL0Q=;
 b=IF7jSoO+RjS2knbpUYHU8P817KUN5A7yl2XxeLrrB1n5jNffVzOgn00bIJLwrH6uT5
 tcIWOQHoKYrCsLFUNaUt0pTEpXzO0Pg2TJpi/D2UICcZctoUKIVUYk7aWzJQ6CWSz5La
 kvG8R7moKSwNcMWUqupzlAc77ithF4/ZurmXHMoutrkJBR88pWBTToTJl6Ar5BqBlknD
 ulYtj5LB9Zju77AsphjDsve4Z2T0X7kGTJQUr5dI8cKNBycpMOTtfq30WFd1k5Z4e2vz
 VtMZEz8IQAUPSHoFQVvvUC6OTEeHymfyLBwiFwqlgrpuq27UVzz4/2oVSj3ZB+iO5nXE
 7jMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=LOcaVJ/ym4UMI1dVlEoSljCE3WFA0EUf/zwNgqCOL0Q=;
 b=BHnx8gciRr96dgriL+uYmvRqXbYEFiNqIRMWxlvbOhLGbxXsxeqwwywR9gTCtHtcXJ
 0fQ5cqHSss4kqz3pM2u9tj2f6i+aa9NfylSmEH8pjgDtyS0RK156wBgccQc+DsUjpxhS
 IRFYH6uezmxhBvK3AgG+W3I/QNjIFnBUbjJpCkOP1Z1+ulDk9uirxz4iJB04uZ4D6kQI
 fuIrfjpfjo3+YQLH0k7idQr0J9ryxGaNmQitsnJ9LR8MGrqlSoDkh7n82+Z676rl4RJR
 oFrUFUSjNPZnipyrArGK3HD0DhmwxOqhrDjQdo/WBDU4V6UQIHMFAHckNaVVcytmfSq2
 LVPg==
X-Gm-Message-State: AD7BkJKxJjQwD99g/mQrLXsP9el7DJiPxqxhNGk6faaOde/FBaPQNEmLy17Q5pVuV7+2/bxv85fjGhL+1VuhWp5G
X-Received: by 10.55.80.86 with SMTP id e83mr9524277qkb.91.1457679833856; Thu,
 10 Mar 2016 23:03:53 -0800 (PST)
MIME-Version: 1.0
Received: by 10.55.207.20 with HTTP; Thu, 10 Mar 2016 23:03:34 -0800 (PST)
In-Reply-To: <20160304144211.7d8512c9@xeon-e3>
References: <1457087480-11216-1-git-send-email-christian.ehrhardt@canonical.com>
 <20160304144211.7d8512c9@xeon-e3>
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Fri, 11 Mar 2016 08:03:34 +0100
Message-ID: <CAATJJ0J8agmg4w1RfjnsiUCmefO3FGYSs7fQ9LavTMadKiJ3bw@mail.gmail.com>
To: Stephen Hemminger <stephen@networkplumber.org>, 
 Bruce Richardson <bruce.richardson@intel.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Cc: dev <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] lpm6: fix use after free of lpm in
	rte_lpm6_create
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 07:03:54 -0000

Hi,
thanks already Stephen for your ack on this patch.

I was realizing that my lpm patches were still not applied which is ok
given the amount of patches flowing by, but I wanted to ask again.
Considering the discussion between Bruce and Thomas about review and
maintainers I realized it might be best to add the respective maitainer as
a "to".
Sorry I had forgotten that the first time - In the lpm case that is Bruce,
so addressing directly.

It is about two patches, I didn't know about the second when submitting the
first so they are two individual submissions and not a series.
They still apply as of today (slight offset now but still applying).
Please let me know if you want them grouped to a series, rebased or
anything else before committing.

The two patches I talk about:
http://dpdk.org/dev/patchwork/patch/11067/
http://dpdk.org/dev/patchwork/patch/11065/

Thanks in advance,
Christian


Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

On Fri, Mar 4, 2016 at 11:42 PM, Stephen Hemminger <
stephen@networkplumber.org> wrote:

> On Fri,  4 Mar 2016 11:31:20 +0100
> Christian Ehrhardt <christian.ehrhardt@canonical.com> wrote:
>
> > In certain autotests lpm->max_rules turned out to be non initialized.
> > That was caused by a failing allocation for lpm->rules_tbl in
> rte_lpm6_create.
> > It then left the function via goto exit with lpm freed, but still a
> pointer
> > value being set.
> >
> > In case of an allocation failure it resets lpm to NULL now, to avoid the
> > upper layers operate on that already freed memory.
> > Along that is also makes the RTE_LOG message of the failed allocation
> unique.
> > ---
> >  lib/librte_lpm/rte_lpm6.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/librte_lpm/rte_lpm6.c b/lib/librte_lpm/rte_lpm6.c
> > index 6c2b293..48931cc 100644
> > --- a/lib/librte_lpm/rte_lpm6.c
> > +++ b/lib/librte_lpm/rte_lpm6.c
> > @@ -206,8 +206,9 @@ rte_lpm6_create(const char *name, int socket_id,
> >                       (size_t)rules_size, RTE_CACHE_LINE_SIZE,
> socket_id);
> >
> >       if (lpm->rules_tbl == NULL) {
> > -             RTE_LOG(ERR, LPM, "LPM memory allocation failed\n");
> > +             RTE_LOG(ERR, LPM, "LPM rules_tbl allocation failed\n");
> >               rte_free(lpm);
> > +             lpm = NULL;
> >               rte_free(te);
> >               goto exit;
> >       }
>
> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
>