From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EC61AA00C4; Mon, 14 Feb 2022 19:41:47 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DF40F40DDA; Mon, 14 Feb 2022 19:41:47 +0100 (CET) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mails.dpdk.org (Postfix) with ESMTP id D1ACA4067E for ; Mon, 14 Feb 2022 19:41:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644864106; x=1676400106; h=message-id:date:to:cc:references:from:subject: in-reply-to:content-transfer-encoding:mime-version; bh=+Nb/l/4LJhu0jK4lLo+zM2MRpHoGxc80uQk96S2K7ic=; b=D/NLAzqVbjEI0XbVOSg2Tk4yuJb21k0QVMvAZ1o8yOFD+fiq01avNp5S EpSMKuBWMNuDwQzxzuc3waMcfKgljyeDnwKoyOpGSdOmmAAygRc5MDGGG q1Iy3DegQf4Dctgt5H0gTBc1iw27AgyA5zcewst46a1Gce98bm9kTqDRF twUrm3ii2B2oqKvQSx9ITQLkAhCx2LmyEhyiKghwLYCJ6aLcOlwOwMvEP MKgURs/iC90dkpDNDf5qser67DyLEEVKIYngH/vdHhO6RHTWvI56Vi9Wt f9UN/JMvITg9IM+/vciadZVOPobSBc6lL7DX6BbrrSfavUHikIEQbVhCo Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10258"; a="233705591" X-IronPort-AV: E=Sophos;i="5.88,368,1635231600"; d="scan'208";a="233705591" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Feb 2022 10:41:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,368,1635231600"; d="scan'208";a="495912918" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by orsmga006.jf.intel.com with ESMTP; 14 Feb 2022 10:41:44 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 14 Feb 2022 10:41:44 -0800 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 14 Feb 2022 10:41:43 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Mon, 14 Feb 2022 10:41:43 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.109) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Mon, 14 Feb 2022 10:41:43 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IQc4r4BF/kkwXcZ5viiA9AL9hH08EHPQos8mkN1L0PD/DGkL/dRNmQgaq25GaG+wWYKXyEGyM2MkK4daKLF2iW5UvQmIlUHwe0mrtrzviuLVw9eKGySvZzWdHpiUJV+WznwnaNQHILAB/iIZ+ba71Qy1gX6o6XFHcN/uzxPi8XI568Ju6fIzcFa3Ojbvz3WpiQMGQavNm4UhzaUgxU+/a5ZHrlDPy7I/l9WFqlTLRxgk8G+Xj2msiez8jS9o2aqc6TFKjBazsTX9qPrRiR67+XBsORQDkoPf3iQDxD7oObSqm+1lBA2F5MtWj2LazVkyAQzuNjipLNfVKbXbF7GNDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tB/BjA8Z6ZaQ6UGgbvK4X67lrJWNvthcVExZSzNAcwc=; b=dvlID+kSxOFwWKwpDyBZ0GnjtC/wyeBOVErfNpdDjo0sExxB3mfiKjDaKuIU3Y0o8GqRCc/s7IA7z/0R0GzJXwhgD+mqaHMsK5e9m12OhHLujthTrEu+Dh4xS4s2dGYr3rCJX054WlkYTa3mIiNLNTjUnaSSECNxgNr99uc1JwOO8XEx2vH/DbeRNUf7sH8KP/6zc4SifVFHmE8FVUvDBV9Taex1D436U/o4N/SVGUNkr1lk0QDEj4/lruocod99xGOEi9l8hyCJ2Ho35NHvsel90gMH/DL8pGB6PnBzP6al464uZR1UyyVrmZ1B68uN9/tlPJgVwQg12TN4R2hDMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from PH0PR11MB5000.namprd11.prod.outlook.com (2603:10b6:510:41::19) by SN6PR11MB2895.namprd11.prod.outlook.com (2603:10b6:805:cd::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.14; Mon, 14 Feb 2022 18:41:41 +0000 Received: from PH0PR11MB5000.namprd11.prod.outlook.com ([fe80::98be:5506:5020:28a2]) by PH0PR11MB5000.namprd11.prod.outlook.com ([fe80::98be:5506:5020:28a2%4]) with mapi id 15.20.4975.019; Mon, 14 Feb 2022 18:41:41 +0000 Message-ID: Date: Mon, 14 Feb 2022 18:41:35 +0000 Content-Language: en-US To: "Min Hu (Connor)" , CC: References: <20220128024336.26961-1-humin29@huawei.com> <20220209073525.22900-1-humin29@huawei.com> From: Ferruh Yigit Subject: Re: [PATCH v2] kni: fix use-after-free when kni release X-User: ferruhy In-Reply-To: <20220209073525.22900-1-humin29@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: DB6PR07CA0118.eurprd07.prod.outlook.com (2603:10a6:6:2c::32) To PH0PR11MB5000.namprd11.prod.outlook.com (2603:10b6:510:41::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cc5bb090-4251-4db6-2a33-08d9efe9a3f2 X-MS-TrafficTypeDiagnostic: SN6PR11MB2895:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 45/XOmQREQmW8EO1blwGaVV6mq4RrXf50zAHSrvInwxHhzj5u1a3BydshRz5NogKGHQbWv5+wz4gipXnl/YiMoivS9wZrOnbizj6Bt0WvOpgJduwko+hODxrSvu335c1DsHXCH/DiN/gGq0FVDfr4gy8xHzTpm7a39exb9Y/7OzZ8oCj8Q+iKQovLiolEwjomhz8ttFvvNmwRTdRn7SohjyEwkkunT7pbHKITQYxxURMD5jJzgnaWxJrIIwiDQozsOmfdbn0UISblLMSYyzwqbqe57bS9LUHSE7J+FDQpp+QG2UPmOwNTvbSVCdURRCh4kQpyQKB0z+YZZ8FKmSp5q9d2ZuK1u2giNKLZN903KCSr4sUqZDCsQg1phzTaYTF6nPMTSdfytznPDUoK0BnZIt7dfBa8cbT3rup16TAjND+CEcCN4/px5cPfCb15UYAYNndtRA7n7ekdqzWV+iY5Xuo3zFKx948CYB0QK/ZxtBKx5b4omleguDzYg9zC4zz7VjNTxIlajxBAyfjArnNWCKbFmoYsDRxQdoFPQkdGTJZYV9UwbCdyVvdxKDKdzCGZkXxKUowpjUx0I4/R0FXACtLum87LaOYm+ODJH0tty16ANmUlpT1iU5wn45uBUa1LKH30lsQd9kLY085WTrBw6y+HueBgRfj/ImG2uKN31+9cjmhtV1gW0ScDL2w+low3Vk/hE5RouRumvApD6V6uQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5000.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(4326008)(83380400001)(186003)(8936002)(8676002)(316002)(6486002)(86362001)(31696002)(36756003)(31686004)(508600001)(66556008)(66476007)(66946007)(2616005)(5660300002)(2906002)(6512007)(53546011)(6506007)(38100700002)(44832011)(6666004)(26005)(82960400001)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZXNDS2pycE1OS0Y3QXRxRGRwOWhudDVRN2Q1UzU3WnlnaTV1QjlSNjAzT3dW?= =?utf-8?B?eWIxa081U21zcURWQjlGaGFCVEljV3dHMk00M3lERHBRZGZzc0NFeDVhL3pO?= =?utf-8?B?eTc1OVBGVURFcklhTHhxV0szZTl5L3RQMTRaMGpEd0Z4a3g2YmpsMVUrZisw?= =?utf-8?B?OVZ0RE1zUFB5V1dRMVJOVk1FUkZ1TFZLbmJwdzgyM2xGVUYwc0J5VlhDaHhs?= =?utf-8?B?OHpvL3VvQUorNGliR3lmZmFzWEx1RG9HL3ZadHlrVDJtbWNxYkhablVFMUJP?= =?utf-8?B?SW1tMkJ3WTFVbU5IUTl1SVZvc2tjRzRwUlVOVEtvcGR4ME5oaFVqN2lZUGcr?= =?utf-8?B?Rng2akRIYmJsQWo1ZDY0T0FWWXpiU3pJeHVlTzdDVEhtZUNOQXZ2ejRINmlP?= =?utf-8?B?K2MvRm9Ud0doRVJGZUx0K2luQWxQd0NwZm82WlNKZ0thcHRUeWovV09TeEl3?= =?utf-8?B?a0k0WGQrNVpuZXZSNENXNFhhMi9LbXh6U2U2RU5lS2EvbXlGVW4yTzhZM09s?= =?utf-8?B?T1NqcUJ3SXl5dnViS25VMWxhSER2RjB4MVBtVlJ5czQ4Z29xeHFUenIwWFdw?= =?utf-8?B?b0h6R0hGQmd5WnVYQ2lmcHhJbm1rWTZvbUkvVG9HZW9MRFFCUWEwMWpJSzBj?= =?utf-8?B?QndnaTdzVk9WZVdwYjZTbHdRZkZZaE0xMFpKVk1nQjNSU2VVcVlnVk9SeERX?= =?utf-8?B?UEJJOHpMMVhBQ2k1c2YyME5vZ3JnbzB1bGVzdFBmSmRzbkFTNm9XQWpSckpH?= =?utf-8?B?d08vUG9kRW5mS3o0RTRYOVVjV2JwMWhTZm9Mb2tmMlNlUTk2UTBGKzdoYUdW?= =?utf-8?B?Sm1iUGZxMVl3a1hIc1NoNFl5SG1DdjFIaE85N3d5M1JrTVhkckkyaTZDQ1lR?= =?utf-8?B?MVpsamkxV1FFWkJNWUwzanRVS1dCL2krRGoxVUdtVGtKL1J0TmpGS2RGVTJ2?= =?utf-8?B?ZExpL3h2cFFSbTRKUWlkTmM5MXNEcU1SWjJBeFNKS1JtMGQvVG5JMEFPdFdn?= =?utf-8?B?V3VpTEZGcjFCR1JCVkFqS3BVNHlEZldOM3d3NXBVRFNGdTJVeGFzMjZVWHBh?= =?utf-8?B?MlMzemtTUGVJL0ZrL2hvWkp3eTlZVC81RGp1NmlDY0xxYU1wOXhDc0NMSDJL?= =?utf-8?B?UGdpUG1lMjh6dEROMWJqdlhwalNjMkpmdFJGei9VL2JhYjVwVTg3TWJLZkRs?= =?utf-8?B?b1R4ZE1RREdublJuYTBpeUUvSTMwSVFEaTRrVUkxazI5VHlTRkpBQUR0U1JZ?= =?utf-8?B?NHdTTERObzRDRzBkV1dackJwTnVrZ0FHaGdLcjN4ZHZrODFHY1gzYm5zV2tu?= =?utf-8?B?bThBdElxWmZZOEU3RWtYMjk1aWZCSHEzQUl4eU5uNUxwcU50dm9QUkVVcmI0?= =?utf-8?B?NGxwS0VjelVGNFZLUFRQUjkxWC8zU3hGa0JydFRDY0loMVhia2pYekRuNEdH?= =?utf-8?B?ZDRSajFiNFc1cnV5VTRIYTEvNFB3cFM1enNPOVZsRlE4YlN1S2VFOVR4Q3B3?= =?utf-8?B?SVVSSzRreWJQdFN2V08yVWlyajkzZmpnb1BmK0svNVhkVTBmUmZEZTRPcVdm?= =?utf-8?B?TGliakc1VXJEa045RjhudlVHMk01b0Y5bVdiVDlIeG9xVXo0Ym1vRjhXOFpU?= =?utf-8?B?aUk5a084VWxwMnlldDk1QlAxTjJUc0N5NjJPOWFPQmtzaklxYzNwSFpqOFZI?= =?utf-8?B?SXNwcE1qdVk4M1JCbkFYUlA4WkNjWk1pVkU1S2lrN2pOY0lveXdGUFdJcmZC?= =?utf-8?B?WEk5d3FVMXVEbWMvNEZta2hYOWgydU5qTHZoelpxTUhVbi9QMXZDSzA5Q3RQ?= =?utf-8?B?ZTc2MGFkTFYwaFN6VUsxWEtLOG5xVGNtUTVuSGM1Z3JKelpnM045RnhGdUd0?= =?utf-8?B?aDJYSlhsUnpNdW4xditQeGVGTlBERm53RHNySVRYVEJSUnVKczFuRnRsUU9s?= =?utf-8?B?aFFHRElYQXNndEJhQ1RVbWlia3QwSnlLR0h4RUMwWkxBWHVmQTBpWTR6enk5?= =?utf-8?B?d2EvRE8rOU5CS1pxaTB3LytWYjNxV2lubzAvQ2NsUzgrUnllVlJlbkp6N3F3?= =?utf-8?B?Mk1qRHpYUTBIaU5UcThhUHorVm9LWldhZVd3RWZrS2Z1WVRoQThLazdKL1V5?= =?utf-8?B?Ui9uSDNrR3dwaDNMWjYyN2Y4Q2dGWTdrTDNPL0JHY0FlcXVvZllhdDBxNkJI?= =?utf-8?Q?KJ/oiJqMZ77VX1s3QMcnCrs=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: cc5bb090-4251-4db6-2a33-08d9efe9a3f2 X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5000.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2022 18:41:40.9891 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: I0ueY79mDMoNFw3bMBnSl2fNaSEp1tVruMlHPjGzpyQCuCqU0IA1cizcgWg9xUHpceyPZSYMUgr8iQ74E6GD3A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2895 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On 2/9/2022 7:35 AM, Min Hu (Connor) wrote: > From: Huisong Li > > The "kni_dev" is the private data of the "net_device" in kni, and allocated > with the "net_device" by calling "alloc_netdev()". The "net_device" is > freed by calling "free_netdev()" when kni release. The freed memory > includes the "kni_dev". So After "kni_dev" should not be accessed after > "net_device" is released. > The problem description looks valid and change looks good to me, only list_del after remove is like this for years, I wonder how it is not caught until now, or if we are missing something, I want to test some before ack, which I will do in next few days. > Fixes: e77fec694936 ("kni: fix possible mbuf leaks and speed up port release") > Cc: stable@dpdk.org > > KASAN trace: > > [ 85.263717] ========================================================== > [ 85.264418] BUG: KASAN: use-after-free in kni_net_release_fifo_phy+ > 0x30/0x84 [rte_kni] > [ 85.265139] Read of size 8 at addr ffff000260668d60 by task kni/341 > [ 85.265703] > [ 85.265857] CPU: 0 PID: 341 Comm: kni Tainted: G U O > 5.15.0-rc4+ #1 > [ 85.266525] Hardware name: linux,dummy-virt (DT) > [ 85.266968] Call trace: > [ 85.267220] dump_backtrace+0x0/0x2d0 > [ 85.267591] show_stack+0x24/0x30 > [ 85.267924] dump_stack_lvl+0x8c/0xb8 > [ 85.268294] print_address_description.constprop.0+0x74/0x2b8 > [ 85.268855] kasan_report+0x1e4/0x200 > [ 85.269224] __asan_load8+0x98/0xd4 > [ 85.269577] kni_net_release_fifo_phy+0x30/0x84 [rte_kni] > [ 85.270116] kni_dev_remove.isra.0+0x50/0x64 [rte_kni] > [ 85.270630] kni_ioctl_release+0x254/0x320 [rte_kni] > [ 85.271136] kni_ioctl+0x64/0xb0 [rte_kni] > [ 85.271553] __arm64_sys_ioctl+0xdc/0x120 > [ 85.271955] invoke_syscall+0x68/0x1a0 > [ 85.272332] el0_svc_common.constprop.0+0x90/0x200 > [ 85.272807] do_el0_svc+0x94/0xa4 > [ 85.273144] el0_svc+0x78/0x240 > [ 85.273463] el0t_64_sync_handler+0x1a8/0x1b0 > [ 85.273895] el0t_64_sync+0x1a0/0x1a4 > [ 85.274264] > [ 85.274427] Allocated by task 341: > [ 85.274767] kasan_save_stack+0x2c/0x60 > [ 85.275157] __kasan_kmalloc+0x90/0xb4 > [ 85.275533] __kmalloc_node+0x230/0x594 > [ 85.275917] kvmalloc_node+0x8c/0x190 > [ 85.276286] alloc_netdev_mqs+0x70/0x6b0 > [ 85.276678] kni_ioctl_create+0x224/0xf40 [rte_kni] > [ 85.277166] kni_ioctl+0x9c/0xb0 [rte_kni] > [ 85.277581] __arm64_sys_ioctl+0xdc/0x120 > [ 85.277980] invoke_syscall+0x68/0x1a0 > [ 85.278357] el0_svc_common.constprop.0+0x90/0x200 > [ 85.278830] do_el0_svc+0x94/0xa4 > [ 85.279172] el0_svc+0x78/0x240 > [ 85.279491] el0t_64_sync_handler+0x1a8/0x1b0 > [ 85.279925] el0t_64_sync+0x1a0/0x1a4 > [ 85.280292] > [ 85.280454] Freed by task 341: > [ 85.280763] kasan_save_stack+0x2c/0x60 > [ 85.281147] kasan_set_track+0x2c/0x40 > [ 85.281522] kasan_set_free_info+0x2c/0x50 > [ 85.281930] __kasan_slab_free+0xdc/0x140 > [ 85.282331] slab_free_freelist_hook+0x90/0x250 > [ 85.282782] kfree+0x128/0x580 > [ 85.283099] kvfree+0x48/0x60 > [ 85.283402] netdev_freemem+0x34/0x44 > [ 85.283770] netdev_release+0x50/0x64 > [ 85.284138] device_release+0xa0/0x120 > [ 85.284516] kobject_put+0xf8/0x160 > [ 85.284867] put_device+0x20/0x30 > [ 85.285204] free_netdev+0x22c/0x310 > [ 85.285562] kni_dev_remove.isra.0+0x48/0x64 [rte_kni] > [ 85.286076] kni_ioctl_release+0x254/0x320 [rte_kni] > [ 85.286573] kni_ioctl+0x64/0xb0 [rte_kni] > [ 85.286992] __arm64_sys_ioctl+0xdc/0x120 > [ 85.287392] invoke_syscall+0x68/0x1a0 > [ 85.287769] el0_svc_common.constprop.0+0x90/0x200 > [ 85.288243] do_el0_svc+0x94/0xa4 > [ 85.288579] el0_svc+0x78/0x240 > [ 85.288899] el0t_64_sync_handler+0x1a8/0x1b0 > [ 85.289332] el0t_64_sync+0x1a0/0x1a4 > [ 85.289699] > [ 85.289862] The buggy address belongs to the object at ffff000260668000 > [ 85.289862] which belongs to the cache kmalloc-cg-8k of size 8192 > [ 85.291079] The buggy address is located 3424 bytes inside of > [ 85.291079] 8192-byte region [ffff000260668000, ffff00026066a000) > [ 85.292213] The buggy address belongs to the page: > [ 85.292684] page:(____ptrval____) refcount:1 mapcount:0 mapping: > 0000000000000000 index:0x0 pfn:0x2a0668 > [ 85.293585] head:(____ptrval____) order:3 compound_mapcount:0 > compound_pincount:0 > [ 85.294305] flags: 0xbfff80000010200(slab|head|node=0|zone=2| > lastcpupid=0x7fff) > [ 85.295020] raw: 0bfff80000010200 0000000000000000 dead000000000122 > ffff0000c000d680 > [ 85.295767] raw: 0000000000000000 0000000080020002 00000001ffffffff > 0000000000000000 > [ 85.296512] page dumped because: kasan: bad access detected > [ 85.297054] > [ 85.297217] Memory state around the buggy address: > [ 85.297688] ffff000260668c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb > fb fb > [ 85.298384] ffff000260668c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb > fb fb > [ 85.299088] >ffff000260668d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb > fb fb > [ 85.299781] ^ > [ 85.300396] ffff000260668d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb > fb fb > [ 85.301092] ffff000260668e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb > fb fb > [ 85.301787] =========================================================== > > Signed-off-by: Huisong Li > Signed-off-by: Min Hu (Connor) > --- > v2: > * change the order of `list_del` and `kni_dev_remove` in `kni_release` > --- > kernel/linux/kni/kni_misc.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/kernel/linux/kni/kni_misc.c b/kernel/linux/kni/kni_misc.c > index f10dcd069d..ad1582d911 100644 > --- a/kernel/linux/kni/kni_misc.c > +++ b/kernel/linux/kni/kni_misc.c > @@ -184,13 +184,17 @@ kni_dev_remove(struct kni_dev *dev) > if (!dev) > return -ENODEV; > > + /* > + * The memory of kni device is allocated and released together > + * with net device. Release mbuf before freeing net device. > + */ > + kni_net_release_fifo_phy(dev); > + > if (dev->net_dev) { > unregister_netdev(dev->net_dev); > free_netdev(dev->net_dev); > } > > - kni_net_release_fifo_phy(dev); > - > return 0; > } > > @@ -220,8 +224,8 @@ kni_release(struct inode *inode, struct file *file) > dev->pthread = NULL; > } > > - kni_dev_remove(dev); > list_del(&dev->list); > + kni_dev_remove(dev); > } > up_write(&knet->kni_list_lock); > > @@ -470,8 +474,8 @@ kni_ioctl_release(struct net *net, uint32_t ioctl_num, > dev->pthread = NULL; > } > > - kni_dev_remove(dev); > list_del(&dev->list); > + kni_dev_remove(dev); > ret = 0; > break; > }