[dpdk-dev] [PATCH 3/3] pci: fix crash caused by invaild memory write
hanxueluo at 126.com
hanxueluo at 126.com
Mon Feb 20 15:04:47 CET 2017
From: Huanle Han <hanxueluo at gmail.com>
rte_eal_dev_detach() didn't remove dev from dev_device_list
after free the dev. So the following attached dev wrote to
the freed memory (tailq entry of previous dev) in below stack:
== Invalid write of size 8
== at 0x43A9CE: rte_eal_device_insert (eal_common_dev.c:71)
== by 0x42ED9E: pci_scan_one (eal_pci.c:365)
== by 0x42EF4D: pci_update_device (eal_pci.c:391)
== by 0x437F59: rte_eal_pci_probe_one (eal_common_pci.c:357)
== by 0x43AB16: rte_eal_dev_attach (eal_common_dev.c:117)
== by 0x45B3AA: rte_eth_dev_attach (rte_ethdev.c:489)
== ...
Signed-off-by: Huanle Han <hanxueluo at gmail.com>
---
lib/librte_eal/common/eal_common_pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/librte_eal/common/eal_common_pci.c b/lib/librte_eal/common/eal_common_pci.c
index 72547bd..022fdc7 100644
--- a/lib/librte_eal/common/eal_common_pci.c
+++ b/lib/librte_eal/common/eal_common_pci.c
@@ -393,6 +393,7 @@ rte_eal_pci_detach(const struct rte_pci_addr *addr)
goto err_return;
TAILQ_REMOVE(&pci_device_list, dev, next);
+ rte_eal_device_remove(&dev->device);
free(dev);
return 0;
}
--
2.7.4
More information about the dev
mailing list