[dpdk-dev] [PATCH] net/bnxt: fix double free in port start failure

Kalesh A P kalesh-anakkur.purayil at broadcom.com
Thu Apr 1 04:53:34 CEST 2021

Previous message (by thread): [dpdk-dev] [PATCH v3] doc: add sampling and mirroring in testpmd guide
Next message (by thread): [dpdk-dev] [PATCH] net/bnxt: fix double free in port start failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>

During port start when bnxt_start_nic() fails, it tries to free
"intr_handle->intr_vec" but the variable is not set to NULL after that.
If port start fails, driver invokes bnxt_dev_stop() which will lead
to a double free of "intr_handle->intr_vec".

Fix it by removing the call to free "intr_handle->intr_vec" in the
bnxt_start_nic() failure path as it is anyway doing in bnxt_dev_stop().

Fixes: 9d276b439aaf ("net/bnxt: fix error handling in device start")
Cc: stable at dpdk.org

Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur at broadcom.com>
Reviewed-by: Ajit Kumar Khaparde <ajit.khaparde at broadcom.com>
---
 drivers/net/bnxt/bnxt_ethdev.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/drivers/net/bnxt/bnxt_ethdev.c b/drivers/net/bnxt/bnxt_ethdev.c
index ed2ae45..0042d8a 100644
--- a/drivers/net/bnxt/bnxt_ethdev.c
+++ b/drivers/net/bnxt/bnxt_ethdev.c
@@ -793,7 +793,7 @@ static int bnxt_start_nic(struct bnxt *bp)
 			PMD_DRV_LOG(ERR, "Failed to allocate %d rx_queues"
 				" intr_vec", bp->eth_dev->data->nb_rx_queues);
 			rc = -ENOMEM;
-			goto err_disable;
+			goto err_out;
 		}
 		PMD_DRV_LOG(DEBUG, "intr_handle->intr_vec = %p "
 			"intr_handle->nb_efd = %d intr_handle->max_intr = %d\n",
@@ -813,12 +813,12 @@ static int bnxt_start_nic(struct bnxt *bp)
 #ifndef RTE_EXEC_ENV_FREEBSD
 	/* In FreeBSD OS, nic_uio driver does not support interrupts */
 	if (rc)
-		goto err_free;
+		goto err_out;
 #endif
 
 	rc = bnxt_update_phy_setting(bp);
 	if (rc)
-		goto err_free;
+		goto err_out;
 
 	bp->mark_table = rte_zmalloc("bnxt_mark_table", BNXT_MARK_TABLE_SZ, 0);
 	if (!bp->mark_table)
@@ -826,10 +826,6 @@ static int bnxt_start_nic(struct bnxt *bp)
 
 	return 0;
 
-err_free:
-	rte_free(intr_handle->intr_vec);
-err_disable:
-	rte_intr_efd_disable(intr_handle);
 err_out:
 	/* Some of the error status returned by FW may not be from errno.h */
 	if (rc > 0)
-- 
2.10.1

Previous message (by thread): [dpdk-dev] [PATCH v3] doc: add sampling and mirroring in testpmd guide
Next message (by thread): [dpdk-dev] [PATCH] net/bnxt: fix double free in port start failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list