[dpdk-dev] [PATCH] net/bnxt: fix double free in port start failure
Kalesh A P
kalesh-anakkur.purayil at broadcom.com
Thu Apr 1 04:53:34 CEST 2021
From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
During port start when bnxt_start_nic() fails, it tries to free
"intr_handle->intr_vec" but the variable is not set to NULL after that.
If port start fails, driver invokes bnxt_dev_stop() which will lead
to a double free of "intr_handle->intr_vec".
Fix it by removing the call to free "intr_handle->intr_vec" in the
bnxt_start_nic() failure path as it is anyway doing in bnxt_dev_stop().
Fixes: 9d276b439aaf ("net/bnxt: fix error handling in device start")
Cc: stable at dpdk.org
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur at broadcom.com>
Reviewed-by: Ajit Kumar Khaparde <ajit.khaparde at broadcom.com>
---
drivers/net/bnxt/bnxt_ethdev.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/net/bnxt/bnxt_ethdev.c b/drivers/net/bnxt/bnxt_ethdev.c
index ed2ae45..0042d8a 100644
--- a/drivers/net/bnxt/bnxt_ethdev.c
+++ b/drivers/net/bnxt/bnxt_ethdev.c
@@ -793,7 +793,7 @@ static int bnxt_start_nic(struct bnxt *bp)
PMD_DRV_LOG(ERR, "Failed to allocate %d rx_queues"
" intr_vec", bp->eth_dev->data->nb_rx_queues);
rc = -ENOMEM;
- goto err_disable;
+ goto err_out;
}
PMD_DRV_LOG(DEBUG, "intr_handle->intr_vec = %p "
"intr_handle->nb_efd = %d intr_handle->max_intr = %d\n",
@@ -813,12 +813,12 @@ static int bnxt_start_nic(struct bnxt *bp)
#ifndef RTE_EXEC_ENV_FREEBSD
/* In FreeBSD OS, nic_uio driver does not support interrupts */
if (rc)
- goto err_free;
+ goto err_out;
#endif
rc = bnxt_update_phy_setting(bp);
if (rc)
- goto err_free;
+ goto err_out;
bp->mark_table = rte_zmalloc("bnxt_mark_table", BNXT_MARK_TABLE_SZ, 0);
if (!bp->mark_table)
@@ -826,10 +826,6 @@ static int bnxt_start_nic(struct bnxt *bp)
return 0;
-err_free:
- rte_free(intr_handle->intr_vec);
-err_disable:
- rte_intr_efd_disable(intr_handle);
err_out:
/* Some of the error status returned by FW may not be from errno.h */
if (rc > 0)
--
2.10.1
More information about the dev
mailing list