diff mbox

[dpdk-dev] i40e: fix using memory after free issue

Message ID	1457946124-17767-1-git-send-email-zhaojg@arraynetworks.com.cn (mailing list archive)
State	Superseded, archived
Delegated to:	Bruce Richardson
Headers	From: Jiangu Zhao <zhaojg@arraynetworks.com.cn> To: <helin.zhang@intel.com> CC: <dev@dpdk.org> Date: Mon, 14 Mar 2016 09:02:04 +0000 Message-ID: <1457946124-17767-1-git-send-email-zhaojg@arraynetworks.com.cn> MIME-Version: 1.0 Content-Type: text/plain Subject: [dpdk-dev] [PATCH] i40e: fix using memory after free issue Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Commit Message

Jiangu Zhao March 14, 2016, 9:02 a.m. UTC

  The old code still uses entry in the next loop of LIST_FOREACH after free() in i40e_res_pool_destroy().
Change to a safe way to free entry, which is similar with LIST_FOREACH_SAFE in FreeBSD.

Signed-off-by: Jiangu Zhao <zhaojg@arraynetworks.com.cn>
---
 drivers/net/i40e/i40e_ethdev.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Bruce Richardson March 22, 2016, 3:37 p.m. UTC | #1

On Mon, Mar 14, 2016 at 09:02:04AM +0000, Jiangu Zhao wrote:
> The old code still uses entry in the next loop of LIST_FOREACH after free() in i40e_res_pool_destroy().
> Change to a safe way to free entry, which is similar with LIST_FOREACH_SAFE in FreeBSD.
> 
> Signed-off-by: Jiangu Zhao <zhaojg@arraynetworks.com.cn>

Thanks for the patch. It's missing a "fixes" line as descripted here:
http://dpdk.org/doc/guides/contributing/patches.html#commit-messages-body
so can you perhaps reply with the id of the commit this is fixing, (or add it
into the commit message if you end up doing a V2 of the patch)

Helin, can you perhaps review this patch as i40e maintainer.

> ---
>  drivers/net/i40e/i40e_ethdev.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 2f676f6..5af2128 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -3317,17 +3317,21 @@ i40e_res_pool_init (struct i40e_res_pool_info *pool, uint32_t base,
>  static void
>  i40e_res_pool_destroy(struct i40e_res_pool_info *pool)
>  {
> -	struct pool_entry *entry;
> +	struct pool_entry *entry, *next_entry;
>  
>  	if (pool == NULL)
>  		return;
>  
> -	LIST_FOREACH(entry, &pool->alloc_list, next) {
> +	for (entry = LIST_FIRST(&pool->alloc_list); 
> +			entry && (next_entry = LIST_NEXT(entry, next), 1);
> +			entry = next_entry) {

Can we use LIST_FOREACH_SAFE?

/Bruce

diff mbox

Patch

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 2f676f6..5af2128 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -3317,17 +3317,21 @@  i40e_res_pool_init (struct i40e_res_pool_info *pool, uint32_t base,
 static void
 i40e_res_pool_destroy(struct i40e_res_pool_info *pool)
 {
-	struct pool_entry *entry;
+	struct pool_entry *entry, *next_entry;
 
 	if (pool == NULL)
 		return;
 
-	LIST_FOREACH(entry, &pool->alloc_list, next) {
+	for (entry = LIST_FIRST(&pool->alloc_list); 
+			entry && (next_entry = LIST_NEXT(entry, next), 1);
+			entry = next_entry) {
 		LIST_REMOVE(entry, next);
 		rte_free(entry);
 	}
 
-	LIST_FOREACH(entry, &pool->free_list, next) {
+	for (entry = LIST_FIRST(&pool->free_list); 
+			entry && (next_entry = LIST_NEXT(entry, next), 1); 
+			entry = next_entry) {
 		LIST_REMOVE(entry, next);
 		rte_free(entry);
 	}