diff mbox

[dpdk-dev,v3,9/9] mem: fix possible use-after-free

Message ID	c07d4c69d6281617ee600dc80530f99c96829e77.1524650130.git.anatoly.burakov@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: Anatoly Burakov <anatoly.burakov@intel.com> To: dev@dpdk.org Cc: thomas@monjalon.net, anatoly.burakov@intel.com Date: Wed, 25 Apr 2018 10:56:47 +0100 Message-Id: <c07d4c69d6281617ee600dc80530f99c96829e77.1524650130.git.anatoly.burakov@intel.com> In-Reply-To: <cover.1524650130.git.anatoly.burakov@intel.com> References: <cover.1524650130.git.anatoly.burakov@intel.com> In-Reply-To: <cover.1524650130.git.anatoly.burakov@intel.com> References: <cover.1523977588.git.anatoly.burakov@intel.com> <cover.1524650130.git.anatoly.burakov@intel.com> Subject: [dpdk-dev] [PATCH v3 9/9] mem: fix possible use-after-free Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	fail	apply patch file failure

Commit Message

Anatoly Burakov April 25, 2018, 9:56 a.m. UTC

  If user has specified a flag to unmap the area right after mapping it,
we were passing an already-unmapped pointer to RTE_LOG. This is not an
issue since RTE_LOG doesn't actually dereference the pointer, but fix
it anyway by moving call to RTE_LOG to before unmap.

Coverity issue: 272584

Fixes: b7cc54187ea4 ("mem: move virtual area function in common directory")
Cc: anatoly.burakov@intel.com

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 lib/librte_eal/common/eal_common_memory.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Bruce Richardson April 27, 2018, 3:45 p.m. UTC | #1

On Wed, Apr 25, 2018 at 10:56:47AM +0100, Anatoly Burakov wrote:
> If user has specified a flag to unmap the area right after mapping it,
> we were passing an already-unmapped pointer to RTE_LOG. This is not an
> issue since RTE_LOG doesn't actually dereference the pointer, but fix
> it anyway by moving call to RTE_LOG to before unmap.
> 
> Coverity issue: 272584
> 
> Fixes: b7cc54187ea4 ("mem: move virtual area function in common directory")
> Cc: anatoly.burakov@intel.com
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
>  lib/librte_eal/common/eal_common_memory.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_eal/common/eal_common_memory.c b/lib/librte_eal/common/eal_common_memory.c
> index 24a9ed5..3e30c58 100644
> --- a/lib/librte_eal/common/eal_common_memory.c
> +++ b/lib/librte_eal/common/eal_common_memory.c
> @@ -113,12 +113,12 @@ eal_get_virtual_area(void *requested_addr, size_t *size,
>  		RTE_LOG(WARNING, EAL, "   This may cause issues with mapping memory into secondary processes\n");
>  	}
>  
> -	if (unmap)
> -		munmap(mapped_addr, map_sz);
> -
>  	RTE_LOG(DEBUG, EAL, "Virtual area found at %p (size = 0x%zx)\n",
>  		aligned_addr, *size);
>  
> +	if (unmap)
> +		munmap(mapped_addr, map_sz);
> +
>  	baseaddr_offset += *size;
>  
>  	return aligned_addr;
Acked-by: Bruce Richardson <bruce.richardson@intel.com>

diff mbox

Patch

diff --git a/lib/librte_eal/common/eal_common_memory.c b/lib/librte_eal/common/eal_common_memory.c
index 24a9ed5..3e30c58 100644
--- a/lib/librte_eal/common/eal_common_memory.c
+++ b/lib/librte_eal/common/eal_common_memory.c
@@ -113,12 +113,12 @@  eal_get_virtual_area(void *requested_addr, size_t *size,
 		RTE_LOG(WARNING, EAL, "   This may cause issues with mapping memory into secondary processes\n");
 	}
 
-	if (unmap)
-		munmap(mapped_addr, map_sz);
-
 	RTE_LOG(DEBUG, EAL, "Virtual area found at %p (size = 0x%zx)\n",
 		aligned_addr, *size);
 
+	if (unmap)
+		munmap(mapped_addr, map_sz);
+
 	baseaddr_offset += *size;
 
 	return aligned_addr;