[dpdk-dev] [PATCH] lpm6: fix use after free of lpm in rte_lpm6_create
Stephen Hemminger
stephen at networkplumber.org
Fri Mar 4 23:42:11 CET 2016
On Fri, 4 Mar 2016 11:31:20 +0100
Christian Ehrhardt <christian.ehrhardt at canonical.com> wrote:
> In certain autotests lpm->max_rules turned out to be non initialized.
> That was caused by a failing allocation for lpm->rules_tbl in rte_lpm6_create.
> It then left the function via goto exit with lpm freed, but still a pointer
> value being set.
>
> In case of an allocation failure it resets lpm to NULL now, to avoid the
> upper layers operate on that already freed memory.
> Along that is also makes the RTE_LOG message of the failed allocation unique.
> ---
> lib/librte_lpm/rte_lpm6.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_lpm/rte_lpm6.c b/lib/librte_lpm/rte_lpm6.c
> index 6c2b293..48931cc 100644
> --- a/lib/librte_lpm/rte_lpm6.c
> +++ b/lib/librte_lpm/rte_lpm6.c
> @@ -206,8 +206,9 @@ rte_lpm6_create(const char *name, int socket_id,
> (size_t)rules_size, RTE_CACHE_LINE_SIZE, socket_id);
>
> if (lpm->rules_tbl == NULL) {
> - RTE_LOG(ERR, LPM, "LPM memory allocation failed\n");
> + RTE_LOG(ERR, LPM, "LPM rules_tbl allocation failed\n");
> rte_free(lpm);
> + lpm = NULL;
> rte_free(te);
> goto exit;
> }
Acked-by: Stephen Hemminger <stephen at networkplumber.org>
More information about the dev
mailing list