d/numam-spdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ioat: fix potential double free problem in ioat_channel_start()

Browse Source 
In ioat_channel_start(), if spdk_vtophys(ioat->comp_update) returns
SPDK_VTOPHYS_ERROR, spdk_free is called to free ioat->comp_update,
and ioat->comp_update is not set to NULL. However, the caller
ioat_attach() will also call ioat_channel_destruct() to free
ioat->comp_update, then double-free problem occurs.

Here, we will not free ioat->comp_update in ioat_channel_start(),
ioat_channel_destruct() will do that.

Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Change-Id: I3be19a3feec5c2188051ee67820bfd1e61de9b48
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/8300
Community-CI: Mellanox Build Bot
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
This commit is contained in:
Zhiqiang Liu 2021-06-13 12:23:58 +08:00 committed by Tomasz Zawadzki
parent f973413886
commit 3630473789
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/ioat/ioat.c
View File

@ -429,7 +429,6 @@ ioat_channel_start(struct spdk_ioat_chan *ioat)
comp_update_bus_addr = spdk_vtophys((void *)ioat->comp_update, NULL);
if (comp_update_bus_addr == SPDK_VTOPHYS_ERROR) {
spdk_free((void *)ioat->comp_update);
return -1;
}