From patchwork Mon Feb 20 14:04:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: hanxueluo@126.com X-Patchwork-Id: 20553 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 3B093591E; Mon, 20 Feb 2017 15:08:09 +0100 (CET) Received: from m15-112.126.com (m15-112.126.com [220.181.15.112]) by dpdk.org (Postfix) with ESMTP id 1A21D2C50 for ; Mon, 20 Feb 2017 15:08:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id; bh=6CeIcdvW5PmPl0ERHk Xez5OeyJXcMEnuGCKh5qY7/Bg=; b=HweqCIvMe/cxRp0TZ6YIvpDu0VqA/8prji xk0cDjwsqk6wxpq6Y1gpOg4eL70A47NendqmafTR8qyfkenQ6Hgnv3yd8nolRHHl +tkM7Las56JLOpZwnQ3DZfAQAtJ1z4cp95SZRSOq5HduaZmaVH3eEVmUGoYz71GA HWxJ+f8c0= Received: from localhost.localdomain (unknown [183.247.84.222]) by smtp2 (Coremail) with SMTP id DMmowACHfKUr+KpYKDzUCw--.5393S5; Mon, 20 Feb 2017 22:07:58 +0800 (CST) From: hanxueluo@126.com To: dev@dpdk.org Cc: Huanle Han Date: Mon, 20 Feb 2017 22:04:47 +0800 Message-Id: <1487599487-12574-3-git-send-email-hanxueluo@126.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1487599487-12574-1-git-send-email-hanxueluo@126.com> References: <1487599487-12574-1-git-send-email-hanxueluo@126.com> X-CM-TRANSID: DMmowACHfKUr+KpYKDzUCw--.5393S5 X-Coremail-Antispam: 1Uf129KBjvJXoWrKFW7Kw18KFyftr17JrW5Jrb_yoW8Jr48pF 98Wa4xtFy3tF1Ig3WDAa10gFy5XFZ3twn2yrW7Kr4Igws8Z34rX34Sy34fJw1avrZrJrs8 Aw4jvw4jvr1UWF7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jyJP_UUUUU= X-Originating-IP: [183.247.84.222] X-CM-SenderInfo: xkdq53phox0qqrswhudrp/1tbijB6E51WfoV-RvQAAsp Subject: [dpdk-dev] [PATCH 3/3] pci: fix crash caused by invaild memory write X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Huanle Han rte_eal_dev_detach() didn't remove dev from dev_device_list after free the dev. So the following attached dev wrote to the freed memory (tailq entry of previous dev) in below stack: == Invalid write of size 8 == at 0x43A9CE: rte_eal_device_insert (eal_common_dev.c:71) == by 0x42ED9E: pci_scan_one (eal_pci.c:365) == by 0x42EF4D: pci_update_device (eal_pci.c:391) == by 0x437F59: rte_eal_pci_probe_one (eal_common_pci.c:357) == by 0x43AB16: rte_eal_dev_attach (eal_common_dev.c:117) == by 0x45B3AA: rte_eth_dev_attach (rte_ethdev.c:489) == ... Signed-off-by: Huanle Han Reviewed-by: Yuanhan Liu --- lib/librte_eal/common/eal_common_pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/librte_eal/common/eal_common_pci.c b/lib/librte_eal/common/eal_common_pci.c index 72547bd..022fdc7 100644 --- a/lib/librte_eal/common/eal_common_pci.c +++ b/lib/librte_eal/common/eal_common_pci.c @@ -393,6 +393,7 @@ rte_eal_pci_detach(const struct rte_pci_addr *addr) goto err_return; TAILQ_REMOVE(&pci_device_list, dev, next); + rte_eal_device_remove(&dev->device); free(dev); return 0; }