git.droids-corp.org / dpdk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da845ae)
net/bnxt: fix double free in port start failure
authorKalesh AP <kalesh-anakkur.purayil@broadcom.com>
Thu, 1 Apr 2021 02:53:34 +0000 (08:23 +0530)
committerAjit Khaparde <ajit.khaparde@broadcom.com>
Wed, 7 Apr 2021 02:56:03 +0000 (04:56 +0200)
During port start when bnxt_start_nic() fails, it tries to free
"intr_handle->intr_vec" but the variable is not set to NULL after that.
If port start fails, driver invokes bnxt_dev_stop() which will lead
to a double free of "intr_handle->intr_vec".

Fix it by removing the call to free "intr_handle->intr_vec" in the
bnxt_start_nic() failure path as it is anyway doing in bnxt_dev_stop().

Fixes: 9d276b439aaf ("net/bnxt: fix error handling in device start")
Cc: stable@dpdk.org
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
drivers/net/bnxt/bnxt_ethdev.c patch | blob | history

diff --git a/drivers/net/bnxt/bnxt_ethdev.c b/drivers/net/bnxt/bnxt_ethdev.c
index d346f96..02fe000 100644 (file)
--- a/drivers/net/bnxt/bnxt_ethdev.c
+++ b/drivers/net/bnxt/bnxt_ethdev.c
@@ -793,7 +793,7 @@ skip_cosq_cfg:
                        PMD_DRV_LOG(ERR, "Failed to allocate %d rx_queues"
                                " intr_vec", bp->eth_dev->data->nb_rx_queues);
                        rc = -ENOMEM;
-                       goto err_disable;
+                       goto err_out;
                }
                PMD_DRV_LOG(DEBUG, "intr_handle->intr_vec = %p "
                        "intr_handle->nb_efd = %d intr_handle->max_intr = %d\n",
@@ -813,12 +813,12 @@ skip_cosq_cfg:
 #ifndef RTE_EXEC_ENV_FREEBSD
        /* In FreeBSD OS, nic_uio driver does not support interrupts */
        if (rc)
-               goto err_free;
+               goto err_out;
 #endif
 
        rc = bnxt_update_phy_setting(bp);
        if (rc)
-               goto err_free;
+               goto err_out;
 
        bp->mark_table = rte_zmalloc("bnxt_mark_table", BNXT_MARK_TABLE_SZ, 0);
        if (!bp->mark_table)
@@ -826,10 +826,6 @@ skip_cosq_cfg:
 
        return 0;
 
-err_free:
-       rte_free(intr_handle->intr_vec);
-err_disable:
-       rte_intr_efd_disable(intr_handle);
 err_out:
        /* Some of the error status returned by FW may not be from errno.h */
        if (rc > 0)
DPDK repo used for reviews