net/i40e: fix use after free in FDIR release

The original code use a heap pointer after it is freed.

Fixes: 460d1679586e ("drivers/net: delete HW rings while freeing queues")
Cc: stable@dpdk.org
Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>

diff --git a/drivers/net/i40e/i40e_fdir.c b/drivers/net/i40e/i40e_fdir.c
index 3c7cf1b..2065881 100644 (file)
--- a/drivers/net/i40e/i40e_fdir.c
+++ b/drivers/net/i40e/i40e_fdir.c
@@ -301,11 +301,11 @@ i40e_fdir_teardown(struct i40e_pf *pf)
        if (err)
                PMD_DRV_LOG(DEBUG, "Failed to do FDIR RX switch off");
 
-       i40e_dev_rx_queue_release(pf->fdir.rxq);
        rte_eth_dma_zone_free(dev, "fdir_rx_ring", pf->fdir.rxq->queue_id);
+       i40e_dev_rx_queue_release(pf->fdir.rxq);
        pf->fdir.rxq = NULL;
-       i40e_dev_tx_queue_release(pf->fdir.txq);
        rte_eth_dma_zone_free(dev, "fdir_tx_ring", pf->fdir.txq->queue_id);
+       i40e_dev_tx_queue_release(pf->fdir.txq);
        pf->fdir.txq = NULL;
        i40e_vsi_release(vsi);
        pf->fdir.fdir_vsi = NULL;