From 161419983da296f329039e15b88e11ea31b15702 Mon Sep 17 00:00:00 2001 From: Darek Stojaczyk Date: Fri, 23 Nov 2018 16:43:28 +0100 Subject: [PATCH] eal: fix devargs reference after probing failure Even if a device failed to plug, it's still a device object that references the devargs. Those devargs will be freed automatically together with the device, but freeing them any earlier - like it's done in the hotplug error handling path right now - will give us a dangling pointer and a segfault scenario. Consider the following case: * secondary process receives the hotplug request IPC message * devargs are either created or updated * the bus is scanned * a new device object is created with the latest devargs * the device can't be plugged for whatever reason, bus->plug returns error * the devargs are freed, even though they're still referenced by the device object on the bus For PCI devices, the generic device name comes from a buffer within the devargs. Freeing those will make EAL segfault whenever the device name is checked. This patch just prevents the hotplug error handling path from removing the devargs when there's a device that references them. This is done by simply exiting early from the hotplug function. As mentioned in the beginning, those devargs will be freed later, together with the device itself. Fixes: 7e8b26650146 ("eal: fix hotplug add / remove") Signed-off-by: Darek Stojaczyk Acked-by: Maxime Coquelin Acked-by: Thomas Monjalon --- lib/librte_eal/common/eal_common_dev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/librte_eal/common/eal_common_dev.c b/lib/librte_eal/common/eal_common_dev.c index a08dc085fd..fd7f5ca7d5 100644 --- a/lib/librte_eal/common/eal_common_dev.c +++ b/lib/librte_eal/common/eal_common_dev.c @@ -166,12 +166,16 @@ local_dev_probe(const char *devargs, struct rte_device **new_dev) ret = -ENODEV; goto err_devarg; } + /* Since there is a matching device, it is now its responsibility + * to manage the devargs we've just inserted. From this point + * those devargs shouldn't be removed manually anymore. + */ ret = dev->bus->plug(dev); if (ret && !rte_dev_is_probed(dev)) { /* if hasn't ever succeeded */ RTE_LOG(ERR, EAL, "Driver cannot attach the device (%s)\n", dev->name); - goto err_devarg; + return ret; } *new_dev = dev; -- 2.20.1