From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH 3/3] pci: fix crash caused by invaild memory write Date: Tue, 02 May 2017 00:59:43 +0200 Message-ID: <1531100.1qSifb3cKg@xps> References: <1487599487-12574-1-git-send-email-hanxueluo@126.com> <1487599487-12574-3-git-send-email-hanxueluo@126.com> <20170222023623.GO18844@yliu-dev.sh.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: dev@dpdk.org To: Yuanhan Liu , hanxueluo@126.com, Huanle Han Return-path: Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by dpdk.org (Postfix) with ESMTP id 0547F330D for ; Tue, 2 May 2017 00:59:44 +0200 (CEST) In-Reply-To: <20170222023623.GO18844@yliu-dev.sh.intel.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 22/02/2017 03:36, Yuanhan Liu: > On Mon, Feb 20, 2017 at 10:04:47PM +0800, hanxueluo@126.com wrote: > > From: Huanle Han > > > > rte_eal_dev_detach() didn't remove dev from dev_device_list > > after free the dev. So the following attached dev wrote to > > the freed memory (tailq entry of previous dev) in below stack: > > > > == Invalid write of size 8 > > == at 0x43A9CE: rte_eal_device_insert (eal_common_dev.c:71) > > == by 0x42ED9E: pci_scan_one (eal_pci.c:365) > > == by 0x42EF4D: pci_update_device (eal_pci.c:391) > > == by 0x437F59: rte_eal_pci_probe_one (eal_common_pci.c:357) > > == by 0x43AB16: rte_eal_dev_attach (eal_common_dev.c:117) > > == by 0x45B3AA: rte_eth_dev_attach (rte_ethdev.c:489) > > == ... > > > > Signed-off-by: Huanle Han > > The two minor nits also apply here, besides that, > > Reviewed-by: Yuanhan Liu Nack The right fix is to remove the functions insert and remove. The list dev_device_list is not used anymore. I will make a patch.