[rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm

public inbox for linux-rdma@vger.kernel.org
 help / color / mirror / Atom feed

* [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm
@ 2019-09-19  6:40 Honggang LI
  2019-09-20 16:21 ` Bart Van Assche
  2019-09-24  8:11 ` Leon Romanovsky
  0 siblings, 2 replies; 3+ messages in thread
From: Honggang LI @ 2019-09-19  6:40 UTC (permalink / raw)
  To: bvanassche; +Cc: linux-rdma, Honggang Li

From: Honggang Li <honli@redhat.com>

Command: ./ibsrpdm -d /dev/infiniband/umadX

Invalid free() / delete / delete[] / realloc()
   at 0x4C320DC: free (vg_replace_malloc.c:540)
   by 0x403BBB: free_config (srp_daemon.c:1811)
   by 0x4031BE: ibsrpdm (srp_daemon.c:2113)
   by 0x4031BE: main (srp_daemon.c:2153)
 Address 0x5ee5fd0 is 0 bytes inside a block of size 16 free'd
   at 0x4C320DC: free (vg_replace_malloc.c:540)
   by 0x404851: translate_umad_to_ibdev_and_port (srp_daemon.c:729)
   by 0x404851: set_conf_dev_and_port (srp_daemon.c:1586)
   by 0x403171: ibsrpdm (srp_daemon.c:2092)
   by 0x403171: main (srp_daemon.c:2153)
 Block was alloc'd at
   at 0x4C30EDB: malloc (vg_replace_malloc.c:309)
   by 0x40478D: translate_umad_to_ibdev_and_port (srp_daemon.c:698)
   by 0x40478D: set_conf_dev_and_port (srp_daemon.c:1586)
   by 0x403171: ibsrpdm (srp_daemon.c:2092)
   by 0x403171: main (srp_daemon.c:2153)

Signed-off-by: Honggang Li <honli@redhat.com>
---
 srp_daemon/srp_daemon.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srp_daemon/srp_daemon.c b/srp_daemon/srp_daemon.c
index 337b21c7..f0bcf923 100644
--- a/srp_daemon/srp_daemon.c
+++ b/srp_daemon/srp_daemon.c
@@ -727,6 +727,7 @@ end:
 	if (ret) {
 		free(*ibport);
 		free(*ibdev);
+		*ibdev = NULL;
 	}
 	free(class_dev_path);
 
-- 
2.21.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm
  2019-09-19  6:40 [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm Honggang LI
@ 2019-09-20 16:21 ` Bart Van Assche
  2019-09-24  8:11 ` Leon Romanovsky
  1 sibling, 0 replies; 3+ messages in thread
From: Bart Van Assche @ 2019-09-20 16:21 UTC (permalink / raw)
  To: Honggang LI; +Cc: linux-rdma

On 9/18/19 11:40 PM, Honggang LI wrote:
> diff --git a/srp_daemon/srp_daemon.c b/srp_daemon/srp_daemon.c
> index 337b21c7..f0bcf923 100644
> --- a/srp_daemon/srp_daemon.c
> +++ b/srp_daemon/srp_daemon.c
> @@ -727,6 +727,7 @@ end:
>   	if (ret) {
>   		free(*ibport);
>   		free(*ibdev);
> +		*ibdev = NULL;
>   	}
>   	free(class_dev_path);

Reviewed-by: Bart Van Assche <bvanassche@acm.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm
  2019-09-19  6:40 [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm Honggang LI
  2019-09-20 16:21 ` Bart Van Assche
@ 2019-09-24  8:11 ` Leon Romanovsky
  1 sibling, 0 replies; 3+ messages in thread
From: Leon Romanovsky @ 2019-09-24  8:11 UTC (permalink / raw)
  To: Honggang LI; +Cc: bvanassche, linux-rdma

On Thu, Sep 19, 2019 at 02:40:45PM +0800, Honggang LI wrote:
> From: Honggang Li <honli@redhat.com>
>
> Command: ./ibsrpdm -d /dev/infiniband/umadX
>
> Invalid free() / delete / delete[] / realloc()
>    at 0x4C320DC: free (vg_replace_malloc.c:540)
>    by 0x403BBB: free_config (srp_daemon.c:1811)
>    by 0x4031BE: ibsrpdm (srp_daemon.c:2113)
>    by 0x4031BE: main (srp_daemon.c:2153)
>  Address 0x5ee5fd0 is 0 bytes inside a block of size 16 free'd
>    at 0x4C320DC: free (vg_replace_malloc.c:540)
>    by 0x404851: translate_umad_to_ibdev_and_port (srp_daemon.c:729)
>    by 0x404851: set_conf_dev_and_port (srp_daemon.c:1586)
>    by 0x403171: ibsrpdm (srp_daemon.c:2092)
>    by 0x403171: main (srp_daemon.c:2153)
>  Block was alloc'd at
>    at 0x4C30EDB: malloc (vg_replace_malloc.c:309)
>    by 0x40478D: translate_umad_to_ibdev_and_port (srp_daemon.c:698)
>    by 0x40478D: set_conf_dev_and_port (srp_daemon.c:1586)
>    by 0x403171: ibsrpdm (srp_daemon.c:2092)
>    by 0x403171: main (srp_daemon.c:2153)
>
> Signed-off-by: Honggang Li <honli@redhat.com>
> ---
>  srp_daemon/srp_daemon.c | 1 +
>  1 file changed, 1 insertion(+)

Queued, https://github.com/linux-rdma/rdma-core/pull/585

Thanks

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-09-24  8:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-19  6:40 [rdma-core patch] srp_daemon: fix a double free segment fault for ibsrpdm Honggang LI
2019-09-20 16:21 ` Bart Van Assche
2019-09-24  8:11 ` Leon Romanovsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox