[dpdk-dev,v3,9/9] mem: fix possible use-after-free
Checks
Commit Message
If user has specified a flag to unmap the area right after mapping it,
we were passing an already-unmapped pointer to RTE_LOG. This is not an
issue since RTE_LOG doesn't actually dereference the pointer, but fix
it anyway by moving call to RTE_LOG to before unmap.
Coverity issue: 272584
Fixes: b7cc54187ea4 ("mem: move virtual area function in common directory")
Cc: anatoly.burakov@intel.com
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
lib/librte_eal/common/eal_common_memory.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
On Wed, Apr 25, 2018 at 10:56:47AM +0100, Anatoly Burakov wrote:
> If user has specified a flag to unmap the area right after mapping it,
> we were passing an already-unmapped pointer to RTE_LOG. This is not an
> issue since RTE_LOG doesn't actually dereference the pointer, but fix
> it anyway by moving call to RTE_LOG to before unmap.
>
> Coverity issue: 272584
>
> Fixes: b7cc54187ea4 ("mem: move virtual area function in common directory")
> Cc: anatoly.burakov@intel.com
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> lib/librte_eal/common/eal_common_memory.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/lib/librte_eal/common/eal_common_memory.c b/lib/librte_eal/common/eal_common_memory.c
> index 24a9ed5..3e30c58 100644
> --- a/lib/librte_eal/common/eal_common_memory.c
> +++ b/lib/librte_eal/common/eal_common_memory.c
> @@ -113,12 +113,12 @@ eal_get_virtual_area(void *requested_addr, size_t *size,
> RTE_LOG(WARNING, EAL, " This may cause issues with mapping memory into secondary processes\n");
> }
>
> - if (unmap)
> - munmap(mapped_addr, map_sz);
> -
> RTE_LOG(DEBUG, EAL, "Virtual area found at %p (size = 0x%zx)\n",
> aligned_addr, *size);
>
> + if (unmap)
> + munmap(mapped_addr, map_sz);
> +
> baseaddr_offset += *size;
>
> return aligned_addr;
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
@@ -113,12 +113,12 @@ eal_get_virtual_area(void *requested_addr, size_t *size,
RTE_LOG(WARNING, EAL, " This may cause issues with mapping memory into secondary processes\n");
}
- if (unmap)
- munmap(mapped_addr, map_sz);
-
RTE_LOG(DEBUG, EAL, "Virtual area found at %p (size = 0x%zx)\n",
aligned_addr, *size);
+ if (unmap)
+ munmap(mapped_addr, map_sz);
+
baseaddr_offset += *size;
return aligned_addr;