[ovs-dev] [PATCH] dpdk: Fix abort on double free.

Ilya Maximets i.maximets at samsung.com
Mon Nov 28 14:31:54 UTC 2016


According to DPDK API (lib/librte_eal/common/include/rte_eal.h):

	"After the call to rte_eal_init(), all arguments argv[x]
	 with x < ret may be modified and should not be accessed
	 by the application."

This means, that OVS must not free the arguments passed to DPDK.
In real world, 'rte_eal_init()' replaces the last argument in
'dpdk_argv' with the first one by doing this:

	# eal_parse_args() from lib/librte_eal/linuxapp/eal/eal.c

	char *prgname = argv[0];
	...
	if (optind >= 0)
		argv[optind-1] = prgname;

This leads to double free inside 'deferred_argv_release()' and
possible ABORT at exit:

*** Error in `ovs-vswitchd': double free or corruption (fasttop) <...> ***
	Program received signal SIGABRT, Aborted.

	#0  raise () from /lib64/libc.so.6
	#1  abort () from /lib64/libc.so.6
	#2  __libc_message () from /lib64/libc.so.6
	#3  free () from /lib64/libc.so.6
	#4  deferred_argv_release () at lib/dpdk.c:261
	#5  __run_exit_handlers () from /lib64/libc.so.6
	#6  exit () from /lib64/libc.so.6
	#7  __libc_start_main () from /lib64/libc.so.6
	#8  _start ()

Fix that by not calling free for the memory passed to DPDK.

CC: Aaron Conole <aconole at redhat.com>
Fixes: bab694097133 ("netdev-dpdk: Convert initialization from cmdline to db")
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
---
 lib/dpdk.c | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/lib/dpdk.c b/lib/dpdk.c
index 49a589a..2014946 100644
--- a/lib/dpdk.c
+++ b/lib/dpdk.c
@@ -254,17 +254,6 @@ static char **dpdk_argv;
 static int dpdk_argc;
 
 static void
-deferred_argv_release(void)
-{
-    int result;
-    for (result = 0; result < dpdk_argc; ++result) {
-        free(dpdk_argv[result]);
-    }
-
-    free(dpdk_argv);
-}
-
-static void
 dpdk_init__(const struct smap *ovs_other_config)
 {
     char **argv = NULL;
@@ -384,8 +373,6 @@ dpdk_init__(const struct smap *ovs_other_config)
     dpdk_argv = argv;
     dpdk_argc = argc;
 
-    atexit(deferred_argv_release);
-
     rte_memzone_dump(stdout);
 
     /* We are called from the main thread here */
-- 
2.7.4



More information about the dev mailing list