master

分支 (13)

标签 (6)

管理

管理

master

openEuler-22.03-LTS-SP1

openEuler-20.03-LTS-SP3

sync-pr452-openEuler-22.03-LTS-to-openEuler-22.03-LTS-SP2

sync-pr452-openEuler-22.03-LTS-to-master

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS

sync-pr445-master-to-openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-Next

openEuler-23.03

openEuler-22.09

openEuler-20.03-LTS-Next

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

gazelle
/
0249-fix-t_params-use-after-free-in-k...

From 52a5607eb8f20ccbaf03c8046b29763c2081e24a Mon Sep 17 00:00:00 2001
From: jiangheng <jiangheng14@huawei.com>
Date: Mon, 5 Sep 2022 14:46:46 +0800
Subject: [PATCH] fix t_params use after free in kernel event thread

---
 src/lstack/core/lstack_protocol_stack.c | 30 +++++++++++++++----------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/lstack/core/lstack_protocol_stack.c b/src/lstack/core/lstack_protocol_stack.c
index 52a0c8f..a8c5e14 100644
--- a/src/lstack/core/lstack_protocol_stack.c
+++ b/src/lstack/core/lstack_protocol_stack.c
@@ -263,7 +263,9 @@ static void* gazelle_kernelevent_thread(void *arg)
     struct thread_params *t_params = (struct thread_params*) arg;
     uint16_t idx = t_params->idx;
     struct protocol_stack *stack = get_protocol_stack_group()->stacks[idx];
+    struct protocol_stack_group *stack_group = get_protocol_stack_group();

+    sem_post(&stack_group->thread_phase1);
     bind_to_stack_numa(stack);

     LSTACK_LOG(INFO, LSTACK, "kernelevent_%02hu start\n", idx);
@@ -358,23 +360,22 @@ static struct protocol_stack *stack_thread_init(void *arg)
     struct protocol_stack *stack = calloc(1, sizeof(*stack));
     if (stack == NULL) {
         LSTACK_LOG(ERR, LSTACK, "malloc stack failed\n");
-        sem_post(&stack_group->thread_phase1);
-        return NULL;
+        goto END2;
     }

     if (init_stack_value(stack, arg) != 0) {
-        goto END;
+        goto END2;
     }

     if (init_stack_numa_cpuset(stack) < 0) {
-        goto END;
+        goto END2;
     }
     if (create_affiliate_thread(arg) < 0) {
-        goto END;
+        goto END2;
     }

     if (thread_affinity_init(stack->cpu_id) != 0) {
-        goto END;
+        goto END1;
     }
     RTE_PER_LCORE(_lcore_id) = stack->cpu_id;

@@ -384,7 +385,7 @@ static struct protocol_stack *stack_thread_init(void *arg)

     if (use_ltran()) {
         if (client_reg_thrd_ring() != 0) {
-            goto END;
+            goto END1;
         }
     }

@@ -397,14 +398,18 @@ static struct protocol_stack *stack_thread_init(void *arg)
     usleep(SLEEP_US_BEFORE_LINK_UP);

     if (ethdev_init(stack) != 0) {
-        free(stack);
-        return NULL;
+        goto END1;
     }

     return stack;
-END:
+/* kernel event thread dont create, stack thread post sem twice */
+END2:
+    sem_post(&stack_group->thread_phase1);
+END1:
     sem_post(&stack_group->thread_phase1);
-    free(stack);
+    if (stack != NULL) {
+        free(stack);
+    }
     return NULL;
 }

@@ -597,7 +602,8 @@ int32_t init_protocol_stack(void)
         }
     }

-    wait_sem_value(&stack_group->thread_phase1, stack_group->stack_num);
+    /* stack_num * 2: stack thread and kernel event thread will post sem */
+    wait_sem_value(&stack_group->thread_phase1, stack_group->stack_num * 2);

     for (int idx = 0; idx < queue_num; idx++){
         free(t_params[idx]);
--
2.27.0