From 7ef6d8dd63b9342a862cb986f66d3cced9a2cfb0 Mon Sep 17 00:00:00 2001 From: Jin Yu Date: Wed, 29 Jul 2020 23:45:42 +0800 Subject: [PATCH] virtio: fix scsi double free issue During virtio_pci_dev_probe, if enum_cb fails, hw needs to be released. But in bdev_virtio, if vdev fails after initialization, it will enter the bdev destruction process which call the modern_destruct_dev function and hw will be released during the process. So we will encounter the problem of hw being released twice. Change-Id: I1e8116283cfd810dfb050f8928f4ecd4bb2d815b Signed-off-by: Jin Yu Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/3566 Community-CI: Mellanox Build Bot Tested-by: SPDK CI Jenkins Reviewed-by: Shuhei Matsumoto Reviewed-by: Ben Walker Reviewed-by: Changpeng Liu --- module/bdev/virtio/bdev_virtio_scsi.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/module/bdev/virtio/bdev_virtio_scsi.c b/module/bdev/virtio/bdev_virtio_scsi.c index 520b8a17d..791359538 100644 --- a/module/bdev/virtio/bdev_virtio_scsi.c +++ b/module/bdev/virtio/bdev_virtio_scsi.c @@ -344,19 +344,21 @@ virtio_pci_scsi_dev_create(const char *name, struct virtio_pci_ctx *pci_ctx) &num_queues, sizeof(num_queues)); if (rc) { SPDK_ERRLOG("%s: config read failed: %s\n", vdev->name, spdk_strerror(-rc)); - virtio_dev_destruct(vdev); - free(svdev); - return NULL; + goto fail; } rc = virtio_scsi_dev_init(svdev, num_queues); if (rc != 0) { - virtio_dev_destruct(vdev); - free(svdev); - return NULL; + goto fail; } return svdev; + +fail: + vdev->ctx = NULL; + virtio_dev_destruct(vdev); + free(svdev); + return NULL; } static struct virtio_scsi_dev * @@ -1967,6 +1969,7 @@ bdev_virtio_pci_scsi_dev_create_cb(struct virtio_pci_ctx *pci_ctx, void *ctx) rc = virtio_scsi_dev_scan(svdev, create_ctx->cb_fn, create_ctx->cb_arg); if (rc) { + svdev->vdev.ctx = NULL; virtio_scsi_dev_remove(svdev, NULL, NULL); }