rdma: fixed heap used after free issue.
With ASAN to run this cases, it will report issue about heap used after free in spdk_nvmf_rdma_qpair_destroy. Resources have been released before, change the order to in this tailq to release resources. ERROR: AddressSanitizer: heap-use-after-free on address 0x6080000080e0 at pc 0x0000006e1e3f bp 0x7fd48b6c3df0 sp 0x7fd48b6c3de0 READ of size 8 at 0x6080000080e0 thread T3 (reactor_1) 0x6e1e3e in spdk_nvmf_rdma_qpair_destroy spdk/lib/nvmf/rdma.c:813 Change-Id: Ia1c12bca84955a2de60399e6b265c9b8901bb51e Signed-off-by: yidong0635 <dongx.yi@intel.com> Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/448534 Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Changpeng Liu <changpeng.liu@intel.com> Reviewed-by: Seth Howell <seth.howell5141@gmail.com> Reviewed-by: Jim Harris <james.r.harris@intel.com>
This commit is contained in:
parent
ae11723ae9
commit
fc43fbba04
@ -2704,6 +2704,10 @@ spdk_nvmf_rdma_poll_group_destroy(struct spdk_nvmf_transport_poll_group *group)
|
||||
TAILQ_FOREACH_SAFE(poller, &rgroup->pollers, link, tmp) {
|
||||
TAILQ_REMOVE(&rgroup->pollers, poller, link);
|
||||
|
||||
TAILQ_FOREACH_SAFE(qpair, &poller->qpairs, link, tmp_qpair) {
|
||||
spdk_nvmf_rdma_qpair_destroy(qpair);
|
||||
}
|
||||
|
||||
if (poller->srq) {
|
||||
nvmf_rdma_resources_destroy(poller->resources);
|
||||
ibv_destroy_srq(poller->srq);
|
||||
@ -2713,9 +2717,6 @@ spdk_nvmf_rdma_poll_group_destroy(struct spdk_nvmf_transport_poll_group *group)
|
||||
if (poller->cq) {
|
||||
ibv_destroy_cq(poller->cq);
|
||||
}
|
||||
TAILQ_FOREACH_SAFE(qpair, &poller->qpairs, link, tmp_qpair) {
|
||||
spdk_nvmf_rdma_qpair_destroy(qpair);
|
||||
}
|
||||
|
||||
free(poller);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user