Re: [PATCH v2] tap: fix write-after-free and double free of intr_handle

On 5/4/22 14:17, David Marchand wrote: On Tue, May 3, 2022 at 8:23 PM Quentin Armitage wrote: rte_pmd_tun/tap_probe() allocates pmd->intr_handle in eth_dev_tap_create() and it should not be freed until rte_pmd_tap_remove() is called. Inspection of tap_rx_intr_vec_set() shows that the call to

Re: [PATCH v2] tap: fix write-after-free and double free of intr_handle

On Tue, May 3, 2022 at 8:23 PM Quentin Armitage wrote: > > rte_pmd_tun/tap_probe() allocates pmd->intr_handle in eth_dev_tap_create() > and it should not be freed until rte_pmd_tap_remove() is called. > > Inspection of tap_rx_intr_vec_set() shows that the call to > tap_tx_intr_vec_uninstall() was

[PATCH v2] tap: fix write-after-free and double free of intr_handle

rte_pmd_tun/tap_probe() allocates pmd->intr_handle in eth_dev_tap_create() and it should not be freed until rte_pmd_tap_remove() is called. Inspection of tap_rx_intr_vec_set() shows that the call to tap_tx_intr_vec_uninstall() was calling rte_intr_instance_free() but tap_tx_intr_vec_install() can