23/11/2018 18:04, Maxime Coquelin:
> Hi,
>
> On 11/23/18 4:43 PM, Darek Stojaczyk wrote:
> > Even if a device failed to plug, it's still a device
> > object that references the devargs. Those devargs will
> > be freed automatically together with the device, but
> > freeing them any earlier - like it's done in the hotplug
> > error handling path right now - will give us a dangling
> > pointer and a segfault scenario.
> >
> > Consider the following case:
> > * secondary process receives the hotplug request IPC message
> > * devargs are either created or updated
> > * the bus is scanned
> > * a new device object is created with the latest devargs
> > * the device can't be plugged for whatever reason,
> > bus->plug returns error
> > * the devargs are freed, even though they're still referenced
> > by the device object on the bus
> >
> > For PCI devices, the generic device name comes from
> > a buffer within the devargs. Freeing those will make
> > EAL segfault whenever the device name is checked.
> >
> > This patch just prevents the hotplug error handling
> > path from removing the devargs when there's a device
> > that references them. This is done by simply exiting
> > early from the hotplug function. As mentioned in the
> > beginning, those devargs will be freed later, together
> > with the device itself.
> >
> > Fixes: 7e8b26650146 ("eal: fix hotplug add / remove")
>
> Should you also cc stable?
> Above commit is in since v17.08.
>
> > Cc: gaetan.ri...@6wind.com
> > Cc: tho...@monjalon.net
> >
> > Signed-off-by: Darek Stojaczyk <dariusz.stojac...@intel.com>
> Acked-by: Maxime Coquelin <maxime.coque...@redhat.com>
Acked-by: Thomas Monjalon <tho...@monjalon.net>
Applied (with rebase), thanks
