When handling VHOST_USER_SET_MEM_TABLE request ending
up in changing existing memory map, a device's memory
pointer may ends up being dereference while being NULL in
IOTLB cache flush function.
Coverity issue: 383646
Fixes: dea092d0addb ("vhost: fix madvise arguments alignment")
Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
---
lib/vhost/vhost_user.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
index 9e361082dc..23a6a4e2bd 100644
--- a/lib/vhost/vhost_user.c
+++ b/lib/vhost/vhost_user.c
@@ -1355,16 +1355,16 @@ vhost_user_set_mem_table(struct virtio_net **pdev,
async_notify = true;
}
+ /* Flush IOTLB cache as previous HVAs are now invalid */
+ if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
+ for (i = 0; i < dev->nr_vring; i++)
+ vhost_user_iotlb_flush_all(dev,
dev->virtqueue[i]);
+
free_mem_region(dev);
rte_free(dev->mem);
dev->mem = NULL;
}
- /* Flush IOTLB cache as previous HVAs are now invalid */
- if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
- for (i = 0; i < dev->nr_vring; i++)
- vhost_user_iotlb_flush_all(dev, dev->virtqueue[i]);
-
/*
* If VQ 0 has already been allocated, try to allocate on the same
* NUMA node. It can be reallocated later in numa_realloc().
--
2.39.2
