On Tue, Jun 18, 2024 at 11:24 AM Robin Jarry <rja...@redhat.com> wrote:
>
> The graph id is determined based on a global variable that is
> incremented every time a graph is created, and decremented every time
> a graph is destroyed. This only works if graphs are destroyed in the
> reverse order in which they have been created.
>
> The following code produces duplicate graph IDs which can lead to
> use-after-free bugs and other undefined behaviours:
>
> a = rte_graph_create(...); // id=0 graph_id=1
> b = rte_graph_create(...); // id=1 graph_id=2
> rte_graph_destroy(a); // graph_id=1
> c = rte_graph_create(...); // id=1 graph_id=2 (duplicate with b)
> rte_graph_destroy(c); // frees memory still used by b
>
> Remove the global counter. Make sure that the graph list is always
> ordered by increasing graph ids. When creating a new graph, pick a free
> id which is not allocated.
>
> Update unit tests to ensure it works as expected.
Fixes: a91fecc19c5c ("graph: implement create and destroy")
Cc: sta...@dpdk.org
>
> Signed-off-by: Robin Jarry <rja...@redhat.com>
Acked-by: Kiran Kumar Kokkilagadda <kirankum...@marvell.com>
Applied, thanks.
--
David Marchand
