RE: [PATCH] eal/linux: unregister alarm callback before free ptr

Wed, 21 May 2025 04:43:12 -0700 


> Subject: [PATCH] eal/linux: unregister alarm callback before free ptr
> 
> This was flagged by Address sanitizer as a use after free. The
> intr_handle ptr is shared between the main thread and the interrupt
> thread, and the interrupt thread can dereference the ptr after free
> is called when the main thread cleans up (from the alarm callback).
> 
> The interrupt thread never terminates (eal_intr_thread_main) so
> use rte_intr_callback_unregister_sync during cleanup to
> ensure the callback is removed before freeing the ptr.
> 
> To be more defensive clear out the pointer and registration
> variable if we can unregister.
> 
> Bugzilla ID: 1683
> 
> Signed-off-by: Rui Ferreira <rui.ferrei...@h-partners.com>
> ---
>  .mailmap                  | 1 +
>  lib/eal/linux/eal_alarm.c | 9 ++++++++-
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/.mailmap b/.mailmap
> index d8439b79ce..907c5ea967 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -1332,6 +1332,7 @@ Rosen Xu <rosen...@altera.com> <rosen...@intel.com>
>  Roy Franz <roy.fr...@cavium.com>
>  Roy Pledge <roy.ple...@nxp.com>
>  Roy Shterman <roy.shter...@vastdata.com>
> +Rui Ferreira <rui.ferrei...@h-partners.com>
>  Ruifeng Wang <ruifeng.w...@arm.com>
>  Rushil Gupta <rush...@google.com>
>  Ryan E Hall <ryan.e.h...@intel.com>
> diff --git a/lib/eal/linux/eal_alarm.c b/lib/eal/linux/eal_alarm.c
> index b216a007a3..eb6a21d4f0 100644
> --- a/lib/eal/linux/eal_alarm.c
> +++ b/lib/eal/linux/eal_alarm.c
> @@ -57,7 +57,14 @@ static void eal_alarm_callback(void *arg);
>  void
>  rte_eal_alarm_cleanup(void)
>  {
> -     rte_intr_instance_free(intr_handle);
> +     /* unregister callback using intr_handle in interrupt thread */
> +     int ret = rte_intr_callback_unregister_sync(intr_handle,
> +                                             eal_alarm_callback, (void *)-1);
> +     if (ret >= 0) {
> +             rte_intr_instance_free(intr_handle);
> +             intr_handle = NULL;
> +             handler_registered = 0;
> +     }
>  }
> 
>  int
> --

Acked-by: Konstantin Ananyev <konstantin.anan...@huawei.com>

As a nit: as it is a bug-fix, probably start with 'fix ..' in the subject.
Also "Fixes:" and probably " Cc: sta...@dpdk.org" needs to be added.

> 2.35.3























					Reply via email to