cryptodev_cb_init() may free partially allocated resources on failure,
but does not reset their pointers afterwards.
A later call to cryptodev_cb_cleanup() may then attempt to release both
resources even when one of them has already been freed, because the
cleanup logic does not rely on both pointers being valid independently.
Set freed pointers to NULL in the cryptodev_cb_init() error path to
make subsequent cleanup safe.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1c3ffb95595e ("cryptodev: add enqueue and dequeue callbacks")
Cc: [email protected]
Signed-off-by: Daniil Agalakov <[email protected]>
Signed-off-by: Daniil Iskhakov <[email protected]>
---
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
---
lib/cryptodev/rte_cryptodev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 50071935c2..5cb9c93c77 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -811,6 +811,7 @@ cryptodev_cb_init(struct rte_cryptodev *dev)
if (dev->deq_cbs == NULL) {
CDEV_LOG_ERR("Failed to allocate memory for deq callbacks");
rte_free(dev->enq_cbs);
+ dev->enq_cbs = NULL;
return -ENOMEM;
}
--
2.43.0
