https://bugs.dpdk.org/show_bug.cgi?id=189
Bug ID: 189
Summary: RTE Timer Adapter Use After Free
Product: DPDK
Version: 19.02
Hardware: All
OS: All
Status: CONFIRMED
Severity: normal
Priority: Normal
Component: eventdev
Assignee: dev@dpdk.org
Reporter: mattias.ronnb...@ericsson.com
Target Milestone: ---
Upon event timer expiry, the timer adapter will cause the timer struct to be
used after its freed.
rte_event_timer_adapter.c:sw_event_timer_cb() calls rte_mempool_put(),
returning the internal timer-related data, including a rte_timer instance, to
the pool.
rte_timer_manage() updates fields of the rte_timer struct *after* the expiry
call back has finished.
Timers armed on a different core may retrieve this timer struct from the pool,
resulting in a data race.
--
You are receiving this mail because:
You are the assignee for the bug.
