From c30d87e6139c64eceade54972715b402c625763d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Beno=C3=AEt=20Ganne?= Date: Mon, 15 Jul 2019 17:16:49 +0200 Subject: [PATCH] tap: fix memory errors with create/delete API MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit CLI allocates vectors consumed by tap_create_if(), whereas API pass null-terminated C-strings allocated on API segment. Do not try to be too clever here, and just allocate our own private copies. Type: fix Fixes: 8d879e1a6bac47240a232893e914815f781fd4bf Ticket: VPP-1724 Change-Id: I3ccdb8e0fcd4cb9be414af9f38cf6c33931a1db7 Signed-off-by: Benoît Ganne --- src/vnet/devices/tap/tap.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/vnet/devices/tap/tap.c b/src/vnet/devices/tap/tap.c index 38ac0f93682..c090bedbd7f 100644 --- a/src/vnet/devices/tap/tap.c +++ b/src/vnet/devices/tap/tap.c @@ -208,7 +208,7 @@ tap_create_if (vlib_main_t * vm, tap_create_if_args_t * args) vif->ifindex = if_nametoindex (ifr.ifr_ifrn.ifrn_name); if (!args->host_if_name) - args->host_if_name = format (0, "%s", ifr.ifr_ifrn.ifrn_name); + args->host_if_name = (void *) ifr.ifr_ifrn.ifrn_name; unsigned int offload = 0; hdrsz = sizeof (struct virtio_net_hdr_v1); @@ -413,12 +413,9 @@ tap_create_if (vlib_main_t * vm, tap_create_if_args_t * args) clib_memcpy (vif->mac_addr, args->mac_addr, 6); - vif->host_if_name = args->host_if_name; - args->host_if_name = 0; - vif->net_ns = args->host_namespace; - args->host_namespace = 0; - vif->host_bridge = args->host_bridge; - args->host_bridge = 0; + vif->host_if_name = format (0, "%s%c", args->host_if_name, 0); + vif->net_ns = format (0, "%s%c", args->host_namespace, 0); + vif->host_bridge = format (0, "%s%c", args->host_bridge, 0); vif->host_mtu_size = args->host_mtu_size; clib_memcpy (vif->host_mac_addr, args->host_mac_addr, 6); vif->host_ip4_prefix_len = args->host_ip4_prefix_len; @@ -490,6 +487,11 @@ error: TX_QUEUE (i)); vec_free (vif->rxq_vrings); vec_free (vif->txq_vrings); + + vec_free (vif->host_if_name); + vec_free (vif->net_ns); + vec_free (vif->host_bridge); + clib_memset (vif, 0, sizeof (virtio_if_t)); pool_put (vim->interfaces, vif); -- 2.16.6