From 3501b2f40d07b68ab560ec3deb3ad82f14dfe1fa Mon Sep 17 00:00:00 2001 From: Philip Yang Date: Thu, 26 Oct 2017 10:54:15 -0400 Subject: [PATCH] Fix double free on fork after hsaKmtCloseKFD Child process hsaKmtOpenKFD() call must re-initialize global variables copied from parent process. This includes close all file handles, free dynamically malloc buf. Double free issue is because destroy_device_ debugging_memory() free the memory in parent process hsaKmtCloseKFD() but don't reset it to null pointer. As a result, child process free it again. kfd_fd is closed in parent process but don't reset to 0, so child process close it again. Fix: reset kfd_fd to 0 after close, reset is_device_debugged pointer to 0 after free Change-Id: I421b3decbcaa4111298b8e599aa16940d851a58c Signed-off-by: Philip Yang --- src/debug.c | 4 +++- src/openclose.c | 10 ++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/debug.c b/src/debug.c index 05a21329b9..5f8e95c34a 100644 --- a/src/debug.c +++ b/src/debug.c @@ -47,8 +47,10 @@ HSAKMT_STATUS init_device_debugging_memory(unsigned int NumNodes) void destroy_device_debugging_memory(void) { - if (is_device_debugged) + if (is_device_debugged) { free(is_device_debugged); + is_device_debugged = NULL; + } } HSAKMT_STATUS HSAKMTAPI hsaKmtDbgRegister(HSAuint32 NodeId) diff --git a/src/openclose.c b/src/openclose.c index caaa6d924c..403d38de30 100644 --- a/src/openclose.c +++ b/src/openclose.c @@ -66,7 +66,10 @@ static void clear_after_fork(void) clear_events_page(); fmm_clear_all_mem(); destroy_device_debugging_memory(); - close(kfd_fd); + if (kfd_fd) { + close(kfd_fd); + kfd_fd = 0; + } kfd_open_count = 0; } @@ -172,7 +175,10 @@ HSAKMT_STATUS HSAKMTAPI hsaKmtCloseKFD(void) destroy_device_debugging_memory(); destroy_process_doorbells(); fmm_destroy_process_apertures(); - close(kfd_fd); + if (kfd_fd) { + close(kfd_fd); + kfd_fd = 0; + } } result = HSAKMT_STATUS_SUCCESS;