Acked-by: Chengwen Feng <[email protected]>
On 2/18/2026 6:27 PM, David Marchand wrote:
> On Wed, 18 Feb 2026 at 10:05, Yehor Malikov <[email protected]> wrote:
>>
>> From: Yehor Malikov <[email protected]>
>>
>> The fdset_event_dispatch thread runs in a loop checking the destroy
>> flag after each epoll_wait iteration. During process exit,
>> rte_eal_cleanup() frees hugepage memory while the fdset thread is
>> still running. Since the fdset structure was allocated with
>> rte_zmalloc() (hugepage-backed), accessing it after rte_eal_cleanup()
>> causes use-after-free.
>>
>> Switch fdset allocation from rte_zmalloc/rte_free to libc
>> calloc/free. The fdset is a control-path structure that does not
>> need hugepage memory. Using libc allocation ensures the fdset
>> remains valid after rte_eal_cleanup() releases hugepages.
>>
>> Fixes: e68a6feaa3b3 ("vhost: improve fdset initialization")
> Cc: [email protected]
>
>>
>> Signed-off-by: Yehor Malikov <[email protected]>
>
> Thanks for the fix.
>
> Acked-by: David Marchand <[email protected]>
>
>
