From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id EAB354613B;
	Mon, 27 Jan 2025 20:25:50 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 210C940A80;
	Mon, 27 Jan 2025 20:25:50 +0100 (CET)
Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com
 [209.85.219.50]) by mails.dpdk.org (Postfix) with ESMTP id 0380D40A6F
 for <dev@dpdk.org>; Mon, 27 Jan 2025 20:25:47 +0100 (CET)
Received: by mail-qv1-f50.google.com with SMTP id
 6a1803df08f44-6dccccd429eso50412246d6.3
 for <dev@dpdk.org>; Mon, 27 Jan 2025 11:25:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=broadcom.com; s=google; t=1738005947; x=1738610747; darn=dpdk.org;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=Mg8Bx8T0yM7q4/KwapX6de6Af0qAQbW6EK+xw8w8avE=;
 b=X/o23TjOkWBZXVmREvjTKvvC0XCaK21D9Nf1XKJgRu8383IlHn9vlpilx230fpRfRy
 OII3EeCDZEiJ0JpI37jDNnfQS0riWSpo3PhtbdyZXqCFcA/H4z+0ZmNsaxTH03tanVCg
 jkeM188fmtixiM1u09fDvzlb1Hdd3Yfgvyx0k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1738005947; x=1738610747;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=Mg8Bx8T0yM7q4/KwapX6de6Af0qAQbW6EK+xw8w8avE=;
 b=QQd1/kRrUOhj7rJI+KlkxRI+5+S2tz/ebuLY6QlbgyZz2C3lcLIygm65NvuL5EIDY3
 vRbGAB+M3TtEufETpJZyRroj/QgQTukvVp1N1JjdlJDOYE2IImMCAFhG+ogH1iGtxoyq
 QYpyQtF8HbSWFx/YzzCy0dmYcsCc+n8Nb2vpfhutxl3goLwQVYxWfx/ONFgrBwJyUFOX
 ggBnF1TZ9fhEf1eneeAhk9BTPSKiqJwC7msGx8HVjlWCLJIXwS7ydoo4MYrJifJ5dGkL
 Oe2uzTXPXg6dJCFdlQorO5m3AJfgnRf1fq9oD6RJCRHlaCMq7p5ckVukI2A+Fu+TSxwC
 n24Q==
X-Gm-Message-State: AOJu0Yz6wqvTa/MdcusCSTzu42z0KtnIreTN6uJcam4coXzM1xVnJZrG
 DKtvUsoDwXHNjc+7ZvI0VMi3oRIBSYlCfybp5FYbs9ROBPc5Q5HwXr7D9GTnCG3UPop8lQPpFva
 QigPS/VEe6erLsK65I60vRDtcbDNUUmJtIzHE
X-Gm-Gg: ASbGnct6CaLvD9LqzP+Q4bLYs1zZ/oNeRnKcNpFK6X247FI5LYcfrXvNED1Vn2ez1Hj
 Av+L3kcoa9qB6yCizGBKpTy4UD1mS+/Vlo8OyuzCTw48bd2tMKxzX8kv7Xz47B5zNuyDmBV4B94
 6+p7JZ0RQl+1B4lVYaXM00
X-Google-Smtp-Source: AGHT+IHM5ux6hnNBhW8O4ckuILq8XxZjcAuwZlFVJvUVlSxN84QvmWOaAHYhL/ys9fVoIobrq28LDHfFzcLP+BLibxc=
X-Received: by 2002:a05:6214:27e2:b0:6d4:586:6291 with SMTP id
 6a1803df08f44-6e1b21dbe12mr698821566d6.25.1738005947200; Mon, 27 Jan 2025
 11:25:47 -0800 (PST)
MIME-Version: 1.0
References: <20250127180842.97907-1-stephen@networkplumber.org>
 <20250127180842.97907-5-stephen@networkplumber.org>
In-Reply-To: <20250127180842.97907-5-stephen@networkplumber.org>
From: Ajit Khaparde <ajit.khaparde@broadcom.com>
Date: Mon, 27 Jan 2025 11:25:30 -0800
X-Gm-Features: AWEUYZng3FojVaupY5Roa36N2Br-HoTiXOzIDXq6HkHNXvDiYPYQjfHVrse-QCA
Message-ID: <CACZ4nhtqve6nGZnWKK5oumF0dizwinFP1xNVymzN4FOzTi2RnA@mail.gmail.com>
Subject: Re: [RFC 4/7] net/bnxt: fix use after free
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: dev@dpdk.org, stable@dpdk.org, Somnath Kotur <somnath.kotur@broadcom.com>, 
 Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg=sha-256; boundary="0000000000001df65a062cb50b8b"
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

--0000000000001df65a062cb50b8b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 27, 2025 at 10:08=E2=80=AFAM Stephen Hemminger
<stephen@networkplumber.org> wrote:
>
> The filter cleanup loop was using STAILQ_FOREACH and rte_free
> and would dereference the filter after free.
>
> Found by build with -Dbsanitize=3Daddress,undefined
>
> Fixes: e8fe0e067b68 ("net/bnxt: fix allocation of PF info struct")
> Cc: ajit.khaparde@broadcom.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
> ---
>  drivers/net/bnxt/bnxt_filter.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/bnxt/bnxt_filter.c b/drivers/net/bnxt/bnxt_filte=
r.c
> index 7b90ba651f..f083f3aa94 100644
> --- a/drivers/net/bnxt/bnxt_filter.c
> +++ b/drivers/net/bnxt/bnxt_filter.c
> @@ -3,14 +3,12 @@
>   * All rights reserved.
>   */
>
> -#include <sys/queue.h>
> -
>  #include <rte_byteorder.h>
>  #include <rte_log.h>
>  #include <rte_malloc.h>
>  #include <rte_flow.h>
>  #include <rte_flow_driver.h>
> -#include <rte_tailq.h>
> +#include <rte_queue.h>
>
>  #include "bnxt.h"
>  #include "bnxt_filter.h"
> @@ -151,7 +149,9 @@ void bnxt_free_filter_mem(struct bnxt *bp)
>         bp->filter_info =3D NULL;
>
>         for (i =3D 0; i < bp->pf->max_vfs; i++) {
> -               STAILQ_FOREACH(filter, &bp->pf->vf_info[i].filter, next) =
{
> +               struct bnxt_filter_info *tmp;
> +
> +               STAILQ_FOREACH_SAFE(filter, &bp->pf->vf_info[i].filter, n=
ext, tmp) {
>                         rte_free(filter);
>                         STAILQ_REMOVE(&bp->pf->vf_info[i].filter, filter,
>                                       bnxt_filter_info, next);
> --
> 2.45.2
>

--0000000000001df65a062cb50b8b
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIIQdgYJKoZIhvcNAQcCoIIQZzCCEGMCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg
gg3NMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD
VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE
AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT
AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS
MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t
rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e
aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1
e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH
cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG
MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ
KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu
TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i
YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j
b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo
CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN
BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf
jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8
9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ
/oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ
jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC
AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v
dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5
MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB
IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E
XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J
J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u
nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv
riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj
QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N
UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH
M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU
Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V
14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy
a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/
XzCCBVUwggQ9oAMCAQICDAzZWuPidkrRZaiw2zANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC
RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg
UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAwODE4NDVaFw0yNTA5MTAwODE4NDVaMIGW
MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU
BgNVBAoTDUJyb2FkY29tIEluYy4xHDAaBgNVBAMTE0FqaXQgS3VtYXIgS2hhcGFyZGUxKTAnBgkq
hkiG9w0BCQEWGmFqaXQua2hhcGFyZGVAYnJvYWRjb20uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArZ/Aqg34lMOo2BabvAa+dRThl9OeUUJMob125dz+jvS78k4NZn1mYrHu53Dn
YycqjtuSMlJ6vJuwN2W6QpgTaA2SDt5xTB7CwA2urpcm7vWxxLOszkr5cxMB1QBbTd77bXFuyTqW
jrer3VIWqOujJ1n+n+1SigMwEr7PKQR64YKq2aRYn74ukY3DlQdKUrm2yUkcA7aExLcAwHWUna/u
pZEyqKnwS1lKCzjX7mV5W955rFsFxChdAKfw0HilwtqdY24mhy62+GeaEkD0gYIj1tCmw9gnQToc
K+0s7xEunfR9pBrzmOwS3OQbcP0nJ8SmQ8R+reroH6LYuFpaqK1rgQIDAQABo4IB2zCCAdcwDgYD
VR0PAQH/BAQDAgWgMIGjBggrBgEFBQcBAQSBljCBkzBOBggrBgEFBQcwAoZCaHR0cDovL3NlY3Vy
ZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3J0MEEG
CCsGAQUFBzABhjVodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9nc2djY3IzcGVyc29uYWxzaWdu
MmNhMjAyMDBNBgNVHSAERjBEMEIGCisGAQQBoDIBKAowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93
d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6
hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24yY2EyMDIwLmNy
bDAlBgNVHREEHjAcgRphaml0LmtoYXBhcmRlQGJyb2FkY29tLmNvbTATBgNVHSUEDDAKBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSWM9HmWBdbNHWKgVZk1b5I3qGPzzAdBgNVHQ4EFgQUbrcTuh0mr2qP
xYdtyDgFeRIiE/gwDQYJKoZIhvcNAQELBQADggEBALrc1TljKrDhXicOaZlzIQyqOEkKAZ324i8X
OwzA0n2EcPGmMZvgARurvanSLD3mLeeuyq1feCcjfGM1CJFh4+EY7EkbFbpVPOIdstSBhbnAJnOl
aC/q0wTndKoC/xXBhXOZB8YL/Zq4ZclQLMUO6xi/fFRyHviI5/IrosdrpniXFJ9ukJoOXtvdrEF+
KlMYg/Deg9xo3wddCqQIsztHSkR4XaANdn+dbLRQpctZ13BY1lim4uz5bYn3M0IxyZWkQ1JuPHCK
aRJv0SfR88PoI4RB7NCEHqFwARTj1KvFPQi8pK/YISFydZYbZrxQdyWDidqm4wSuJfpE6i0cWvCd
u50xggJtMIICaQIBATBrMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNh
MTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBSMyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwAgwM2Vrj
4nZK0WWosNswDQYJYIZIAWUDBAIBBQCggdQwLwYJKoZIhvcNAQkEMSIEICAradjXnsfa/21Kvz6M
p7OhXHMP+cg616D0Gkdjoo1pMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF
MQ8XDTI1MDEyNzE5MjU0N1owaQYJKoZIhvcNAQkPMVwwWjALBglghkgBZQMEASowCwYJYIZIAWUD
BAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzALBgkqhkiG9w0BAQowCwYJKoZIhvcNAQEHMAsG
CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQAbV6Hc1sr82j97NFuVfgqZoCgsQyZn0yWAeEph
+JWSCF2lQAQDrxIDsXVEb1a5ulEkoY0+HfN5z3kaFSh+NkIXfYes4oLlVFG1r1xCxco4aP5lCca3
5Yu+Jgwh77kBrfQxUDvzGEdv4m+RngvCTg7upuxtJTn1C8qwdgFeY/A8AO/tSnteudxI3pDCXZS2
j9FRnAFBICXEd0ZdLgxZbvJSEzQGEQ2r8tTb+ZzS8N1F6c4OPdWyT6Iwib+FPdaFygIXxgl4ccqi
3PesvvMhYKEsanoxl+8HKOwXW3EN4+x94qP6zt9qLbUPKXfAY+IZoRmprhHf53WYvgmjGOILPo98
--0000000000001df65a062cb50b8b--