patches for DPDK stable branches
 help / color / mirror / Atom feed
From: luca.boccassi@gmail.com
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: "Morten Brørup" <mb@smartsharesystems.com>,
	"Konstantin Ananyev" <konstantin.ananyev@huawei.com>,
	"Wathsala Vithanage" <wathsala.vithanage@arm.com>,
	"dpdk stable" <stable@dpdk.org>
Subject: patch 'net/e1000: fix use after free in filter flush' has been queued to stable release 22.11.7
Date: Wed, 23 Oct 2024 22:15:53 +0100	[thread overview]
Message-ID: <20241023211704.1216956-13-luca.boccassi@gmail.com> (raw)
In-Reply-To: <20241023211704.1216956-1-luca.boccassi@gmail.com>

Hi,

FYI, your patch has been queued to stable release 22.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/25/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/7a1ad4c97e279f1eaa8c45870514bc41735eb22d

Thanks.

Luca Boccassi

---
From 7a1ad4c97e279f1eaa8c45870514bc41735eb22d Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:12 -0700
Subject: [PATCH] net/e1000: fix use after free in filter flush
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ]

The driver cleanup code was freeing the filter object then
dereferencing it.

Bugzilla ID: 1550
Fixes: 6a4d050e2855 ("net/igb: flush all the filter")

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
 drivers/net/e1000/igb_ethdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c
index 8858f975f8..e9ad558c82 100644
--- a/drivers/net/e1000/igb_ethdev.c
+++ b/drivers/net/e1000/igb_ethdev.c
@@ -3857,11 +3857,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
 
 	filter_info->twotuple_mask &= ~(1 << filter->index);
 	TAILQ_REMOVE(&filter_info->twotuple_list, filter, entries);
-	rte_free(filter);
 
 	E1000_WRITE_REG(hw, E1000_TTQF(filter->index), E1000_TTQF_DISABLE_MASK);
 	E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0);
+	rte_free(filter);
 	return 0;
 }
 
@@ -4298,7 +4298,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
 
 	filter_info->fivetuple_mask &= ~(1 << filter->index);
 	TAILQ_REMOVE(&filter_info->fivetuple_list, filter, entries);
-	rte_free(filter);
 
 	E1000_WRITE_REG(hw, E1000_FTQF(filter->index),
 			E1000_FTQF_VF_BP | E1000_FTQF_MASK);
@@ -4307,6 +4306,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
 	E1000_WRITE_REG(hw, E1000_SPQF(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0);
+	rte_free(filter);
 	return 0;
 }
 
-- 
2.45.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-10-23 22:16:41.047943731 +0100
+++ 0013-net-e1000-fix-use-after-free-in-filter-flush.patch	2024-10-23 22:16:40.443940563 +0100
@@ -1 +1 @@
-From 58196dc411576925a1d66b0da1d11b06072a7ac2 Mon Sep 17 00:00:00 2001
+From 7a1ad4c97e279f1eaa8c45870514bc41735eb22d Mon Sep 17 00:00:00 2001
@@ -8,0 +9,2 @@
+[ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ]
+
@@ -14 +15,0 @@
-Cc: stable@dpdk.org
@@ -25 +26 @@
-index 1e0a483d4a..d3a9181874 100644
+index 8858f975f8..e9ad558c82 100644
@@ -28 +29 @@
-@@ -3907,11 +3907,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
+@@ -3857,11 +3857,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
@@ -41 +42 @@
-@@ -4348,7 +4348,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
+@@ -4298,7 +4298,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
@@ -49 +50 @@
-@@ -4357,6 +4356,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
+@@ -4307,6 +4306,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,

  parent reply	other threads:[~2024-10-23 21:17 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-23 21:15 patch 'devtools: fix forbidden token check with multiple files' " luca.boccassi
2024-10-23 21:15 ` patch 'eal/x86: fix 32-bit write combining store' " luca.boccassi
2024-10-23 21:15 ` patch 'examples/eventdev: fix queue crash with generic pipeline' " luca.boccassi
2024-10-23 21:15 ` patch 'crypto/dpaa2_sec: fix memory leak' " luca.boccassi
2024-10-23 21:15 ` patch 'common/dpaax/caamflib: fix PDCP SNOW-ZUC watchdog' " luca.boccassi
2024-10-23 21:15 ` patch 'dev: fix callback lookup when unregistering device' " luca.boccassi
2024-10-23 21:15 ` patch 'examples/ipsec-secgw: fix dequeue count from cryptodev' " luca.boccassi
2024-10-23 21:15 ` patch 'bpf: fix free function mismatch if convert fails' " luca.boccassi
2024-10-23 21:15 ` patch 'baseband/la12xx: fix use after free in modem config' " luca.boccassi
2024-10-23 21:15 ` patch 'crypto/bcmfs: fix free function mismatch' " luca.boccassi
2024-10-23 21:15 ` patch 'dma/idxd: fix free function mismatch in device probe' " luca.boccassi
2024-10-23 21:15 ` patch 'event/cnxk: fix free function mismatch in port config' " luca.boccassi
2024-10-23 21:15 ` luca.boccassi [this message]
2024-10-23 21:15 ` patch 'net/nfp: fix double free in flow destroy' " luca.boccassi
2024-10-23 21:15 ` patch 'net/sfc: fix use after free in debug logs' " luca.boccassi
2024-10-23 21:15 ` patch 'raw/ifpga/base: fix use after free' " luca.boccassi
2024-10-23 21:15 ` patch 'raw/ifpga: fix free function mismatch in interrupt config' " luca.boccassi
2024-10-23 21:15 ` patch 'examples/vhost: fix free function mismatch' " luca.boccassi
2024-10-23 21:15 ` patch 'net/nfb: fix use after free' " luca.boccassi
2024-10-23 21:16 ` patch 'power: enable CPPC' " luca.boccassi
2024-10-23 21:16 ` patch 'fib6: add runtime checks in AVX512 lookup' " luca.boccassi
2024-10-23 21:16 ` patch 'app/dumpcap: fix handling of jumbo frames' " luca.boccassi
2024-10-23 21:16 ` patch 'net/cnxk: fix Rx timestamp handling for VF' " luca.boccassi
2024-10-23 21:16 ` patch 'net/cnxk: fix Rx offloads to handle timestamp' " luca.boccassi
2024-10-23 21:16 ` patch 'event/cnxk: fix Rx timestamp handling' " luca.boccassi
2024-10-23 21:16 ` patch 'common/cnxk: fix CPT HW word size for outbound SA' " luca.boccassi
2024-10-23 21:16 ` patch 'common/cnxk: fix base log level' " luca.boccassi
2024-10-23 21:16 ` patch 'baseband/acc: fix access to deallocated mem' " luca.boccassi
2024-10-23 21:16 ` patch 'vhost: fix offset while mapping log base address' " luca.boccassi
2024-10-23 21:16 ` patch 'vdpa: update used flags in used ring relay' " luca.boccassi
2024-10-23 21:16 ` patch 'net/virtio-user: reset used index counter' " luca.boccassi
2024-10-23 21:16 ` patch 'fib: fix AVX512 lookup' " luca.boccassi
2024-10-23 21:16 ` patch 'net/e1000: fix link status crash in secondary process' " luca.boccassi
2024-10-23 21:16 ` patch 'net/iavf: fix crash when link is unstable' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ice/base: fix link speed for 200G' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ice/base: fix iteration of TLVs in Preserved Fields Area' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ixgbe/base: fix unchecked return value' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix setting flags in init function' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix misleading debug logs and comments' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix blinking X722 with X557 PHY' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix DDP loading with reserved track ID' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix repeated register dumps' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix unchecked return value' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e/base: fix loop bounds' " luca.boccassi
2024-10-23 21:16 ` patch 'net/i40e: fix AVX-512 pointer copy on 32-bit' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ice: " luca.boccassi
2024-10-23 21:16 ` patch 'net/iavf: " luca.boccassi
2024-10-23 21:16 ` patch 'net/tap: avoid memcpy with null argument' " luca.boccassi
2024-10-23 21:16 ` patch 'app/testpmd: remove unnecessary cast' " luca.boccassi
2024-10-23 21:16 ` patch 'net/pcap: set live interface as non-blocking' " luca.boccassi
2024-10-23 21:16 ` patch 'net/mana: support rdma-core via pkg-config' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ena: revert redefining memcpy' " luca.boccassi
2024-10-23 21:16 ` patch 'net/hns3: remove some basic address dump' " luca.boccassi
2024-10-23 21:16 ` patch 'net/hns3: fix dump counter of registers' " luca.boccassi
2024-10-23 21:16 ` patch 'ethdev: fix overflow in descriptor count' " luca.boccassi
2024-10-23 21:16 ` patch 'bus/dpaa: fix PFDRs leaks due to FQRNIs' " luca.boccassi
2024-10-23 21:16 ` patch 'net/dpaa: fix typecasting channel ID' " luca.boccassi
2024-10-23 21:16 ` patch 'bus/dpaa: fix VSP for 1G fm1-mac9 and 10' " luca.boccassi
2024-10-23 21:16 ` patch 'bus/dpaa: fix the fman details status' " luca.boccassi
2024-10-23 21:16 ` patch 'net/dpaa: fix reallocate mbuf handling' " luca.boccassi
2024-10-23 21:16 ` patch 'net/memif: fix buffer overflow in zero copy Rx' " luca.boccassi
2024-10-23 21:16 ` patch 'net/tap: restrict maximum number of MP FDs' " luca.boccassi
2024-10-23 21:16 ` patch 'ethdev: verify queue ID in Tx done cleanup' " luca.boccassi
2024-10-23 21:16 ` patch 'net/hns3: verify reset type from firmware' " luca.boccassi
2024-10-23 21:16 ` patch 'net/nfp: fix link change return value' " luca.boccassi
2024-10-23 21:16 ` patch 'net/pcap: fix blocking Rx' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ice/base: add bounds check' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ice/base: fix VLAN replay after reset' " luca.boccassi
2024-10-23 21:16 ` patch 'net/iavf: preserve MAC address with i40e PF Linux driver' " luca.boccassi
2024-10-23 21:16 ` patch 'net/mlx5: workaround list management of Rx queue control' " luca.boccassi
2024-10-23 21:16 ` patch 'net/mlx5: fix number of supported flex parsers' " luca.boccassi
2024-10-23 21:16 ` patch 'app/testpmd: remove flex item init command leftover' " luca.boccassi
2024-10-23 21:16 ` patch 'net/mlx5: fix next protocol validation after flex item' " luca.boccassi
2024-10-23 21:16 ` patch 'build: remove version check on compiler links function' " luca.boccassi
2024-10-23 21:16 ` patch 'hash: fix thash LFSR initialization' " luca.boccassi
2024-10-23 21:16 ` patch 'dmadev: fix potential null pointer access' " luca.boccassi
2024-10-23 21:16 ` patch 'net/gve/base: fix build with Fedora Rawhide' " luca.boccassi
2024-10-23 21:16 ` patch 'power: fix mapped lcore ID' " luca.boccassi
2024-10-23 21:16 ` patch 'net/ionic: fix build on Fedora Rawhide' " luca.boccassi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241023211704.1216956-13-luca.boccassi@gmail.com \
    --to=luca.boccassi@gmail.com \
    --cc=konstantin.ananyev@huawei.com \
    --cc=mb@smartsharesystems.com \
    --cc=stable@dpdk.org \
    --cc=stephen@networkplumber.org \
    --cc=wathsala.vithanage@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).