From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id E8E7D45BB6
	for <public@inbox.dpdk.org>; Wed, 23 Oct 2024 23:17:50 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id DFB4843276;
	Wed, 23 Oct 2024 23:17:50 +0200 (CEST)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52]) by mails.dpdk.org (Postfix) with ESMTP id 3CFBD43276
 for <stable@dpdk.org>; Wed, 23 Oct 2024 23:17:49 +0200 (CEST)
Received: by mail-wm1-f52.google.com with SMTP id
 5b1f17b1804b1-4316a44d1bbso1943215e9.3
 for <stable@dpdk.org>; Wed, 23 Oct 2024 14:17:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1729718269; x=1730323069; darn=dpdk.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=fVQzZzjk1ib7JtU+lm1Qw+fs5tNDY+IqJFG3dwd1hwI=;
 b=hG1plwpdnZEX16RyQBFjCUZbD3iIFVdxFCQp2SjS+Yoz5Lk4rX4gFCWGEiUuBK5E9C
 A9gFnVjcnSAx89RGG0IBFX1EcX6l2J9+ervVqSFo10HQeTlgvmNU+l5X3TkLIF/qkTHv
 HMGpgRMlJvNfNhJZddKyRopNh3ZM7YvEe0gtru26PhywGLg3O2OZFKcPMRgXq1BFdGX/
 l38AQxOr23jnDJ/LwWUlNhWnC0ppm6nyx5CaiGtyGXJtZbh9o4p6dmU35fJgNreKJK0d
 fS/WqUQTxAPIotiAyGd2nOdgkQJeqCoQYrE2+v80iGLW92jMicMSRpCCvkZ5JPsHsDQB
 nP0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729718269; x=1730323069;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=fVQzZzjk1ib7JtU+lm1Qw+fs5tNDY+IqJFG3dwd1hwI=;
 b=rhGoRf5/DGRIW4r5PPa6vnNXTrSmQdb5adQfc0hiHTtfW49QGPDwV5MMGeDAcd9RHm
 dIND4lxgJ2H67204Kxlhixj44F+mbkQ46jDwHhlLdaAfN7lsL8zvJ1sFTPn8QtGe70Re
 JtImGstzk2qc6QVtSq1RJUVcV0JcLumZtXKRIxSOW946dZRaMR62ubx0NtyD0N9EbJPd
 sQsttAEwCG0hBwDHmc2gGs5NCXYqGR2ulgt9aKmj29CMzTApxKhGk0KPhwFIctVE3M7a
 BS6k3Jj3Pjfl0XDQtLF8JORFbO/X3zV3fRuXi736JqjWr8EJA4HZLdfaXycLLNuxp1Zl
 KrCQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXbLN2l0jYiNVqtEyZtELd0a8FwR7Ge2yT1q8WTibHXR1bkCOZ7lCZic8c3FaDyb9MgaiLEvEA=@dpdk.org
X-Gm-Message-State: AOJu0YzMmMqmVdL+L/X7MysmUVF2tTBSgwJVxSeyJ6lEE45vuZ7NW7lT
 PCvTk9S1smuCmFJ409j3LkIcmfCkA/zKz7lo6zxR6frWBjOmTkNp
X-Google-Smtp-Source: AGHT+IE536df+5Cuf/BYvWNpJYI0lh0xTV4uHHQF/hQ/ddE7z0+jDpUe91btHEOIuqOEYaKHeNScVw==
X-Received: by 2002:a05:600c:510a:b0:42c:bb96:340e with SMTP id
 5b1f17b1804b1-431841a2ebbmr31553955e9.31.1729718268675; 
 Wed, 23 Oct 2024 14:17:48 -0700 (PDT)
Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-37ee0b9bb4dsm9696150f8f.97.2024.10.23.14.17.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 23 Oct 2024 14:17:48 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: =?UTF-8?q?Morten=20Br=C3=B8rup?= <mb@smartsharesystems.com>,
 Konstantin Ananyev <konstantin.ananyev@huawei.com>,
 Wathsala Vithanage <wathsala.vithanage@arm.com>,
 dpdk stable <stable@dpdk.org>
Subject: patch 'net/e1000: fix use after free in filter flush' has been queued
 to stable release 22.11.7
Date: Wed, 23 Oct 2024 22:15:53 +0100
Message-ID: <20241023211704.1216956-13-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241023211704.1216956-1-luca.boccassi@gmail.com>
References: <20241023211704.1216956-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 22.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/25/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/7a1ad4c97e279f1eaa8c45870514bc41735eb22d

Thanks.

Luca Boccassi

---
>From 7a1ad4c97e279f1eaa8c45870514bc41735eb22d Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:12 -0700
Subject: [PATCH] net/e1000: fix use after free in filter flush
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ]

The driver cleanup code was freeing the filter object then
dereferencing it.

Bugzilla ID: 1550
Fixes: 6a4d050e2855 ("net/igb: flush all the filter")

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
 drivers/net/e1000/igb_ethdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c
index 8858f975f8..e9ad558c82 100644
--- a/drivers/net/e1000/igb_ethdev.c
+++ b/drivers/net/e1000/igb_ethdev.c
@@ -3857,11 +3857,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
 
 	filter_info->twotuple_mask &= ~(1 << filter->index);
 	TAILQ_REMOVE(&filter_info->twotuple_list, filter, entries);
-	rte_free(filter);
 
 	E1000_WRITE_REG(hw, E1000_TTQF(filter->index), E1000_TTQF_DISABLE_MASK);
 	E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0);
+	rte_free(filter);
 	return 0;
 }
 
@@ -4298,7 +4298,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
 
 	filter_info->fivetuple_mask &= ~(1 << filter->index);
 	TAILQ_REMOVE(&filter_info->fivetuple_list, filter, entries);
-	rte_free(filter);
 
 	E1000_WRITE_REG(hw, E1000_FTQF(filter->index),
 			E1000_FTQF_VF_BP | E1000_FTQF_MASK);
@@ -4307,6 +4306,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
 	E1000_WRITE_REG(hw, E1000_SPQF(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0);
 	E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0);
+	rte_free(filter);
 	return 0;
 }
 
-- 
2.45.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-10-23 22:16:41.047943731 +0100
+++ 0013-net-e1000-fix-use-after-free-in-filter-flush.patch	2024-10-23 22:16:40.443940563 +0100
@@ -1 +1 @@
-From 58196dc411576925a1d66b0da1d11b06072a7ac2 Mon Sep 17 00:00:00 2001
+From 7a1ad4c97e279f1eaa8c45870514bc41735eb22d Mon Sep 17 00:00:00 2001
@@ -8,0 +9,2 @@
+[ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ]
+
@@ -14 +15,0 @@
-Cc: stable@dpdk.org
@@ -25 +26 @@
-index 1e0a483d4a..d3a9181874 100644
+index 8858f975f8..e9ad558c82 100644
@@ -28 +29 @@
-@@ -3907,11 +3907,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
+@@ -3857,11 +3857,11 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev,
@@ -41 +42 @@
-@@ -4348,7 +4348,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
+@@ -4298,7 +4298,6 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
@@ -49 +50 @@
-@@ -4357,6 +4356,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,
+@@ -4307,6 +4306,7 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,