From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 39DB945BB6 for ; Wed, 23 Oct 2024 23:17:54 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3440943283; Wed, 23 Oct 2024 23:17:54 +0200 (CEST) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mails.dpdk.org (Postfix) with ESMTP id D9CDD40261 for ; Wed, 23 Oct 2024 23:17:52 +0200 (CEST) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4316cce103dso2677875e9.3 for ; Wed, 23 Oct 2024 14:17:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729718272; x=1730323072; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hV8TgLEnP11KhNj7LLyvGuj1vgHT0LMXyoR0Oync2Y0=; b=jPekhDt2vBru+JFMRZjeEWWCJ/5kEhKbK1s1p+i50siHw0dJ4VymvXOLIEGcOpggJ4 3qEAkeCLRXybQHn+DXfI2Ynh9M976n91hm0+jsMBLWWRqBzfA7OkjpEmKPvBwbEphEqL M1zGukfrK+ZElv6G/YmlyhyLUGguoZmzq8OWpehkL6gLDnKgPQ8xFlbVOKBgQPAy/4yz EbgyyS0XOZ1UmSg/LcKWpxHgdOVMy9gz93/CT300roK1a9ZBK8DOHTuG5B1VUiS0kecy EQiI2yqw0yhhrFSi4SAM2cFtd7od7W1sNELigaW22jPn3tRpf2fxiXq9DBr4S3uXdqhC wYIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729718272; x=1730323072; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hV8TgLEnP11KhNj7LLyvGuj1vgHT0LMXyoR0Oync2Y0=; b=BoAmgmkZXBdXnEqX72cTcUJUhOuiBzn/6qOwSfjy2PTGa2UtXm1Ts90TObf+zWH8ju dvpuj2YvPH1zEJ/dZWoqDcTYCNP+M0dm2WOUgTWmEMfeAW4VypftsMiK6vbbn8/Zam/2 6cyFdT3j6WrU+ANBy88XNjQdl6IDS0kNZ9dCVEwA10TmDnSPa+ke/Bp1drylMw1qvYQg 9IdPWQ5d6xKoC4D9KKYazzunq1VAYoNU07M+d6zS3phdH+wgOAvMBTVlqLBtUweH0VzW 7cwZe9jc4O0/zbetmzf6OHIoamGSWMEqQf9id2te6JJmzRkMnuPYJ0mfBhOA3u3tM5bG OgnA== X-Forwarded-Encrypted: i=1; AJvYcCXdfVuwPxL1RCX7h8GED3UvyiMNB7E9niHYWhYbvhaAm4/ABMB3/RLT9rKIQmQ/6e+UIzwJDFM=@dpdk.org X-Gm-Message-State: AOJu0YzuKbZxI+oPZ+BX1Y1wrWTQkPEE/HUNu3inCGrtARyGb7KSRRV3 dQpAn8FXFIRsPqmpw7+xiYERoCdzzCjgeOggJpmlCly9ktNslogx X-Google-Smtp-Source: AGHT+IEt/tZkbIhuow4eyfkV+WYeCzUNGXEpHxZRug6UkOOWHnoCL+Wsv6Q2bwwHptmLQ7kqukZhjA== X-Received: by 2002:a05:600c:6002:b0:431:52cc:877a with SMTP id 5b1f17b1804b1-4318424f1b0mr38047095e9.34.1729718272298; Wed, 23 Oct 2024 14:17:52 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43186bdeb4asm26783235e9.15.2024.10.23.14.17.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Oct 2024 14:17:51 -0700 (PDT) From: luca.boccassi@gmail.com To: Stephen Hemminger Cc: Ivan Malov , Andrew Rybchenko , =?UTF-8?q?Morten=20Br=C3=B8rup?= , Konstantin Ananyev , Wathsala Vithanage , dpdk stable Subject: patch 'net/sfc: fix use after free in debug logs' has been queued to stable release 22.11.7 Date: Wed, 23 Oct 2024 22:15:55 +0100 Message-ID: <20241023211704.1216956-15-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241023211704.1216956-1-luca.boccassi@gmail.com> References: <20241023211704.1216956-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 10/25/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/d8c04bbc9bbf10267c00dbf1fff30fc0e08fbfa4 Thanks. Luca Boccassi --- >From d8c04bbc9bbf10267c00dbf1fff30fc0e08fbfa4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 8 Oct 2024 09:47:13 -0700 Subject: [PATCH] net/sfc: fix use after free in debug logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [ upstream commit 757b0b6f207c072a550f43836856235aa41553ad ] If compiler detection of use-after-free is enabled then this drivers debug messages will cause warnings. Change to move debug message before the object is freed. Bugzilla ID: 1551 Fixes: 55c1238246d5 ("net/sfc: add more debug messages to transfer flows") Signed-off-by: Stephen Hemminger Reviewed-by: Ivan Malov Acked-by: Andrew Rybchenko Acked-by: Morten Brørup Acked-by: Konstantin Ananyev Acked-by: Wathsala Vithanage --- drivers/net/sfc/sfc_flow_rss.c | 4 ++-- drivers/net/sfc/sfc_mae.c | 13 +++++-------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/net/sfc/sfc_flow_rss.c b/drivers/net/sfc/sfc_flow_rss.c index e28c943335..8e2749833b 100644 --- a/drivers/net/sfc/sfc_flow_rss.c +++ b/drivers/net/sfc/sfc_flow_rss.c @@ -303,9 +303,9 @@ sfc_flow_rss_ctx_del(struct sfc_adapter *sa, struct sfc_flow_rss_ctx *ctx) TAILQ_REMOVE(&flow_rss->ctx_list, ctx, entries); rte_free(ctx->qid_offsets); - rte_free(ctx); - sfc_dbg(sa, "flow-rss: deleted ctx=%p", ctx); + + rte_free(ctx); } static int diff --git a/drivers/net/sfc/sfc_mae.c b/drivers/net/sfc/sfc_mae.c index b61b9658e3..4775953b8d 100644 --- a/drivers/net/sfc/sfc_mae.c +++ b/drivers/net/sfc/sfc_mae.c @@ -421,9 +421,8 @@ sfc_mae_outer_rule_del(struct sfc_adapter *sa, efx_mae_match_spec_fini(sa->nic, rule->match_spec); TAILQ_REMOVE(&mae->outer_rules, rule, entries); - rte_free(rule); - sfc_dbg(sa, "deleted outer_rule=%p", rule); + rte_free(rule); } static int @@ -582,9 +581,8 @@ sfc_mae_mac_addr_del(struct sfc_adapter *sa, struct sfc_mae_mac_addr *mac_addr) } TAILQ_REMOVE(&mae->mac_addrs, mac_addr, entries); - rte_free(mac_addr); - sfc_dbg(sa, "deleted mac_addr=%p", mac_addr); + rte_free(mac_addr); } enum sfc_mae_mac_addr_type { @@ -779,10 +777,10 @@ sfc_mae_encap_header_del(struct sfc_adapter *sa, } TAILQ_REMOVE(&mae->encap_headers, encap_header, entries); + sfc_dbg(sa, "deleted encap_header=%p", encap_header); + rte_free(encap_header->buf); rte_free(encap_header); - - sfc_dbg(sa, "deleted encap_header=%p", encap_header); } static int @@ -1085,9 +1083,8 @@ sfc_mae_action_set_del(struct sfc_adapter *sa, rte_free(action_set->counters); } TAILQ_REMOVE(&mae->action_sets, action_set, entries); - rte_free(action_set); - sfc_dbg(sa, "deleted action_set=%p", action_set); + rte_free(action_set); } static int -- 2.45.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-10-23 22:16:41.124423091 +0100 +++ 0015-net-sfc-fix-use-after-free-in-debug-logs.patch 2024-10-23 22:16:40.451940874 +0100 @@ -1 +1 @@ -From 757b0b6f207c072a550f43836856235aa41553ad Mon Sep 17 00:00:00 2001 +From d8c04bbc9bbf10267c00dbf1fff30fc0e08fbfa4 Mon Sep 17 00:00:00 2001 @@ -8,0 +9,2 @@ +[ upstream commit 757b0b6f207c072a550f43836856235aa41553ad ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -25,2 +26,2 @@ - drivers/net/sfc/sfc_mae.c | 25 ++++++++++--------------- - 2 files changed, 12 insertions(+), 17 deletions(-) + drivers/net/sfc/sfc_mae.c | 13 +++++-------- + 2 files changed, 7 insertions(+), 10 deletions(-) @@ -45 +46 @@ -index 60ff6d2181..8f74f10390 100644 +index b61b9658e3..4775953b8d 100644 @@ -48 +49 @@ -@@ -400,9 +400,8 @@ sfc_mae_outer_rule_del(struct sfc_adapter *sa, +@@ -421,9 +421,8 @@ sfc_mae_outer_rule_del(struct sfc_adapter *sa, @@ -59 +60 @@ -@@ -585,9 +584,8 @@ sfc_mae_mac_addr_del(struct sfc_adapter *sa, struct sfc_mae_mac_addr *mac_addr) +@@ -582,9 +581,8 @@ sfc_mae_mac_addr_del(struct sfc_adapter *sa, struct sfc_mae_mac_addr *mac_addr) @@ -70 +71 @@ -@@ -785,10 +783,10 @@ sfc_mae_encap_header_del(struct sfc_adapter *sa, +@@ -779,10 +777,10 @@ sfc_mae_encap_header_del(struct sfc_adapter *sa, @@ -74,4 +75 @@ -- rte_free(encap_header->buf); -- rte_free(encap_header); -- - sfc_dbg(sa, "deleted encap_header=%p", encap_header); ++ sfc_dbg(sa, "deleted encap_header=%p", encap_header); @@ -79,10 +77,2 @@ -+ rte_free(encap_header->buf); -+ rte_free(encap_header); - } - - static int -@@ -983,9 +981,8 @@ sfc_mae_counter_del(struct sfc_adapter *sa, struct sfc_mae_counter *counter) - } - - TAILQ_REMOVE(&mae->counters, counter, entries); -- rte_free(counter); + rte_free(encap_header->buf); + rte_free(encap_header); @@ -90,2 +80 @@ - sfc_dbg(sa, "deleted counter=%p", counter); -+ rte_free(counter); +- sfc_dbg(sa, "deleted encap_header=%p", encap_header); @@ -95,3 +84,3 @@ -@@ -1165,9 +1162,8 @@ sfc_mae_action_set_del(struct sfc_adapter *sa, - sfc_mae_mac_addr_del(sa, action_set->src_mac_addr); - sfc_mae_counter_del(sa, action_set->counter); +@@ -1085,9 +1083,8 @@ sfc_mae_action_set_del(struct sfc_adapter *sa, + rte_free(action_set->counters); + } @@ -103,24 +91,0 @@ - } - - static int -@@ -1401,10 +1397,10 @@ sfc_mae_action_set_list_del(struct sfc_adapter *sa, - sfc_mae_action_set_del(sa, action_set_list->action_sets[i]); - - TAILQ_REMOVE(&mae->action_set_lists, action_set_list, entries); -+ sfc_dbg(sa, "deleted action_set_list=%p", action_set_list); -+ - rte_free(action_set_list->action_sets); - rte_free(action_set_list); -- -- sfc_dbg(sa, "deleted action_set_list=%p", action_set_list); - } - - static int -@@ -1667,9 +1663,8 @@ sfc_mae_action_rule_del(struct sfc_adapter *sa, - sfc_mae_outer_rule_del(sa, rule->outer_rule); - - TAILQ_REMOVE(&mae->action_rules, rule, entries); -- rte_free(rule); -- - sfc_dbg(sa, "deleted action_rule=%p", rule); -+ rte_free(rule);