From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D282D45BB6 for ; Wed, 23 Oct 2024 23:18:10 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CD4AD43291; Wed, 23 Oct 2024 23:18:10 +0200 (CEST) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mails.dpdk.org (Postfix) with ESMTP id ECB1D43291 for ; Wed, 23 Oct 2024 23:18:09 +0200 (CEST) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4315baec681so2121355e9.2 for ; Wed, 23 Oct 2024 14:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729718289; x=1730323089; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hWlcGg3QI+VkOQ6Jzl4DMa+7VnJ/ovrJ04FrdyQuKr4=; b=M8L0C6uaXKrPKaeQaXyJ3pSkPvMGZQbM+Z/Bfb4LH/ryJy1zCWiHhgQ4m7tgB5g5OS +zHU21zx/9iCk1E9t942ZOcPnbS/EzWyR4ka+ksythYrlpW6oO6SfZ7MZP8WgCshrcB7 9ropwfGQE6FsLSaQ9Ndx/tCeDoX4+SDJ8WpvncJh2S3QcLWqtR4j3egV1Ev5BkDqubcz 0viu1fsWLb0Z6Q7xirUjxo/DGd8SfmAoCqOXEeRbpKCxqz7FXceWqvQJfjMQfoI2ryks Bwa3K5wfilOQQ7dEiICS/GYiLuIMMeg+RozTgTqzs16A/xuetCrWWA3no8PCxK6a6Q7b lDtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729718289; x=1730323089; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hWlcGg3QI+VkOQ6Jzl4DMa+7VnJ/ovrJ04FrdyQuKr4=; b=jQrv8GJkggp3uFyEhMqtGub4ifplTK9SBe2K/MQpK3BVs6GQtQuxk08VKGkEIP1C17 VvLVq28BdO0Z7jiCU4/hqWb9f7BOaMKeoLaevQ0uXrXhnt1E44tmRJtmESiCiK47jZwe IRdXtp8AQy17oobTto5NA891lsvwlXU7WdPU2nURi+CK2kb8XEOAidP2NHA9har2lbIB 3uaMAJ8PbLe41jMHDRbNOxcPmzIaZ/N9lIgh5hjdUas4EWGw3x7xrIle/5JESllShQsF 6tJDG7vTOlxMywceUB2FerVDUf9raFphmidsj8+GUyPEK3D3KHK6ZVtA+kL3HHV7IMRL q4Gw== X-Forwarded-Encrypted: i=1; AJvYcCWphsr/M2JA7ZX9TNVKY9cgZZw5pjXwNI/LNhm6lGfjqngtaCiQAt0fNQ2vWAFFBhxv4t+iqfs=@dpdk.org X-Gm-Message-State: AOJu0Yxo0mvwg8m6SoTzcUkZlkjm0kJhoM57oU7L+JQ4xFM9b14t0jOW TZUZ2AznET4FwcY2V9DcNonvViews0ovF3lPzYzqJru0jcAZyzsUnYlkKA== X-Google-Smtp-Source: AGHT+IGNoLsEfehgmTJoYRaj+9PGY2e/9am9BGcGkLBw33NaP3gyGBhVarelDSqbIZor8LTvP1tQxQ== X-Received: by 2002:a05:600c:3b1b:b0:42c:b9c8:2bb0 with SMTP id 5b1f17b1804b1-4318412fdedmr31070895e9.4.1729718289437; Wed, 23 Oct 2024 14:18:09 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43186be509dsm26609805e9.16.2024.10.23.14.18.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Oct 2024 14:18:09 -0700 (PDT) From: luca.boccassi@gmail.com To: Thomas Monjalon Cc: David Marchand , dpdk stable Subject: patch 'net/nfb: fix use after free' has been queued to stable release 22.11.7 Date: Wed, 23 Oct 2024 22:15:59 +0100 Message-ID: <20241023211704.1216956-19-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241023211704.1216956-1-luca.boccassi@gmail.com> References: <20241023211704.1216956-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 10/25/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/d56b8cfa79131b17c1f40a2f2708a42a3bc94159 Thanks. Luca Boccassi --- >From d56b8cfa79131b17c1f40a2f2708a42a3bc94159 Mon Sep 17 00:00:00 2001 From: Thomas Monjalon Date: Thu, 10 Oct 2024 19:11:07 +0200 Subject: [PATCH] net/nfb: fix use after free [ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ] With the annotations added to the allocation functions in commit 80da7efbb4c4 ("eal: annotate allocation functions"), more issues are detected at compilation time: nfb_rx.c:133:28: error: pointer 'rxq' used after 'rte_free' It is fixed by moving the assignment before freeing the parent pointer. Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver") Signed-off-by: Thomas Monjalon Reviewed-by: David Marchand --- drivers/net/nfb/nfb_rx.c | 2 +- drivers/net/nfb/nfb_tx.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/nfb/nfb_rx.c b/drivers/net/nfb/nfb_rx.c index 8a9b232305..7941197b77 100644 --- a/drivers/net/nfb/nfb_rx.c +++ b/drivers/net/nfb/nfb_rx.c @@ -129,7 +129,7 @@ nfb_eth_rx_queue_release(struct rte_eth_dev *dev, uint16_t qid) if (rxq->queue != NULL) { ndp_close_rx_queue(rxq->queue); - rte_free(rxq); rxq->queue = NULL; + rte_free(rxq); } } diff --git a/drivers/net/nfb/nfb_tx.c b/drivers/net/nfb/nfb_tx.c index d49fc324e7..5c38d69934 100644 --- a/drivers/net/nfb/nfb_tx.c +++ b/drivers/net/nfb/nfb_tx.c @@ -108,7 +108,7 @@ nfb_eth_tx_queue_release(struct rte_eth_dev *dev, uint16_t qid) if (txq->queue != NULL) { ndp_close_tx_queue(txq->queue); - rte_free(txq); txq->queue = NULL; + rte_free(txq); } } -- 2.45.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-10-23 22:16:41.271460365 +0100 +++ 0019-net-nfb-fix-use-after-free.patch 2024-10-23 22:16:40.451940874 +0100 @@ -1 +1 @@ -From 76da9834ebb6e43e005bd5895ff4568d0e7be78f Mon Sep 17 00:00:00 2001 +From d56b8cfa79131b17c1f40a2f2708a42a3bc94159 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -25 +26 @@ -index f72afafe8f..462bc3b50d 100644 +index 8a9b232305..7941197b77 100644 @@ -38 +39 @@ -index a1318a4205..cf99268c43 100644 +index d49fc324e7..5c38d69934 100644