From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 5B37D45BB6
	for <public@inbox.dpdk.org>; Wed, 23 Oct 2024 23:17:34 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5589D43254;
	Wed, 23 Oct 2024 23:17:34 +0200 (CEST)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54]) by mails.dpdk.org (Postfix) with ESMTP id 0D94343254
 for <stable@dpdk.org>; Wed, 23 Oct 2024 23:17:33 +0200 (CEST)
Received: by mail-wm1-f54.google.com with SMTP id
 5b1f17b1804b1-4316e9f4a40so2115545e9.2
 for <stable@dpdk.org>; Wed, 23 Oct 2024 14:17:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1729718252; x=1730323052; darn=dpdk.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=WyE9i/gZBbcynO6LmYJWm2VSNADWnnexR+b1XzSRVuE=;
 b=YnVMLNEZhODDE8izboFkJIa6Hx9/+4gzLa57LynoGPXD+cichQ0LWB4QTkTeGUKOQ2
 W4APyCcnJxJAk1M+xkDH2q295Sng3u8HE/mDHoXS9jBOwGfTRSfWaxCLYQuXgHESy+/j
 OwSA00wG22/N2E0ZXqdxabpHgl2Zcvx4pkS+Jksa3X2aXpy4sKKYDNPw2j7PlNWYGMMj
 +rcnb04ncmR4pR2nf/8Ry+GtUmQTqjUc000cZBSTVfWozZubOHbJqAdIa+br47fIELsY
 d4YqRu2zZr9buviFTBftaci49GpHoTU/8CTRWKxHVOA1HhbT0jb2EUWJgbvCGeAkxJtf
 W+Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729718253; x=1730323053;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=WyE9i/gZBbcynO6LmYJWm2VSNADWnnexR+b1XzSRVuE=;
 b=Vra+Zo3FrPaTFF3BkZShRFp37wrJcDGBjrZbXmvy8b/J8zgHtT0pIJrKiDq9GZtquP
 M1vVfHqXHaDlGgYcx5eH2yNT9VFNzU/k3N8xz5xMpxWgsUlILZzsVWwnUpu1nJaYX5bq
 lpDOaGr/8D/gEshbNhVozwxJ+PtUiuVcEVj+31tEF1qkkyHUqWdx1cm3Dht7l2UrleGz
 Rtt0+T9lZk2xfjlUYSuh+OBcdwigu5t5n6eslDf02NHzyXWs5qEF3VhefZmQ6z7vDPJs
 sLHFnGkNLEzr3kFj2VlNa8BAJ8BKEk5WHwPZKV//BmUelQgvyL39lVmNw+11Ubz7jUXc
 uB8w==
X-Forwarded-Encrypted: i=1;
 AJvYcCV8V3rSOAv+UdBATSV7ifGaQrzCq0f4VReTRbZTYYuv9fdxvbDuBJ3SwrJGNOGMvdE8c2ea3Aw=@dpdk.org
X-Gm-Message-State: AOJu0YyGrAajITrVIbLtj4xmsFEUDEUV6W8XyMVmTBA9wA6XwoWrZ134
 VFPiKcLabevMcX8ba5k+w4tBsFJR9kFI2NDOJB4NOsGj+LP4Qvzn
X-Google-Smtp-Source: AGHT+IFjOISNoEuhqu+JV/4Y53za487Im+9q65S/L/vPxqqv6YyURe+52hzhW1Df07Q+at1Bp4952Q==
X-Received: by 2002:a05:600c:1ca9:b0:431:4fa0:2e0b with SMTP id
 5b1f17b1804b1-4318419e348mr34112345e9.28.1729718252331; 
 Wed, 23 Oct 2024 14:17:32 -0700 (PDT)
Received: from localhost ([2a01:4b00:d036:ae00:21cd:def0:a01d:d2aa])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-43186bfb6bfsm26558285e9.23.2024.10.23.14.17.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 23 Oct 2024 14:17:31 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>,
 =?UTF-8?q?Morten=20Br=C3=B8rup?= <mb@smartsharesystems.com>,
 Konstantin Ananyev <konstantin.ananyev@huawei.com>,
 Wathsala Vithanage <wathsala.vithanage@arm.com>,
 dpdk stable <stable@dpdk.org>
Subject: patch 'baseband/la12xx: fix use after free in modem config' has been
 queued to stable release 22.11.7
Date: Wed, 23 Oct 2024 22:15:49 +0100
Message-ID: <20241023211704.1216956-9-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20241023211704.1216956-1-luca.boccassi@gmail.com>
References: <20241023211704.1216956-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 22.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/25/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/38eba244a3d5407f508a1dbd8a1b17f47337c82c

Thanks.

Luca Boccassi

---
>From 38eba244a3d5407f508a1dbd8a1b17f47337c82c Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:19 -0700
Subject: [PATCH] baseband/la12xx: fix use after free in modem config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[ upstream commit 6ffb34498913f84713e98d6a2a21d2a86028a604 ]

The info pointer (hp) could get freed twice.
Fix by nulling after free.

In function 'setup_la12xx_dev',
inlined from 'la12xx_bbdev_create' at
	../drivers/baseband/la12xx/bbdev_la12xx.c:1029:8,
inlined from 'la12xx_bbdev_probe' at
	../drivers/baseband/la12xx/bbdev_la12xx.c:1075:9:
../drivers/baseband/la12xx/bbdev_la12xx.c:901:9:
	error: pointer 'hp_info' may be used after 'rte_free'
	[-Werror=use-after-free]
901 |         rte_free(hp);
    |         ^~~~~~~~~~~~
../drivers/baseband/la12xx/bbdev_la12xx.c:791:17:
	note: call to 'rte_free' here
791 |                 rte_free(hp);
    |                 ^~~~~~~~~~~~

Fixes: 24d0ba22546e ("baseband/la12xx: add queue and modem config")

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
 drivers/baseband/la12xx/bbdev_la12xx.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/baseband/la12xx/bbdev_la12xx.c b/drivers/baseband/la12xx/bbdev_la12xx.c
index 1a56e73abd..cad6f9490e 100644
--- a/drivers/baseband/la12xx/bbdev_la12xx.c
+++ b/drivers/baseband/la12xx/bbdev_la12xx.c
@@ -789,6 +789,7 @@ setup_la12xx_dev(struct rte_bbdev *dev)
 		ipc_priv->hugepg_start.size = hp->len;
 
 		rte_free(hp);
+		hp = NULL;
 	}
 
 	dev_ipc = open_ipc_dev(priv->modem_id);
-- 
2.45.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-10-23 22:16:40.895052857 +0100
+++ 0009-baseband-la12xx-fix-use-after-free-in-modem-config.patch	2024-10-23 22:16:40.439940407 +0100
@@ -1 +1 @@
-From 6ffb34498913f84713e98d6a2a21d2a86028a604 Mon Sep 17 00:00:00 2001
+From 38eba244a3d5407f508a1dbd8a1b17f47337c82c Mon Sep 17 00:00:00 2001
@@ -8,0 +9,2 @@
+[ upstream commit 6ffb34498913f84713e98d6a2a21d2a86028a604 ]
+
@@ -28 +29,0 @@
-Cc: stable@dpdk.org
@@ -40 +41 @@
-index af4b4f1e9a..2432cdf884 100644
+index 1a56e73abd..cad6f9490e 100644