From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 084B545BC9 for ; Fri, 25 Oct 2024 02:14:49 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D39B74060C; Fri, 25 Oct 2024 02:14:48 +0200 (CEST) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mails.dpdk.org (Postfix) with ESMTP id C03E64060C for ; Fri, 25 Oct 2024 02:14:47 +0200 (CEST) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-718e9c8bd83so1704990b3a.1 for ; Thu, 24 Oct 2024 17:14:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1729815286; x=1730420086; darn=dpdk.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Cnag5iXnKpeBErCrD/800pEi+CBSBpBkfCLLbw21Qqw=; b=uX/zK5Q3jGZ/qWIQ6jjBSqUPgwCNTOMImtvRkCMYTGPNHO+Vg7pfSyE66EXed52HP4 CkJ4YHEyQx+7YtnDO770pAG8lpszelh12olbUzNL0N2cIycLTlgSGoWwQUkmEmvRiiei +lFDey9AnszFg1V0WGQMmKwUGM8lgtCjsM7YiNv35r/l0PsZl27jfl+N/58MvqdK5NPT VEuAz/vmDIFhn6K03/7E4hpdP30dLqQBVrUNlnMZKhbaJsSB8ehLISm3tWcRC9oDj/Rd RpgpjKqlQ3DpzyXiyX0Sxn6JSVbSOxVPaoIwDUnlcTOFQvVa+Um0OKztmEzgwwcAV1hh y7+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729815286; x=1730420086; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Cnag5iXnKpeBErCrD/800pEi+CBSBpBkfCLLbw21Qqw=; b=lMqAEEsVAfe1V0Ht8IzUDdygo01IHBPIgDuE5PMx7Jhk3KeOtpi/PW5IY6wgdyh0nr roUh/a+eeXTI+U7LJMggOT8XqSV4gwjnY/5k8hYStceUBmxkVP8WtsDd4xRAE8ekBMqc VSz9AbIcb2axSW0BjpJ3rkptwbyMoxTsktcOOeZNAf0oyrZ1aN7MiwYTJmeAcEpDpAv+ Wjd0aZgAvBHCZUUraKc05azCJtQKBa3/K1H3Fp/5SvIyms7AUidS6f9T8Pikd8pC31xk NFekRSMU5ioxx2S+t8L+v1/BRkg5fKIs7p1tOWZwJ35yrS0p9qy6Z4NoEbsN9Olsfbm2 NWRQ== X-Gm-Message-State: AOJu0YwqP0sovoHDdADWy26zeqHIGzvMLFnRJqWWneVmogWzM5t/mAMG hW/xEStCA5mssbbx3DOUIo8AKbVNDRcnzdT0BFYJaJdbdlJOJPFVyxjYKzvVcKuLkLzuechMQkH 4 X-Google-Smtp-Source: AGHT+IEzI+rJTBstfvcXF+zVnOH2psdV4FKkYEqJABOQ9cxzFBkCQxqSAQY3VH/kyYG0oEDsL1N/ew== X-Received: by 2002:a05:6a00:39a2:b0:71e:4dc5:259a with SMTP id d2e1a72fcca58-72045280660mr6681016b3a.7.1729815286447; Thu, 24 Oct 2024 17:14:46 -0700 (PDT) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72057a0b63esm14047b3a.108.2024.10.24.17.14.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Oct 2024 17:14:46 -0700 (PDT) From: Stephen Hemminger To: stable@dpdk.org Cc: Stephen Hemminger , =?UTF-8?q?Morten=20Br=C3=B8rup?= , Konstantin Ananyev , Wathsala Vithanage Subject: [PATCH 22.11] common/idpf: fix use after free in mailbox init Date: Thu, 24 Oct 2024 17:14:23 -0700 Message-ID: <20241025001435.284362-1-stephen@networkplumber.org> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org [ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ] The macro in this driver was redefining LIST_FOR_EACH_ENTRY_SAFE as a simple LIST_FOR_EACH macro. But they are not the same the _SAFE variant guarantees that there will not be use after free. Fixes: fb4ac04e9bfa ("common/idpf: introduce common library") Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger Acked-by: Morten Brørup Acked-by: Konstantin Ananyev Acked-by: Wathsala Vithanage --- drivers/common/idpf/base/idpf_osdep.h | 10 ++++++++-- drivers/net/idpf/idpf_ethdev.c | 3 +-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/common/idpf/base/idpf_osdep.h b/drivers/common/idpf/base/idpf_osdep.h index 99ae9cf60a..b6124ab083 100644 --- a/drivers/common/idpf/base/idpf_osdep.h +++ b/drivers/common/idpf/base/idpf_osdep.h @@ -349,10 +349,16 @@ idpf_hweight32(u32 num) #define LIST_ENTRY_TYPE(type) LIST_ENTRY(type) #endif +#ifndef LIST_FOREACH_SAFE +#define LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = LIST_FIRST((head)); \ + (var) && ((tvar) = LIST_NEXT((var), field), 1); \ + (var) = (tvar)) +#endif + #ifndef LIST_FOR_EACH_ENTRY_SAFE #define LIST_FOR_EACH_ENTRY_SAFE(pos, temp, head, entry_type, list) \ - LIST_FOREACH(pos, head, list) - + LIST_FOREACH_SAFE(pos, head, list, temp) #endif #ifndef LIST_FOR_EACH_ENTRY diff --git a/drivers/net/idpf/idpf_ethdev.c b/drivers/net/idpf/idpf_ethdev.c index b31cb47e90..65b970d36d 100644 --- a/drivers/net/idpf/idpf_ethdev.c +++ b/drivers/net/idpf/idpf_ethdev.c @@ -895,8 +895,7 @@ idpf_init_mbx(struct idpf_hw *hw) if (ret != 0) return ret; - LIST_FOR_EACH_ENTRY_SAFE(ctlq, NULL, &hw->cq_list_head, - struct idpf_ctlq_info, cq_list) { + LIST_FOR_EACH_ENTRY(ctlq, &hw->cq_list_head, struct idpf_ctlq_info, cq_list) { if (ctlq->q_id == IDPF_CTLQ_ID && ctlq->cq_type == IDPF_CTLQ_TYPE_MAILBOX_TX) hw->asq = ctlq; -- 2.45.2