From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 862CA45CE3 for ; Mon, 11 Nov 2024 07:31:06 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7CA5540E19; Mon, 11 Nov 2024 07:31:06 +0100 (CET) Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2059.outbound.protection.outlook.com [40.107.93.59]) by mails.dpdk.org (Postfix) with ESMTP id BA67D40E0C for ; Mon, 11 Nov 2024 07:31:04 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=C9sDuVeKTrUPeVzYer7sXdQAlDQMLVTIhLJOzKepJ0Cp6kyzAfhTrBeiBafNSAmZEoUw2X2/nXJTpGFH5Ez+PYah4BvXidptYA+PvjT3QfqYDrrAT11YY8cAJsQNbK4UT5vhh3AkHqEPFVV9yW95WBLTViwS3nPqF4e6aqZ4obLtUci4eDWUnNmSHDQa7wnmCW4TwaH5tgzDC9TCKW0s/65jqdej68gwaTWvZZg+Rw7GGmenyyJznH6tg1YXqZRcheKHtaWouLO6R/0MeBNk/M/dRNorhKkuDEZPpQ7eQcvJz9WMBbbLLh9cXFAtAPcBwH0+j5t/cHOrCOB8lSq+Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g/oZ91X53vm9JW7SFWJAQUUC6RZur3qiOY+JvcOUV1I=; b=EQ+QHcJ+4TNlH7t4rA4RZAXcQIJIcaESRAFZE6rYjo+Z9X/v4X53mBJDhl4QTRzowRs3y9hbPjP8L5RZHaAYESB4fIcojr7t6lONEVlN2OVmDGLvsKWEKfPsU8vK0ZLcCr9K6LXUzkAkGxTSCPDpKpN/F9pPgXMlVbmkfoEJnrXBcAt0oWs8Ws5iP+DfHqvizatHCJmn6jBVly745zM0mGNj7hbr4WiN+s2vd2gVEJASGBA4ExyhEcNI3OkFQNVMcDjr0jRhNEdwKpe1n8xlTMgfK/29RUZRBFRqa7kSGyxFfDovIPz06Yl6UMoGp11dQgrS6MytCX6c35HjL+t3hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=networkplumber.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g/oZ91X53vm9JW7SFWJAQUUC6RZur3qiOY+JvcOUV1I=; b=KD6Gu0omUSqLTYvB9m6LXViU8RTUSNesMu/KaVoPjDl+Dpxl0glk3rcbqCMJqxlqhf10ICaS+rm68c1ddV5CfhQr9g60RIKUsKef9G2CaILUTJ2c91aVofjGDyA5mfYniFkrrX+457jK+gVVOFLkW6wNIth5KJr2McgMPI358SmytLkc/9BZUY5tiKM4nwtXVat9r2KmJ34FpQX2qG5GFczGWxj6AjjUtC7Xf5aU0Az0CIb+3DKXJHspV/+GcuNuP/SJYouYgSmFB8im5rTmeCeWmjNC+XmQjGL6n2R4sOG5yteuuHsBLyDH0mmQ1qkaWSA5a9/5OM3HxE8oA+g9Tg== Received: from BL1PR13CA0103.namprd13.prod.outlook.com (2603:10b6:208:2b9::18) by SJ2PR12MB8953.namprd12.prod.outlook.com (2603:10b6:a03:544::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8137.28; Mon, 11 Nov 2024 06:31:02 +0000 Received: from BN2PEPF000055E0.namprd21.prod.outlook.com (2603:10b6:208:2b9:cafe::2f) by BL1PR13CA0103.outlook.office365.com (2603:10b6:208:2b9::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.14 via Frontend Transport; Mon, 11 Nov 2024 06:31:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BN2PEPF000055E0.mail.protection.outlook.com (10.167.245.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8182.1 via Frontend Transport; Mon, 11 Nov 2024 06:31:01 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Sun, 10 Nov 2024 22:30:45 -0800 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Sun, 10 Nov 2024 22:30:42 -0800 From: Xueming Li To: Stephen Hemminger CC: , =?UTF-8?q?Morten=20Br=C3=B8rup?= , Konstantin Ananyev , Wathsala Vithanage , dpdk stable Subject: patch 'common/idpf: fix use after free in mailbox init' has been queued to stable release 23.11.3 Date: Mon, 11 Nov 2024 14:27:02 +0800 Message-ID: <20241111062847.216344-17-xuemingl@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241111062847.216344-1-xuemingl@nvidia.com> References: <20241111062847.216344-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055E0:EE_|SJ2PR12MB8953:EE_ X-MS-Office365-Filtering-Correlation-Id: 3f2b50d0-d6b9-41b7-310e-08dd021a6931 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?utf-8?B?N3UwZUc4MjRhRG15bm50bzU5RVpFeWJMbk5KRFJmZ29LVzBYeEhteFlEZmww?= =?utf-8?B?QTkwVHpncDJzcUZsM3pqZmF3alg5T2R2K3Noa0E5U1RWSEg5eHhPc3psTDc0?= =?utf-8?B?WDhsamp6MlkveExvZ1FVTEpoM3FKeVJSb1JMUklRWTh2OHVxNkY1bDIyQTRo?= =?utf-8?B?OE04N2ZLUEk4TXJoSlNVdlZrcXNTaTZza3piNlNHelVxVVdSU081ZjNoZVQ5?= =?utf-8?B?SHlMOGlnSFBLand3ajR0OFprS0MrckV4VUhBQUpmQXdqdWNpV2JTSHdqT1pH?= =?utf-8?B?eFVVc29TbzRFZWRWUTdiMTNrUlErMzFTVFNPQkJZbjEvSlExVEMzb1l1WGtL?= =?utf-8?B?WDBkbGNYck9kaXRRM1NWTlZ5dXFWb0RFZ25Kdll2S2IzVVlMNnkyMGVYQ213?= =?utf-8?B?aHUySGFid0k4WmlWQ1NzeFk4RUpDNUI5c2ZQK2JwRWxJZ1BpZVY2QnZvdXFC?= =?utf-8?B?VGFKMnlUNytac1hLRzJHK3JDUEJMQ1BqUXlidWQ0SGFXdzB4Q1hVK3FOZmxl?= =?utf-8?B?dlZCTGxreWJlUENuUFg5M0VaM1dzVGdxOVpYOGNkQ0FueWhnYjVPdUNvYmFS?= =?utf-8?B?WFpaRjhiVGw0QTlzUFl1NmJhQ0l5WERrWWcyM0JTZnRZN21iZlVxdXJIdzVz?= =?utf-8?B?SkdBaEZKZ01Kc0p3Rk1KU2c5YUJXRW5ZeHdDSDFLaEdSMWp6Rk00TUhWTFA3?= =?utf-8?B?R05uSFJjZ05KODlacFZwem1pbU04bC9kL1J1VUhKbjlUaThFNm5naE9VUVVj?= =?utf-8?B?SzcwMUFVZGxTM3A2VjBXZnd0SHFqQldPOXk4RWp2aWxWSEV2YUFhWWV4TjhV?= =?utf-8?B?b1NoN1cwMW5jemp5VEZKOExSd0p1Y3pGM0N6WGNSTHhXUmhwSFNFS3lwczlC?= =?utf-8?B?Yjk4NmNUY0tCSWZCMmthWDNpaWtJdUVOa1BtUVlDTzZDZStrSmVKckFUejNv?= =?utf-8?B?bFgySlhWbUI3UzVESEpCaWQxa3ZsWmZIZmpzbDRpUTZhMWpVYzUzL2Q3aVA4?= =?utf-8?B?T3lJSlhTVTF3UnRRWUV1MlI0MUN5dEgzdU1mM0pVZEpuRHkraUUvbkFFZndG?= =?utf-8?B?dGNDTG5QWVlMRlFONlJaMUYyNjhjWXBveUF0dExpVVVrdFRGZjZyc1NFSjl3?= =?utf-8?B?bGpsazNjbUlyY0c3d3AxMXY5V00xK2w1MlgyRk1FVkZtRjRQRmcyZkdEa2Ji?= =?utf-8?B?RjAzRnNtd1h5RGZkQjd1NlR1cHEzQ0h6VVUxYURPRGxycXMrTHg4OVdxUDYy?= =?utf-8?B?bmhXNjIrVnVrbkZ2aDZpMFIrcldKN2pJQWlTV3RpYnlsREpxR2pBdVZ6Slhh?= =?utf-8?B?ZStkei80a0hkY0duVkt6MjJyNE1zSWFwSTU4NnhVelg1bzRqc1FqTEdhOGp6?= =?utf-8?B?TGJJbENMdFkwYlVLVHRoT21xUGtDRVVENisyNDA5WEFlcVpFZGlXcFhaNnEy?= =?utf-8?B?dkRxRVh2TnVzVjBqNEZVT21PdXdXS2NEUVRsbUcxTk93a3VVYk1Id3F4SHF6?= =?utf-8?B?dTlFcWVEcGtKQ2VBMXI4YStqaVBuM29wWHBnV2lMajhHVmltcHJKRXhBUW96?= =?utf-8?B?aFZmTjdsUG1kTU1nNHY0T1NDZ1JtZitOcFYySlhaMHo5V2VBWERMNld0dVFX?= =?utf-8?B?c2hUU1ZMSTF5N3o4WS91QmprQ1lQZURJTWxVTE16aXBEbldGNStLczQ3UVk2?= =?utf-8?B?YTJHVFVWdUtYZHZpaS9nUXlZM1c1bnZSTUtnZWJJV0NIWTVIY0w4NDZQM0Ra?= =?utf-8?B?dmRmQ1l4djlMOFVxcHZXZzhDTkxhS3BIUXFpSnZ1RmxYTmw0NXlJb3Rjb2R1?= =?utf-8?B?UlZEcXhuaFM4TS90c0gvK3V0MEtxUTBhTE1aRUpFcG9vTWc3WlU1VTg3aWNz?= =?utf-8?B?anlaZVo2K3VDaTF5SG1ZV1UwdmN6L0Vyc2Q4WWlqbmNZWGc9PQ==?= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230040)(376014)(1800799024)(36860700013)(82310400026); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2024 06:31:01.1683 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3f2b50d0-d6b9-41b7-310e-08dd021a6931 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055E0.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8953 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 23.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/30/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging This queued commit can be viewed at: https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=91f32226a7208deb90b1594cfeb769399b315687 Thanks. Xueming Li --- >From 91f32226a7208deb90b1594cfeb769399b315687 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 8 Oct 2024 09:47:20 -0700 Subject: [PATCH] common/idpf: fix use after free in mailbox init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Xueming Li [ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ] The macro in this driver was redefining LIST_FOR_EACH_ENTRY_SAFE as a simple LIST_FOR_EACH macro. But they are not the same the _SAFE variant guarantees that there will not be use after free. Fixes: fb4ac04e9bfa ("common/idpf: introduce common library") Signed-off-by: Stephen Hemminger Acked-by: Morten Brørup Acked-by: Konstantin Ananyev Acked-by: Wathsala Vithanage --- drivers/common/idpf/base/idpf_osdep.h | 10 ++++++++-- drivers/common/idpf/idpf_common_device.c | 3 +-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/common/idpf/base/idpf_osdep.h b/drivers/common/idpf/base/idpf_osdep.h index 74a376cb13..581a36cc40 100644 --- a/drivers/common/idpf/base/idpf_osdep.h +++ b/drivers/common/idpf/base/idpf_osdep.h @@ -341,10 +341,16 @@ idpf_hweight32(u32 num) #define LIST_ENTRY_TYPE(type) LIST_ENTRY(type) #endif +#ifndef LIST_FOREACH_SAFE +#define LIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = LIST_FIRST((head)); \ + (var) && ((tvar) = LIST_NEXT((var), field), 1); \ + (var) = (tvar)) +#endif + #ifndef LIST_FOR_EACH_ENTRY_SAFE #define LIST_FOR_EACH_ENTRY_SAFE(pos, temp, head, entry_type, list) \ - LIST_FOREACH(pos, head, list) - + LIST_FOREACH_SAFE(pos, head, list, temp) #endif #ifndef LIST_FOR_EACH_ENTRY diff --git a/drivers/common/idpf/idpf_common_device.c b/drivers/common/idpf/idpf_common_device.c index cc4207a46e..77c58170b3 100644 --- a/drivers/common/idpf/idpf_common_device.c +++ b/drivers/common/idpf/idpf_common_device.c @@ -136,8 +136,7 @@ idpf_init_mbx(struct idpf_hw *hw) if (ret != 0) return ret; - LIST_FOR_EACH_ENTRY_SAFE(ctlq, NULL, &hw->cq_list_head, - struct idpf_ctlq_info, cq_list) { + LIST_FOR_EACH_ENTRY(ctlq, &hw->cq_list_head, struct idpf_ctlq_info, cq_list) { if (ctlq->q_id == IDPF_CTLQ_ID && ctlq->cq_type == IDPF_CTLQ_TYPE_MAILBOX_TX) hw->asq = ctlq; -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-11-11 14:23:06.178396818 +0800 +++ 0016-common-idpf-fix-use-after-free-in-mailbox-init.patch 2024-11-11 14:23:05.032192841 +0800 @@ -1 +1 @@ -From 4baf54ed9dc87b89ea2150578c51120bc0157bb0 Mon Sep 17 00:00:00 2001 +From 91f32226a7208deb90b1594cfeb769399b315687 Mon Sep 17 00:00:00 2001 @@ -7,0 +8,3 @@ +Cc: Xueming Li + +[ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ] @@ -15 +17,0 @@ -Cc: stable@dpdk.org @@ -27 +29 @@ -index e042ef871c..cf9e553906 100644 +index 74a376cb13..581a36cc40 100644 @@ -50 +52 @@ -index 8403ed83f9..e9fa024850 100644 +index cc4207a46e..77c58170b3 100644