From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D86AA45DB9 for ; Wed, 27 Nov 2024 18:19:59 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D005E402E1; Wed, 27 Nov 2024 18:19:59 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 14CE1402DE for ; Wed, 27 Nov 2024 18:19:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1732727997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QBj6kuu3T56diFaKKI/GVoE1STX1ZPv8AiKgfyrVajs=; b=fBDTSrh6ON+DgEsre+25YdkdTgxVMMn90JrPwR4xyjg5n1aIMHMP2yggHrdQTLIP0zYDmz RG1dal8/eRz45R7imN4hnSv1svIrKl7kLP1vqFfDe91m18feXhZsAsWFqG3Uy2HH7ckfO2 HhNeHUKGSuEfQRNwgGFtFxGtK4PSnUs= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-319-PCPQuCrsMIGQ6S05rLqvHQ-1; Wed, 27 Nov 2024 12:19:56 -0500 X-MC-Unique: PCPQuCrsMIGQ6S05rLqvHQ-1 X-Mimecast-MFC-AGG-ID: PCPQuCrsMIGQ6S05rLqvHQ Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0DFAE19560B0; Wed, 27 Nov 2024 17:19:55 +0000 (UTC) Received: from rh.redhat.com (unknown [10.39.192.52]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id EF20630001A2; Wed, 27 Nov 2024 17:19:52 +0000 (UTC) From: Kevin Traynor To: Stephen Hemminger Cc: =?UTF-8?q?Morten=20Br=C3=B8rup?= , Konstantin Ananyev , Wathsala Vithanage , dpdk stable Subject: patch 'net/e1000: fix use after free in filter flush' has been queued to stable release 21.11.9 Date: Wed, 27 Nov 2024 17:17:19 +0000 Message-ID: <20241127171916.690404-12-ktraynor@redhat.com> In-Reply-To: <20241127171916.690404-1-ktraynor@redhat.com> References: <20241127171916.690404-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: apoaYlgthr64xHZI1c8rzHzzB0ypxbO7wLfufuNFBDw_1732727995 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.9 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/02/24. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/a955b9a41d114384cf30aac7d916a33e85371163 Thanks. Kevin --- >From a955b9a41d114384cf30aac7d916a33e85371163 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 8 Oct 2024 09:47:12 -0700 Subject: [PATCH] net/e1000: fix use after free in filter flush MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ] The driver cleanup code was freeing the filter object then dereferencing it. Bugzilla ID: 1550 Fixes: 6a4d050e2855 ("net/igb: flush all the filter") Signed-off-by: Stephen Hemminger Acked-by: Morten Brørup Acked-by: Konstantin Ananyev Acked-by: Wathsala Vithanage --- drivers/net/e1000/igb_ethdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/e1000/igb_ethdev.c b/drivers/net/e1000/igb_ethdev.c index a9c18b27e8..6b936a604a 100644 --- a/drivers/net/e1000/igb_ethdev.c +++ b/drivers/net/e1000/igb_ethdev.c @@ -3856,9 +3856,9 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev, filter_info->twotuple_mask &= ~(1 << filter->index); TAILQ_REMOVE(&filter_info->twotuple_list, filter, entries); - rte_free(filter); E1000_WRITE_REG(hw, E1000_TTQF(filter->index), E1000_TTQF_DISABLE_MASK); E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0); E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0); + rte_free(filter); return 0; } @@ -4297,5 +4297,4 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev, filter_info->fivetuple_mask &= ~(1 << filter->index); TAILQ_REMOVE(&filter_info->fivetuple_list, filter, entries); - rte_free(filter); E1000_WRITE_REG(hw, E1000_FTQF(filter->index), @@ -4306,4 +4305,5 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev, E1000_WRITE_REG(hw, E1000_IMIR(filter->index), 0); E1000_WRITE_REG(hw, E1000_IMIREXT(filter->index), 0); + rte_free(filter); return 0; } -- 2.47.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2024-11-27 17:17:38.708850504 +0000 +++ 0012-net-e1000-fix-use-after-free-in-filter-flush.patch 2024-11-27 17:17:38.166269067 +0000 @@ -1 +1 @@ -From 58196dc411576925a1d66b0da1d11b06072a7ac2 Mon Sep 17 00:00:00 2001 +From a955b9a41d114384cf30aac7d916a33e85371163 Mon Sep 17 00:00:00 2001 @@ -8,0 +9,2 @@ +[ upstream commit 58196dc411576925a1d66b0da1d11b06072a7ac2 ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org @@ -25 +26 @@ -index 1e0a483d4a..d3a9181874 100644 +index a9c18b27e8..6b936a604a 100644 @@ -28 +29 @@ -@@ -3908,9 +3908,9 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev, +@@ -3856,9 +3856,9 @@ igb_delete_2tuple_filter(struct rte_eth_dev *dev, @@ -39 +40 @@ -@@ -4349,5 +4349,4 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev, +@@ -4297,5 +4297,4 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev, @@ -45 +46 @@ -@@ -4358,4 +4357,5 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev, +@@ -4306,4 +4305,5 @@ igb_delete_5tuple_filter_82576(struct rte_eth_dev *dev,