From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B9C8845A50;
	Sat, 28 Sep 2024 18:49:42 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id F138340A67;
	Sat, 28 Sep 2024 18:48:47 +0200 (CEST)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com
 [209.85.216.44]) by mails.dpdk.org (Postfix) with ESMTP id BE53B40665
 for <dev@dpdk.org>; Sat, 28 Sep 2024 18:48:37 +0200 (CEST)
Received: by mail-pj1-f44.google.com with SMTP id
 98e67ed59e1d1-2dee9d86f4dso2767365a91.3
 for <dev@dpdk.org>; Sat, 28 Sep 2024 09:48:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1727542117;
 x=1728146917; darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=06J0UyE8Dnp7ti3PueEoXg75lBUxlkSP8fL1kmtEqoE=;
 b=eq4Ndv7u2AKHNdVYqW7kAA2/uXGCZGwlNL3A/FR7uEquNfOA2OXlNefr8FfAJTCUcP
 hsY5vWfj24MJ6eSAQqd5+dIpPGvXRycGC1C0YXnSL7eM5r0udoH1ilLxeZmuXv6of/+l
 4yzCOhc9ORkC8We4hGHqScKUI11Xg8INddiHJnA6KS/Gh+9kc7NSHU+drbRbnrQeX7mC
 7iPTLTIyvthXl1FQXyy3TvLceO+M8j1qvwtjgwUA8F2AC2mAhVh3jIpVHJolY82mR/Rp
 WuTFcZrq5ZDR8n+hex69THjLlz/tJkwRYwdjXUvpZagGzLCyYR1dK1ftMWkoj/H1jSqO
 /tIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1727542117; x=1728146917;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=06J0UyE8Dnp7ti3PueEoXg75lBUxlkSP8fL1kmtEqoE=;
 b=QXr4WyxTOBGKH2ZVGgj88tlm7kqegZAlk2NCMcZ1VK83WF7RkWJZykIJOosrsD5TRY
 QrQZ0E0GYTYCCGCfgtO3G1x/95tPi71An+TPIgP0VTC/YxBZmj8KVHPm9rm2QBJ4VcYS
 7qTuwBmlbVehIwhhErbsUmwMi3fEK8Oq10gT+D7bCrrZUvxQCJsN5r3HVyj9ztTH2O0N
 ivS7ToxEvDNnKTSKXnnYprEWnS5DJHZ3q6AuWuZDCHMGiQUSqrDU2zgbmkBMyJqcwd3M
 BA6i9S1YfDwDL0ephdFE3iLJidJX8b8umOqII9lCrlZbiycK4ny1bOIyGbjG8o72OsHt
 hslg==
X-Gm-Message-State: AOJu0YzC5nwHju0Diqwc0pzSvg+BUkVCTF31t5j2y6VRW7DKd9430Dzq
 4DIfkWz1GmXA/UU6HieroxWjisIzbRYjt4XdOXj/qHNANwhQVxaOvSsmbjRLIjQMsqKFXJh3p74
 /
X-Google-Smtp-Source: AGHT+IGvpkDWcCd8TpjQ8+dgnaVLi5YExQWg8hChS8PioG+8MPvFlGTM1eY24ToijozfrZmQjBbcAw==
X-Received: by 2002:a17:90b:2390:b0:2d3:bd6f:a31e with SMTP id
 98e67ed59e1d1-2e0b8e97a69mr7975732a91.28.1727542116966; 
 Sat, 28 Sep 2024 09:48:36 -0700 (PDT)
Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-20b37e47c7dsm28854015ad.216.2024.09.28.09.48.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 28 Sep 2024 09:48:36 -0700 (PDT)
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>, tianfei.zhang@intel.com,
 stable@dpdk.org, Rosen Xu <rosen.xu@intel.com>,
 Andy Pei <andy.pei@intel.com>
Subject: [PATCH v2 13/16] raw/ifpga/base: fix use after free
Date: Sat, 28 Sep 2024 09:47:21 -0700
Message-ID: <20240928164814.861933-14-stephen@networkplumber.org>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240928164814.861933-1-stephen@networkplumber.org>
References: <20240927204742.546164-1-stephen@networkplumber.org>
 <20240928164814.861933-1-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

The TAILQ_FOREACH() macro would refer to info after it
had been freed. Fix by introducing TAILQ_FOREACH_SAFE here.

Fixes: 4a19f89104f8 ("raw/ifpga/base: support multiple cards")
Cc: tianfei.zhang@intel.com
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 drivers/raw/ifpga/base/opae_intel_max10.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
index dd97a5f9fd..d5a9ceb6e3 100644
--- a/drivers/raw/ifpga/base/opae_intel_max10.c
+++ b/drivers/raw/ifpga/base/opae_intel_max10.c
@@ -6,6 +6,13 @@
 #include <libfdt.h>
 #include "opae_osdep.h"
 
+#ifndef TAILQ_FOREACH_SAFE
+#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \
+	for ((var) = TAILQ_FIRST((head)); \
+		(var) && ((tvar) = TAILQ_NEXT((var), field), 1); \
+	(var) = (tvar))
+#endif
+
 int max10_sys_read(struct intel_max10_device *dev,
 	unsigned int offset, unsigned int *val)
 {
@@ -746,9 +753,9 @@ static int fdt_get_named_reg(const void *fdt, int node, const char *name,
 
 static void max10_sensor_uinit(struct intel_max10_device *dev)
 {
-	struct opae_sensor_info *info;
+	struct opae_sensor_info *info, *next;
 
-	TAILQ_FOREACH(info, &dev->opae_sensor_list, node) {
+	TAILQ_FOREACH_SAFE(info, &dev->opae_sensor_list, node, next) {
 		TAILQ_REMOVE(&dev->opae_sensor_list, info, node);
 		opae_free(info);
 	}
-- 
2.45.2