From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 55C8C433D8
	for <public@inbox.dpdk.org>; Mon, 11 Dec 2023 11:20:52 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 492B040ED2;
	Mon, 11 Dec 2023 11:20:52 +0100 (CET)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam12on2058.outbound.protection.outlook.com [40.107.244.58])
 by mails.dpdk.org (Postfix) with ESMTP id 6175C40E0F
 for <stable@dpdk.org>; Mon, 11 Dec 2023 11:20:50 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RZWMV8wUkIt2sehNQUa7oc13gqxyoKoeB5+3R39ae/EzM9NB7vhHYO6G/b3ZTA4SskH6lzgoNb4cyo7X3d/y0ubfGBRkIEdDS6f/NSFg/IcM+XauM6wyDRWBGyUc5ys0m2Afpvy9Sf3RMf+0ANQq0yXsPbs+zGTsNrrXm2btdTqFdWxC1+MV5tDqLaNJEGzfpUNSyqg2qONVzz84jPiXQGmVJNXfpEp3E4CoGy3abMdNbqHZPuaUxamh/Cc2qbLgmo44TM6ps5UaiYrbYdcIWZ9pwgq2B5OsuXAjl4Q/42lzAGbNnSRrFbwFJaoZP/AVrkgIMNd4wyG1lh6AhQQXdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OyKK2LX75rVTk+NCxrKu/FKJU2FCRYd0qP3A72ZR5Bk=;
 b=DH/l3TpfbGAmJ+9xbdatXck2bAbqYyrH7Tv3F6VjnJ05MwC5Zu8CXLrUuaeNxd9iIbI1qjfvm1vJaJK68V54lhu7afHvXsNnjzKMEywdxqnSAlbaGVVJFpE6BGTpcHGOQDPOl5OMIbbVL+Zk7SROmTm9cluaOHGcRixqQz7iuDZzV+QKSOVAv9OpvoeTs/7C7RHduydmDKx2RXl/NpWiol4JqCkODzQru+yX3Q+JcCb1T8vfc72AJaugYlPiyK38oVmWo1dw8JtTwfudEt1cZhNqmBh4cfw7VsCJWD++ApC76SjH5Jiet56DOF9W0b/bRhkQbXER+Vyhrsa7GfXO9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OyKK2LX75rVTk+NCxrKu/FKJU2FCRYd0qP3A72ZR5Bk=;
 b=OyVGHkTMHPfe8jqxwDdKeHlqI0uuIG01at0dck3MJyudzI0qSHvEf7Mw/lA56ZTj08GnKTxA7NjItTKitf3f0v68f6U8kbN7qLGiHb4p/T/ALR26FH6OrY+Ab/YJombGEulR2dmLY7ed7h7ehBbMNoONeQ7mzhBV/eyqSQfVSFuz4velkR3wehUzMAup6F2/NqdJZ2CJBW9WlehFWBqoqe36x6viYTWFGotrfqqqj871mqwW8YeJLyqS5t0goqoy8l+4NLFf8/HiLV29dFe/UHrmm3i08rU3Y4dHPGqCbXYGq5ct8nV6LSvbP+uK29kk1P9SV1a653MbWKhX94awDQ==
Received: from BN8PR15CA0070.namprd15.prod.outlook.com (2603:10b6:408:80::47)
 by DS7PR12MB6336.namprd12.prod.outlook.com (2603:10b6:8:93::8) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7068.32; Mon, 11 Dec 2023 10:20:46 +0000
Received: from SN1PEPF0002529F.namprd05.prod.outlook.com
 (2603:10b6:408:80:cafe::27) by BN8PR15CA0070.outlook.office365.com
 (2603:10b6:408:80::47) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.32 via Frontend
 Transport; Mon, 11 Dec 2023 10:20:46 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 SN1PEPF0002529F.mail.protection.outlook.com (10.167.242.6) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7091.18 via Frontend Transport; Mon, 11 Dec 2023 10:20:46 +0000
Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Mon, 11 Dec
 2023 02:20:28 -0800
Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com
 (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Mon, 11 Dec
 2023 02:20:26 -0800
From: Xueming Li <xuemingl@nvidia.com>
To: Dariusz Sosnowski <dsosnowski@nvidia.com>
CC: Viacheslav Ovsiienko <viacheslavo@nvidia.com>, dpdk stable
 <stable@dpdk.org>
Subject: patch 'net/mlx5: fix use after free on Rx queue start' has been
 queued to stable release 22.11.4
Date: Mon, 11 Dec 2023 18:11:54 +0800
Message-ID: <20231211101226.2122-90-xuemingl@nvidia.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231211101226.2122-1-xuemingl@nvidia.com>
References: <20231022142250.10324-1-xuemingl@nvidia.com>
 <20231211101226.2122-1-xuemingl@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.126.231.35]
X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To
 rnnvmail201.nvidia.com (10.129.68.8)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF0002529F:EE_|DS7PR12MB6336:EE_
X-MS-Office365-Filtering-Correlation-Id: 10c71d5e-f1ec-42fc-90ee-08dbfa32d6c9
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mwBYMr/DBUJOS6ANf7faSoxLUmscAl5tLir9rJJkvMmYfpBd6FznFJKs883Win5vdFr2OptQnm2SNeWaeMhTt0bB4Fe+74pu1mMnJL8p4bDWGLXgptij6QHcIapGt+mX5r3588f2S4chvjh0L8MysEilSr5P54IpfrN3+RG/rIt3RjwuusYiJynQwR9jWHC/YwugoRHX58gkK9bHniHeXYQ87vazcoX8ABFe8CyRypqicjLJ4T420XfNiW1b9cHTT47wj503k9xFhDLKl/V3wfppsLGU6F2/RmL269a8s1lFKbNweFY5L57FmKFZFHaQU3L7e0LfuTNvjLoIHkI6QJ7Un7ZXAMFRl5XRwtMlMUVPzb13d+QN0GYaM0sg/KY3KV7LyDpUxmSDnwpa7ya1K3bgdPXm8m1jaQiqbtiHmXTgYZGYV/SWddLPVw3nzdB4tM2rkbN60NS3SKTv+hu0kXwrfJFhH+Ll+BSYF9NjhaAhuRoO5GLdHdf7JlJAYVHAqV9WrN7Bi0ArIhFULwBVp5rUPnib67bfPBEJ899zA6DiyqtTliwKw1XT0mNWcwXKd5wppwRFry9FEslSbYg1rRWo6K6XavoIDyf9BKSFSQSSPIgtTnQsn1om2WpAuUM532GPV/FW7gBbEUkpYs1DOxgMvv88DMoUe9DrspBod1g5j0vP7dIQLuH50YeOJVstblyVwbJMC69GPkOUji+AIJ6rMbRHMk0wAOcIju0ikvHTpJkOtyZIj6kwfYfq7cny1/MMYyr+pEm1oHLeaeVURdPPUFRB6RDiwbjc6KS8OuI=
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230031)(4636009)(396003)(346002)(376002)(39860400002)(136003)(230922051799003)(451199024)(1800799012)(186009)(82310400011)(64100799003)(46966006)(40470700004)(36840700001)(83380400001)(2906002)(478600001)(356005)(41300700001)(82740400003)(4001150100001)(7636003)(55016003)(70586007)(54906003)(6636002)(70206006)(426003)(40480700001)(966005)(316002)(6666004)(37006003)(86362001)(7696005)(6862004)(4326008)(8936002)(8676002)(53546011)(40460700003)(66899024)(36756003)(47076005)(6286002)(5660300002)(1076003)(36860700001)(26005)(336012)(16526019)(2616005);
 DIR:OUT; SFP:1101; 
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Dec 2023 10:20:46.0493 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 10c71d5e-f1ec-42fc-90ee-08dbfa32d6c9
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF0002529F.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6336
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 22.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/13/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=480df9f41ec2ecca534a6783d95fdd10769830e3

Thanks.

Xueming Li <xuemingl@nvidia.com>

---
>From 480df9f41ec2ecca534a6783d95fdd10769830e3 Mon Sep 17 00:00:00 2001
From: Dariusz Sosnowski <dsosnowski@nvidia.com>
Date: Thu, 9 Nov 2023 19:58:19 +0200
Subject: [PATCH] net/mlx5: fix use after free on Rx queue start
Cc: Xueming Li <xuemingl@nvidia.com>

[ upstream commit c93943c575b495132c4b7456caecde7d268334e3 ]

If RX queue is not started yet, then a mlx5_rxq_obj struct used for
storing HW queue objects will be allocated and added to the list held
in port's private data structure.
After that allocation, Rx queue HW object configuration is done.
If that configuration failed, then mlx5_rxq_obj struct is freed, but
not removed from the list. This causes an use after free bug, during
error handling in mlx5_rxq_start(), where this deallocated struct
was accessed during list cleanup.

This patch fixes that by inserting mlx5_rxq_obj struct to the list only
after HW queue object configuration succeeded.

Fixes: 09c2555303be ("net/mlx5: support shared Rx queue")

Signed-off-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
 drivers/net/mlx5/mlx5_trigger.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_trigger.c b/drivers/net/mlx5/mlx5_trigger.c
index 2f95b8fe77..5bf637a0cd 100644
--- a/drivers/net/mlx5/mlx5_trigger.c
+++ b/drivers/net/mlx5/mlx5_trigger.c
@@ -226,17 +226,17 @@ mlx5_rxq_start(struct rte_eth_dev *dev)
 		if (rxq == NULL)
 			continue;
 		rxq_ctrl = rxq->ctrl;
-		if (!rxq_ctrl->started) {
+		if (!rxq_ctrl->started)
 			if (mlx5_rxq_ctrl_prepare(dev, rxq_ctrl, i) < 0)
 				goto error;
-			LIST_INSERT_HEAD(&priv->rxqsobj, rxq_ctrl->obj, next);
-		}
 		ret = priv->obj_ops.rxq_obj_new(rxq);
 		if (ret) {
 			mlx5_free(rxq_ctrl->obj);
 			rxq_ctrl->obj = NULL;
 			goto error;
 		}
+		if (!rxq_ctrl->started)
+			LIST_INSERT_HEAD(&priv->rxqsobj, rxq_ctrl->obj, next);
 		rxq_ctrl->started = true;
 	}
 	return 0;
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-12-11 17:56:25.985251700 +0800
+++ 0089-net-mlx5-fix-use-after-free-on-Rx-queue-start.patch	2023-12-11 17:56:23.187652300 +0800
@@ -1 +1 @@
-From c93943c575b495132c4b7456caecde7d268334e3 Mon Sep 17 00:00:00 2001
+From 480df9f41ec2ecca534a6783d95fdd10769830e3 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl@nvidia.com>
+
+[ upstream commit c93943c575b495132c4b7456caecde7d268334e3 ]
@@ -19 +21,0 @@
-Cc: stable@dpdk.org
@@ -28 +30 @@
-index d7ecb149fa..7694140537 100644
+index 2f95b8fe77..5bf637a0cd 100644