From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C1E7A45A9D for ; Wed, 2 Oct 2024 17:45:06 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9398E4065C; Wed, 2 Oct 2024 17:44:58 +0200 (CEST) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mails.dpdk.org (Postfix) with ESMTP id 67D6340676 for ; Wed, 2 Oct 2024 17:44:50 +0200 (CEST) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-20bb92346caso13865ad.0 for ; Wed, 02 Oct 2024 08:44:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1727883889; x=1728488689; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DdmWrgw09tadbkT7NdxbMIVnjX7ZkAUu8O2SQsLsM2k=; b=ejaaAu4Wx7rwoRrlqPSL5EvA3keknzwL4n7X8lCEZHjsLSVr6KRslMjZtfUjiLsHll wrBYJdiszbyBwC9vzjEKEaToBdQvF6n9OaLh23HRKgWWfqSNdCCWkZQBmaFWOI/qjwz2 rPDg1RrJa82UMRZaRC5pzO4hgO9dlzvAfFkdalOCeDOdZTMjhdA5k8ilZXftiSUtgpsa nCurkA4/mRHC0sGomnQaBXCQDwK7ymJnMnaJ63zAZtwnssuP49ULlgvxhgTNwULwHKZ2 M2dvfSma3wdvt6F1gOzGPN4m6CLDz2u1ttVybrGuxMJmI33I+n1MoJua7/6q4mt0g2uu cHgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727883889; x=1728488689; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DdmWrgw09tadbkT7NdxbMIVnjX7ZkAUu8O2SQsLsM2k=; b=Cf/UFjULbTtVUz4fG95dIMhPuV8LFI/Zi5Og2LSyNph9GQ/isldPSVw2SQqdmZ6sUx 8NeLGnEUijl0GDvKAANDm9A0abKX/riv8qK3+hXxIrOoBdY9aTDsgvWECb0/RHr+0t5F 4qACd9npArAUcKQ7D9/I16r4i3RWmDNb3lv0GhBQf9uFXLhuaxCWylfBC2W0Jd8/OQxV Ik+VckaCaQcvILfHXVqaJPnuhvhKw/pUvR3b3Uobp5dvc6ljIUXxD6RBvepkreYI6Jd+ LI5sRunqwKabYT8VYiB1g60l5RGUxmlipC3dJGrm2I0/QqZMfxaPCcWy3rao28XWDM8q AcNg== X-Forwarded-Encrypted: i=1; AJvYcCW8o4HBYjqmHztn+YpjTczkGVzXb3LKFmwYKfNt8/fOj1j6KkXt+WcB9aD49F67ehvHqg7aQUg=@dpdk.org X-Gm-Message-State: AOJu0YxjTLC+AGMKhd5nD/iaMiNJ/ET77dZKzAfHcavqO/+njh89P0Qp MWyxoO+LNpSS2s942MXWvmwKr17cF7Glf0aok7hA86qHoWi6LytoGm7Yo4qItiw= X-Google-Smtp-Source: AGHT+IEMVAXuhJXkNNy5ZW/E3Oe3u+J3ARWfmCqDmZrcxCjG5mO6TqFIduJueMGoXjphWINe2Tu0cw== X-Received: by 2002:a17:903:22c4:b0:20b:46c6:3e47 with SMTP id d9443c01a7336-20be19a0972mr245575ad.29.1727883889585; Wed, 02 Oct 2024 08:44:49 -0700 (PDT) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7e6db2927c7sm10247363a12.1.2024.10.02.08.44.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Oct 2024 08:44:49 -0700 (PDT) From: Stephen Hemminger To: dev@dpdk.org Cc: Stephen Hemminger , stable@dpdk.org, Rosen Xu , Tianfei Zhang , Andy Pei Subject: [PATCH v6 12/17] raw/ifpga/base: fix use after free Date: Wed, 2 Oct 2024 08:42:56 -0700 Message-ID: <20241002154429.64357-13-stephen@networkplumber.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241002154429.64357-1-stephen@networkplumber.org> References: <20240927204742.546164-1-stephen@networkplumber.org> <20241002154429.64357-1-stephen@networkplumber.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org The TAILQ_FOREACH() macro would refer to info after it had been freed. Fix by introducing TAILQ_FOREACH_SAFE here. Fixes: 4a19f89104f8 ("raw/ifpga/base: support multiple cards") Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger --- drivers/raw/ifpga/base/opae_intel_max10.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c index dd97a5f9fd..d5a9ceb6e3 100644 --- a/drivers/raw/ifpga/base/opae_intel_max10.c +++ b/drivers/raw/ifpga/base/opae_intel_max10.c @@ -6,6 +6,13 @@ #include #include "opae_osdep.h" +#ifndef TAILQ_FOREACH_SAFE +#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = TAILQ_FIRST((head)); \ + (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) +#endif + int max10_sys_read(struct intel_max10_device *dev, unsigned int offset, unsigned int *val) { @@ -746,9 +753,9 @@ static int fdt_get_named_reg(const void *fdt, int node, const char *name, static void max10_sensor_uinit(struct intel_max10_device *dev) { - struct opae_sensor_info *info; + struct opae_sensor_info *info, *next; - TAILQ_FOREACH(info, &dev->opae_sensor_list, node) { + TAILQ_FOREACH_SAFE(info, &dev->opae_sensor_list, node, next) { TAILQ_REMOVE(&dev->opae_sensor_list, info, node); opae_free(info); } -- 2.45.2