From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7567D45EF0 for ; Thu, 19 Dec 2024 23:53:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6B338402E6; Thu, 19 Dec 2024 23:53:10 +0100 (CET) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mails.dpdk.org (Postfix) with ESMTP id 4729E402CB for ; Thu, 19 Dec 2024 23:53:07 +0100 (CET) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-21654fdd5daso12589265ad.1 for ; Thu, 19 Dec 2024 14:53:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1734648786; x=1735253586; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=P8iMLutGbiAMRXlFnVU43hndr9VnI5nWA4BeXUROhXA=; b=peLHsBXn7ffg72kbXedXz1ohNfsqPQjjvIj4goKRCcQTFxFnPzQ+kjXUzicA9IwIOA 06a7dN9ZUzzcm445MtKHhOAtvfchQKiVu4Ikl7P6FrXN3GjkHk8MVHLmY0KutBqc2AVQ bveO/FYCDYWpJkrG5dJf7WQ0n1uiS3c2TgvTXosM0C+49zO717lzmdWv7wg3BSnTalJL OyFsemr+zGHpOQoYdvP0/j7KNHv8bjBx4H7EWF9Rfyw7jps1howzzta+Ua5e/4ZJKuWr ZN+rL+f1+vgevVQNBEyfQCOqOL9hLhtDokU1f4TRWvB3gaB4pcRaFYBRnEp5D2iEgLNp WsNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734648786; x=1735253586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P8iMLutGbiAMRXlFnVU43hndr9VnI5nWA4BeXUROhXA=; b=sU2Lyi6B6tB+jMsGdKLsBLnbKfHUZx9RXPge5YeDCpUGpD2sF1EvV76w/ziN2IOqex wZoLNshOFwW3FiPBuU3aqD650jlG6nO+ZY7TpmIW3rBjis3GGAfrxVP1r+pukjvM3SDV +DIYRrdp0ju+zjxSW/8E7HlfVwk/A+iUqUG7I1hFqufAbk90TqlVeWljOUQOmoKCj5zB DzPbxhbxIMtFi0mWRRm9d3V314Hg5WgYh6El6XIE+pUlXtyihI0bIPw7sW1wQPLgSFe/ xujIsnzio/WdFU5IBs36hj7kP2YGm2VDaEiZPk7qC58Nx6/1XMqWsUUI7JbmqXHT5kat JT9w== X-Forwarded-Encrypted: i=1; AJvYcCXRQ9/uIB+fAPJuNsbMYME2wiKYIAiTUwKCXbjqE/3sxg8XSzIYGe6+osCsHEehgmXPbfeygbM=@dpdk.org X-Gm-Message-State: AOJu0YxcU3oXarUSv4o32vGyrNqyIXku2q7RDg3QUuRpqgOaTdlFP+JZ G8BlyDGKPTwYhZS0JwlXmSQqSdynmkPAv8BTFFK6dOJe1lbSPYhb/CWDxrJjVms= X-Gm-Gg: ASbGncub+Pr9KOIkC+Oo2zfLR660SjW+c1DvQlMjJMJUZWSZsnj+/OpXqZ3uLU8mtGH FqIbAjiHcoQvW42CwEV0YuvWU4OofMod+sdHVDresKrEebT09MX5hPDLQvcYJAKd/K2NkGMnJhN 5pJAsxL9/02ocNfwJQ1vg9zcGl++5j8xQ9EPhFmwEARz3ywQf8jfBs/+iuOYyrrsOFNyvs7elMr ezqQEXmLggEASR5nSvSFJeS3AXEzwgcQBylIfdyS771L/1XpDcaJGRHCLA7IEGBcxhYvOiguOXS 1DK+UGcQxluB02zPOzQXYUyJN5uMaoBVYQ== X-Google-Smtp-Source: AGHT+IFQN7As1ilXvvfk1NY5L9VIe3jwNLfK+I/NDaU+geg2rHT9XJgWPlrw4UCu+bRguN0FQFdJAw== X-Received: by 2002:a17:90b:3a43:b0:2ee:45fe:63b5 with SMTP id 98e67ed59e1d1-2f452debbd9mr1054446a91.3.1734648786488; Thu, 19 Dec 2024 14:53:06 -0800 (PST) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2f2ed62b30asm3901021a91.12.2024.12.19.14.53.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Dec 2024 14:53:06 -0800 (PST) From: Stephen Hemminger To: dev@dpdk.org Cc: Stephen Hemminger , shahed.shaikh@cavium.com, stable@dpdk.org, Devendra Singh Rawat , Alok Prasad , Shahed Shaikh Subject: [PATCH v2 4/5] net/qede: fix use after free Date: Thu, 19 Dec 2024 14:49:54 -0800 Message-ID: <20241219225253.782792-5-stephen@networkplumber.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241219225253.782792-1-stephen@networkplumber.org> References: <20241218170530.140747-1-stephen@networkplumber.org> <20241219225253.782792-1-stephen@networkplumber.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org The loop cleaning up flowdir resources was using SLIST_FOREACH but the inner loop would call rte_free. Found by building with address sanitizer undefined check. Also remove needless initialization, and null check. Fixes: f5765f66f9bb ("net/qede: refactor flow director into generic aRFS") Cc: shahed.shaikh@cavium.com Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger --- drivers/net/qede/qede_filter.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/net/qede/qede_filter.c b/drivers/net/qede/qede_filter.c index 14fb4338e9..5db36b03e2 100644 --- a/drivers/net/qede/qede_filter.c +++ b/drivers/net/qede/qede_filter.c @@ -10,6 +10,13 @@ #include #include +#ifndef SLIST_FOREACH_SAFE +#define SLIST_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = SLIST_FIRST((head)); \ + (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ + (var) = (tvar)) +#endif + #include "qede_ethdev.h" /* VXLAN tunnel classification mapping */ @@ -154,15 +161,12 @@ int qede_check_fdir_support(struct rte_eth_dev *eth_dev) void qede_fdir_dealloc_resc(struct rte_eth_dev *eth_dev) { struct qede_dev *qdev = QEDE_INIT_QDEV(eth_dev); - struct qede_arfs_entry *tmp = NULL; + struct qede_arfs_entry *tmp, *tmp2; - SLIST_FOREACH(tmp, &qdev->arfs_info.arfs_list_head, list) { - if (tmp) { - rte_memzone_free(tmp->mz); - SLIST_REMOVE(&qdev->arfs_info.arfs_list_head, tmp, - qede_arfs_entry, list); - rte_free(tmp); - } + SLIST_FOREACH_SAFE(tmp, &qdev->arfs_info.arfs_list_head, list, tmp2) { + rte_memzone_free(tmp->mz); + SLIST_REMOVE(&qdev->arfs_info.arfs_list_head, tmp, qede_arfs_entry, list); + rte_free(tmp); } } -- 2.45.2