From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, Wentao_Liang <Wentao_Liang_g@163.com>,
Saeed Mahameed <saeedm@nvidia.com>
Subject: [net 6/6] net/mlx5: DR, fix a potential use-after-free bug
Date: Thu, 26 Aug 2021 15:18:10 -0700 [thread overview]
Message-ID: <20210826221810.215968-7-saeed@kernel.org> (raw)
In-Reply-To: <20210826221810.215968-1-saeed@kernel.org>
From: Wentao_Liang <Wentao_Liang_g@163.com>
In line 849 (#1), "mlx5dr_htbl_put(cur_htbl);" drops the reference to
cur_htbl and may cause cur_htbl to be freed.
However, cur_htbl is subsequently used in the next line, which may result
in an use-after-free bug.
Fix this by calling mlx5dr_err() before the cur_htbl is put.
Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
index 43356fad53de..ffdfb5a94b14 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
@@ -846,9 +846,9 @@ dr_rule_handle_ste_branch(struct mlx5dr_rule *rule,
new_htbl = dr_rule_rehash(rule, nic_rule, cur_htbl,
ste_location, send_ste_list);
if (!new_htbl) {
- mlx5dr_htbl_put(cur_htbl);
mlx5dr_err(dmn, "Failed creating rehash table, htbl-log_size: %d\n",
cur_htbl->chunk_size);
+ mlx5dr_htbl_put(cur_htbl);
} else {
cur_htbl = new_htbl;
}
--
2.31.1
prev parent reply other threads:[~2021-08-26 22:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 22:18 [pull request][net 0/6] mlx5 fixes 2021-08-26 Saeed Mahameed
2021-08-26 22:18 ` [net 1/6] net/mlx5: Lag, fix multipath lag activation Saeed Mahameed
2021-08-27 9:10 ` patchwork-bot+netdevbpf
2021-08-26 22:18 ` [net 2/6] net/mlx5: Remove all auxiliary devices at the unregister event Saeed Mahameed
2021-08-26 22:18 ` [net 3/6] net/mlx5e: Fix possible use-after-free deleting fdb rule Saeed Mahameed
2021-08-26 22:18 ` [net 4/6] net/mlx5: E-Switch, Set vhca id valid flag when creating indir fwd group Saeed Mahameed
2021-08-26 22:18 ` [net 5/6] net/mlx5e: Use correct eswitch for stack devices with lag Saeed Mahameed
2021-08-26 22:18 ` Saeed Mahameed [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210826221810.215968-7-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=Wentao_Liang_g@163.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.