From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
Zhengchao Shao <shaozhengchao@huawei.com>,
Simon Horman <simon.horman@corigine.com>,
Leon Romanovsky <leonro@nvidia.com>
Subject: [net 01/15] net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups
Date: Wed, 26 Jul 2023 14:31:52 -0700 [thread overview]
Message-ID: <20230726213206.47022-2-saeed@kernel.org> (raw)
In-Reply-To: <20230726213206.47022-1-saeed@kernel.org>
From: Zhengchao Shao <shaozhengchao@huawei.com>
In function macsec_fs_tx_create_crypto_table_groups(), when the ft->g
memory is successfully allocated but the 'in' memory fails to be
allocated, the memory pointed to by ft->g is released once. And in function
macsec_fs_tx_create(), macsec_fs_tx_destroy() is called to release the
memory pointed to by ft->g again. This will cause double free problem.
Fixes: e467b283ffd5 ("net/mlx5e: Add MACsec TX steering rules")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
index 7fc901a6ec5f..414e28584881 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
@@ -161,6 +161,7 @@ static int macsec_fs_tx_create_crypto_table_groups(struct mlx5e_flow_table *ft)
if (!in) {
kfree(ft->g);
+ ft->g = NULL;
return -ENOMEM;
}
--
2.41.0
next prev parent reply other threads:[~2023-07-26 21:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-26 21:31 [pull request][net 00/15] mlx5 fixes 2023-07-26 Saeed Mahameed
2023-07-26 21:31 ` Saeed Mahameed [this message]
2023-07-28 3:30 ` [net 01/15] net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups patchwork-bot+netdevbpf
2023-07-26 21:31 ` [net 02/15] net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx Saeed Mahameed
2023-07-26 21:31 ` [net 03/15] net/mlx5: fix potential memory leak in mlx5e_init_rep_rx Saeed Mahameed
2023-07-26 21:31 ` [net 04/15] net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Saeed Mahameed
2023-07-26 21:31 ` [net 05/15] net/mlx5: Honor user input for migratable port fn attr Saeed Mahameed
2023-07-26 21:31 ` [net 06/15] net/mlx5e: Don't hold encap tbl lock if there is no encap action Saeed Mahameed
2023-07-26 21:31 ` [net 07/15] net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set Saeed Mahameed
2023-07-26 21:31 ` [net 08/15] net/mlx5e: Move representor neigh cleanup to profile cleanup_tx Saeed Mahameed
2023-07-26 21:32 ` [net 09/15] net/mlx5e: xsk: Fix invalid buffer access for legacy rq Saeed Mahameed
2023-07-26 21:32 ` [net 10/15] net/mlx5e: xsk: Fix crash on regular rq reactivation Saeed Mahameed
2023-07-26 21:32 ` [net 11/15] net/mlx5: Bridge, set debugfs access right to root-only Saeed Mahameed
2023-07-26 21:32 ` [net 12/15] net/mlx5e: kTLS, Fix protection domain in use syndrome when devlink reload Saeed Mahameed
2023-07-26 21:32 ` [net 13/15] net/mlx5: fs_chains: Fix ft prio if ignore_flow_level is not supported Saeed Mahameed
2023-07-26 21:32 ` [net 14/15] net/mlx5: DR, Fix peer domain namespace setting Saeed Mahameed
2023-07-26 21:32 ` [net 15/15] net/mlx5: Unregister devlink params in case interface is down Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230726213206.47022-2-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=saeedm@nvidia.com \
--cc=shaozhengchao@huawei.com \
--cc=simon.horman@corigine.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.