From: Saeed Mahameed <saeed@kernel.org>
To: Dinghao Liu <dinghao.liu@zju.edu.cn>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
Leon Romanovsky <leon@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Zhengchao Shao <shaozhengchao@huawei.com>,
Simon Horman <horms@kernel.org>,
Rahul Rameshbabu <rrameshbabu@nvidia.com>,
Aya Levin <ayal@nvidia.com>, Tariq Toukan <tariqt@nvidia.com>,
netdev@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [v2] net/mlx5e: fix a potential double-free in fs_udp_create_groups
Date: Wed, 6 Dec 2023 13:53:06 -0800 [thread overview]
Message-ID: <ZXDtQj_lGub3-cWT@x130> (raw)
In-Reply-To: <20231128094055.5561-1-dinghao.liu@zju.edu.cn>
On 28 Nov 17:40, Dinghao Liu wrote:
>When kcalloc() for ft->g succeeds but kvzalloc() for in fails,
>fs_udp_create_groups() will free ft->g. However, its caller
>fs_udp_create_table() will free ft->g again through calling
>mlx5e_destroy_flow_table(), which will lead to a double-free.
>Fix this by setting ft->g to NULL in fs_udp_create_groups().
>
>Fixes: 1c80bd684388 ("net/mlx5e: Introduce Flow Steering UDP API")
>Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
>---
>
>Changelog:
>
>v2: Setting ft->g to NULL instead of removing the kfree().
>---
Applied to net-mlx5.
- Saeed
prev parent reply other threads:[~2023-12-06 21:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-28 9:40 [PATCH] [v2] net/mlx5e: fix a potential double-free in fs_udp_create_groups Dinghao Liu
2023-11-28 9:55 ` Tariq Toukan
2023-11-30 17:45 ` Simon Horman
2023-12-06 21:53 ` Saeed Mahameed [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXDtQj_lGub3-cWT@x130 \
--to=saeed@kernel.org \
--cc=ayal@nvidia.com \
--cc=davem@davemloft.net \
--cc=dinghao.liu@zju.edu.cn \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rrameshbabu@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=shaozhengchao@huawei.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.