* [PATCH][next] octeontx2-af: Fix access of iter->entry after iter object has been kfree'd
@ 2020-11-18 14:38 Colin King
2020-11-20 19:10 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Colin King @ 2020-11-18 14:38 UTC (permalink / raw)
To: Sunil Goutham, Linu Cherian, Geetha sowjanya, Jerin Jacob,
David S . Miller, Jakub Kicinski, Naveen Mamindlapalli,
Subbaraya Sundeep, netdev
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
The call to pc_delete_flow can kfree the iter object, so the following
dev_err message that accesses iter->entry can accessmemory that has
just been kfree'd. Fix this by adding a temporary variable 'entry'
that has a copy of iter->entry and also use this when indexing into
the array mcam->entry2target_pffunc[]. Also print the unsigned value
using the %u format specifier rather than %d.
Addresses-Coverity: ("Read from pointer after free")
Fixes: 55307fcb9258 ("octeontx2-af: Add mbox messages to install and delete MCAM rules")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/infiniband/hw/mlx5/mem.c | 2 +-
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
index 4ddfdff33a61..14832b66d1fe 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
@@ -1218,11 +1218,13 @@ int rvu_mbox_handler_npc_delete_flow(struct rvu *rvu,
mutex_unlock(&mcam->lock);
list_for_each_entry_safe(iter, tmp, &del_list, list) {
+ u16 entry = iter->entry;
+
/* clear the mcam entry target pcifunc */
- mcam->entry2target_pffunc[iter->entry] = 0x0;
+ mcam->entry2target_pffunc[entry] = 0x0;
if (npc_delete_flow(rvu, iter, pcifunc))
- dev_err(rvu->dev, "rule deletion failed for entry:%d",
- iter->entry);
+ dev_err(rvu->dev, "rule deletion failed for entry:%u",
+ entry);
}
return 0;
--
2.28.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH][next] octeontx2-af: Fix access of iter->entry after iter object has been kfree'd
2020-11-18 14:38 [PATCH][next] octeontx2-af: Fix access of iter->entry after iter object has been kfree'd Colin King
@ 2020-11-20 19:10 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2020-11-20 19:10 UTC (permalink / raw)
To: Colin King
Cc: sgoutham, lcherian, gakula, jerinj, davem, kuba, naveenm,
sbhatta, netdev, kernel-janitors, linux-kernel
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Wed, 18 Nov 2020 14:38:03 +0000 you wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The call to pc_delete_flow can kfree the iter object, so the following
> dev_err message that accesses iter->entry can accessmemory that has
> just been kfree'd. Fix this by adding a temporary variable 'entry'
> that has a copy of iter->entry and also use this when indexing into
> the array mcam->entry2target_pffunc[]. Also print the unsigned value
> using the %u format specifier rather than %d.
>
> [...]
Here is the summary with links:
- [next] octeontx2-af: Fix access of iter->entry after iter object has been kfree'd
https://git.kernel.org/netdev/net-next/c/76483980174c
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-20 19:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-18 14:38 [PATCH][next] octeontx2-af: Fix access of iter->entry after iter object has been kfree'd Colin King
2020-11-20 19:10 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.