All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
@ 2020-05-05 20:47 ` Dan Carpenter
  0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2020-05-05 20:47 UTC (permalink / raw)
  To: Claudiu Manoil, Po Liu; +Cc: David S. Miller, netdev, kernel-janitors

This code frees "sfi" and then dereferences it on the next line.

Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/net/ethernet/freescale/enetc/enetc_qos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 48e589e9d0f7c..10d79eb46c2e8 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -902,8 +902,8 @@ static void stream_filter_unref(struct enetc_ndev_priv *priv, u32 index)
 	if (z) {
 		enetc_streamfilter_hw_set(priv, sfi, false);
 		hlist_del(&sfi->node);
-		kfree(sfi);
 		clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);
+		kfree(sfi);
 	}
 }
 
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
@ 2020-05-05 20:47 ` Dan Carpenter
  0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2020-05-05 20:47 UTC (permalink / raw)
  To: Claudiu Manoil, Po Liu; +Cc: David S. Miller, netdev, kernel-janitors

This code frees "sfi" and then dereferences it on the next line.

Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/net/ethernet/freescale/enetc/enetc_qos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 48e589e9d0f7c..10d79eb46c2e8 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -902,8 +902,8 @@ static void stream_filter_unref(struct enetc_ndev_priv *priv, u32 index)
 	if (z) {
 		enetc_streamfilter_hw_set(priv, sfi, false);
 		hlist_del(&sfi->node);
-		kfree(sfi);
 		clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);
+		kfree(sfi);
 	}
 }
 
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* RE:  [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
  2020-05-05 20:47 ` Dan Carpenter
@ 2020-05-06  4:14 ` Po Liu
  -1 siblings, 0 replies; 6+ messages in thread
From: Po Liu @ 2020-05-06  4:14 UTC (permalink / raw)
  To: Dan Carpenter, Claudiu Manoil; +Cc: David S. Miller, netdev, kernel-janitors

Hi Dan,


> -----Original Message-----
> From: Dan Carpenter <dan.carpenter@oracle.com>
> Sent: 2020年5月6日 4:47
> To: Claudiu Manoil <claudiu.manoil@nxp.com>; Po Liu <po.liu@nxp.com>
> Cc: David S. Miller <davem@davemloft.net>; netdev@vger.kernel.org;
> kernel-janitors@vger.kernel.org
> Subject: [PATCH net-next] enetc: Fix use after free in
> stream_filter_unref()
> 
> 
> This code frees "sfi" and then dereferences it on the next line.
> 
> Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/net/ethernet/freescale/enetc/enetc_qos.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> index 48e589e9d0f7c..10d79eb46c2e8 100644
> --- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> +++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> @@ -902,8 +902,8 @@ static void stream_filter_unref(struct
> enetc_ndev_priv *priv, u32 index)
>         if (z) {
>                 enetc_streamfilter_hw_set(priv, sfi, false);
>                 hlist_del(&sfi->node);
> -               kfree(sfi);
>                 clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);

This "sfi->index" should be "index", but the patch is also fix it.

> +               kfree(sfi);
>         }
>  }
> 
> --
> 2.26.2

Thanks a lot.

Br,
Po Liu


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE:  [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
@ 2020-05-06  4:14 ` Po Liu
  0 siblings, 0 replies; 6+ messages in thread
From: Po Liu @ 2020-05-06  4:14 UTC (permalink / raw)
  To: Dan Carpenter, Claudiu Manoil; +Cc: David S. Miller, netdev, kernel-janitors

SGkgRGFuLA0KDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogRGFuIENh
cnBlbnRlciA8ZGFuLmNhcnBlbnRlckBvcmFjbGUuY29tPg0KPiBTZW50OiAyMDIwxOo11MI2yNUg
NDo0Nw0KPiBUbzogQ2xhdWRpdSBNYW5vaWwgPGNsYXVkaXUubWFub2lsQG54cC5jb20+OyBQbyBM
aXUgPHBvLmxpdUBueHAuY29tPg0KPiBDYzogRGF2aWQgUy4gTWlsbGVyIDxkYXZlbUBkYXZlbWxv
ZnQubmV0PjsgbmV0ZGV2QHZnZXIua2VybmVsLm9yZzsNCj4ga2VybmVsLWphbml0b3JzQHZnZXIu
a2VybmVsLm9yZw0KPiBTdWJqZWN0OiBbUEFUQ0ggbmV0LW5leHRdIGVuZXRjOiBGaXggdXNlIGFm
dGVyIGZyZWUgaW4NCj4gc3RyZWFtX2ZpbHRlcl91bnJlZigpDQo+IA0KPiANCj4gVGhpcyBjb2Rl
IGZyZWVzICJzZmkiIGFuZCB0aGVuIGRlcmVmZXJlbmNlcyBpdCBvbiB0aGUgbmV4dCBsaW5lLg0K
PiANCj4gRml4ZXM6IDg4OGFlNWEzOTUyYiAoIm5ldDogZW5ldGM6IGFkZCB0YyBmbG93ZXIgcHNm
cCBvZmZsb2FkIGRyaXZlciIpDQo+IFNpZ25lZC1vZmYtYnk6IERhbiBDYXJwZW50ZXIgPGRhbi5j
YXJwZW50ZXJAb3JhY2xlLmNvbT4NCj4gLS0tDQo+ICBkcml2ZXJzL25ldC9ldGhlcm5ldC9mcmVl
c2NhbGUvZW5ldGMvZW5ldGNfcW9zLmMgfCAyICstDQo+ICAxIGZpbGUgY2hhbmdlZCwgMSBpbnNl
cnRpb24oKyksIDEgZGVsZXRpb24oLSkNCj4gDQo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL25ldC9l
dGhlcm5ldC9mcmVlc2NhbGUvZW5ldGMvZW5ldGNfcW9zLmMNCj4gYi9kcml2ZXJzL25ldC9ldGhl
cm5ldC9mcmVlc2NhbGUvZW5ldGMvZW5ldGNfcW9zLmMNCj4gaW5kZXggNDhlNTg5ZTlkMGY3Yy4u
MTBkNzllYjQ2YzJlOCAxMDA2NDQNCj4gLS0tIGEvZHJpdmVycy9uZXQvZXRoZXJuZXQvZnJlZXNj
YWxlL2VuZXRjL2VuZXRjX3Fvcy5jDQo+ICsrKyBiL2RyaXZlcnMvbmV0L2V0aGVybmV0L2ZyZWVz
Y2FsZS9lbmV0Yy9lbmV0Y19xb3MuYw0KPiBAQCAtOTAyLDggKzkwMiw4IEBAIHN0YXRpYyB2b2lk
IHN0cmVhbV9maWx0ZXJfdW5yZWYoc3RydWN0DQo+IGVuZXRjX25kZXZfcHJpdiAqcHJpdiwgdTMy
IGluZGV4KQ0KPiAgICAgICAgIGlmICh6KSB7DQo+ICAgICAgICAgICAgICAgICBlbmV0Y19zdHJl
YW1maWx0ZXJfaHdfc2V0KHByaXYsIHNmaSwgZmFsc2UpOw0KPiAgICAgICAgICAgICAgICAgaGxp
c3RfZGVsKCZzZmktPm5vZGUpOw0KPiAtICAgICAgICAgICAgICAga2ZyZWUoc2ZpKTsNCj4gICAg
ICAgICAgICAgICAgIGNsZWFyX2JpdChzZmktPmluZGV4LCBlcHNmcC5wc2ZwX3NmaV9iaXRtYXAp
Ow0KDQpUaGlzICJzZmktPmluZGV4IiBzaG91bGQgYmUgImluZGV4IiwgYnV0IHRoZSBwYXRjaCBp
cyBhbHNvIGZpeCBpdC4NCg0KPiArICAgICAgICAgICAgICAga2ZyZWUoc2ZpKTsNCj4gICAgICAg
ICB9DQo+ICB9DQo+IA0KPiAtLQ0KPiAyLjI2LjINCg0KVGhhbmtzIGEgbG90Lg0KDQpCciwNClBv
IExpdQ0KDQo

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
  2020-05-05 20:47 ` Dan Carpenter
@ 2020-05-08  0:36   ` David Miller
  -1 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2020-05-08  0:36 UTC (permalink / raw)
  To: dan.carpenter; +Cc: claudiu.manoil, Po.Liu, netdev, kernel-janitors

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 5 May 2020 23:47:21 +0300

> This code frees "sfi" and then dereferences it on the next line.
> 
> Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

This was fixed in another patch by using the local variable 'index'.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH net-next] enetc: Fix use after free in stream_filter_unref()
@ 2020-05-08  0:36   ` David Miller
  0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2020-05-08  0:36 UTC (permalink / raw)
  To: dan.carpenter; +Cc: claudiu.manoil, Po.Liu, netdev, kernel-janitors

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 5 May 2020 23:47:21 +0300

> This code frees "sfi" and then dereferences it on the next line.
> 
> Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

This was fixed in another patch by using the local variable 'index'.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-05-08  0:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-05 20:47 [PATCH net-next] enetc: Fix use after free in stream_filter_unref() Dan Carpenter
2020-05-05 20:47 ` Dan Carpenter
2020-05-08  0:36 ` David Miller
2020-05-08  0:36   ` David Miller
2020-05-06  4:14 Po Liu
2020-05-06  4:14 ` Po Liu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.