From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Wentao_Liang <Wentao_Liang_g@163.com>,
Saeed Mahameed <saeedm@nvidia.com>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org, linux-rdma@vger.kernel.org
Subject: [PATCH AUTOSEL 5.14 237/252] net/mlx5: DR, fix a potential use-after-free bug
Date: Thu, 9 Sep 2021 07:40:51 -0400 [thread overview]
Message-ID: <20210909114106.141462-237-sashal@kernel.org> (raw)
In-Reply-To: <20210909114106.141462-1-sashal@kernel.org>
From: Wentao_Liang <Wentao_Liang_g@163.com>
[ Upstream commit 6cc64770fb386b10a64a1fe09328396de7bb5262 ]
In line 849 (#1), "mlx5dr_htbl_put(cur_htbl);" drops the reference to
cur_htbl and may cause cur_htbl to be freed.
However, cur_htbl is subsequently used in the next line, which may result
in an use-after-free bug.
Fix this by calling mlx5dr_err() before the cur_htbl is put.
Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
index 43356fad53de..ffdfb5a94b14 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
@@ -846,9 +846,9 @@ dr_rule_handle_ste_branch(struct mlx5dr_rule *rule,
new_htbl = dr_rule_rehash(rule, nic_rule, cur_htbl,
ste_location, send_ste_list);
if (!new_htbl) {
- mlx5dr_htbl_put(cur_htbl);
mlx5dr_err(dmn, "Failed creating rehash table, htbl-log_size: %d\n",
cur_htbl->chunk_size);
+ mlx5dr_htbl_put(cur_htbl);
} else {
cur_htbl = new_htbl;
}
--
2.30.2
next prev parent reply other threads:[~2021-09-09 12:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210909114106.141462-1-sashal@kernel.org>
2021-09-09 11:39 ` [PATCH AUTOSEL 5.14 146/252] net/mlx5: Fix variable type to match 64bit Sasha Levin
2021-09-09 11:40 ` Sasha Levin [this message]
2021-09-09 11:40 ` [PATCH AUTOSEL 5.14 238/252] net/mlx5: DR, Enable QP retransmission Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210909114106.141462-237-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Wentao_Liang_g@163.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=saeedm@nvidia.com \
--cc=stable@vger.kernel.org \
--subject='Re: [PATCH AUTOSEL 5.14 237/252] net/mlx5: DR, fix a potential use-after-free bug' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).