[PATCH v9 15/17] baseband/la12xx: prevent use after free

Stephen Hemminger stephen at networkplumber.org
Tue Oct 8 18:47:19 CEST 2024

Previous message (by thread): [PATCH v9 14/17] drivers/ifpga: fix free function mismatch
Next message (by thread): [PATCH v9 16/17] common/idpf: fix use after free due
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is possible that the info pointer (hp) could get freed twice.
Fix by nulling after free.

In function 'setup_la12xx_dev',
inlined from 'la12xx_bbdev_create' at ../drivers/baseband/la12xx/bbdev_la12xx.c:1029:8,
inlined from 'la12xx_bbdev_probe' at ../drivers/baseband/la12xx/bbdev_la12xx.c:1075:9:
../drivers/baseband/la12xx/bbdev_la12xx.c:901:9: error: pointer 'hp_info' may be used after 'rte_free' [-Werror=use-after-free]
901 |         rte_free(hp);
|         ^~~~~~~~~~~~
../drivers/baseband/la12xx/bbdev_la12xx.c:791:17: note: call to 'rte_free' here
791 |                 rte_free(hp);
|                 ^~~~~~~~~~~~

Fixes: 24d0ba22546e ("baseband/la12xx: add queue and modem config")
Cc: stable at dpdk.org
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Reviewed-by: Hemant Agrawal <hemant.agrawal at nxp.com>
---
 drivers/baseband/la12xx/bbdev_la12xx.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/baseband/la12xx/bbdev_la12xx.c b/drivers/baseband/la12xx/bbdev_la12xx.c
index af4b4f1e9a..2432cdf884 100644
--- a/drivers/baseband/la12xx/bbdev_la12xx.c
+++ b/drivers/baseband/la12xx/bbdev_la12xx.c
@@ -789,6 +789,7 @@ setup_la12xx_dev(struct rte_bbdev *dev)
 		ipc_priv->hugepg_start.size = hp->len;
 
 		rte_free(hp);
+		hp = NULL;
 	}
 
 	dev_ipc = open_ipc_dev(priv->modem_id);
-- 
2.45.2

Previous message (by thread): [PATCH v9 14/17] drivers/ifpga: fix free function mismatch
Next message (by thread): [PATCH v9 16/17] common/idpf: fix use after free due
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list