[PATCH] net/xsc: fix use after free in some RXQ cleanup

David Marchand david.marchand at redhat.com
Tue Sep 9 16:45:17 CEST 2025

Previous message (by thread): [PATCH] net/xsc: fix use after free in some RXQ cleanup
Next message (by thread): [V9 00/17] add-hinic3-PMD-driver
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 9 Sept 2025 at 09:05, David Marchand <david.marchand at redhat.com> wrote:
>
> Debian 12 gcc complains about a use after free in this cleanup section.
>
> [7/11] Compiling C object drivers/libtmp_rte_net_xsc.a.p/net_xsc_xsc_rx.c.o
> In function 'xsc_rss_qp_create',
>     inlined from 'xsc_rxq_rss_obj_new' at ../drivers/net/xsc/xsc_rx.c:565:8:
> ../drivers/net/xsc/xsc_rx.c:501:9: warning: pointer 'req' may be used after
>         'free' [-Wuse-after-free]
>   501 |         free(req);
>       |         ^~~~~~~~~
> ../drivers/net/xsc/xsc_rx.c:501:9: note: call to 'free' here
>
> Indeed, req may be free'd twice, as an error in the cleanup loop may
> jump back to the set_qp_fail label.
>
> Instead, skip the erroneous rxq and don't touch errno since all the code
> jumping to set_qp_fail already sets it.
>
> Fixes: 3991c890fb4c ("net/xsc: optimize RSS queue creation")
>
> Signed-off-by: David Marchand <david.marchand at redhat.com>
> Acked-by: Renyong Wan <wanry at yunsilicon.com>

Applied, thanks.


-- 
David Marchand

Previous message (by thread): [PATCH] net/xsc: fix use after free in some RXQ cleanup
Next message (by thread): [V9 00/17] add-hinic3-PMD-driver
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list