patch 'baseband/la12xx: fix use after free in modem config' has been queued to stable release 23.11.3
Xueming Li
xuemingl at nvidia.com
Mon Nov 11 07:27:00 CET 2024
Hi,
FYI, your patch has been queued to stable release 23.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging
This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=e90be36798669790e22e49aa3db399630e8a4f48
Thanks.
Xueming Li <xuemingl at nvidia.com>
---
>From e90be36798669790e22e49aa3db399630e8a4f48 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:19 -0700
Subject: [PATCH] baseband/la12xx: fix use after free in modem config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: Xueming Li <xuemingl at nvidia.com>
[ upstream commit 6ffb34498913f84713e98d6a2a21d2a86028a604 ]
The info pointer (hp) could get freed twice.
Fix by nulling after free.
In function 'setup_la12xx_dev',
inlined from 'la12xx_bbdev_create' at
../drivers/baseband/la12xx/bbdev_la12xx.c:1029:8,
inlined from 'la12xx_bbdev_probe' at
../drivers/baseband/la12xx/bbdev_la12xx.c:1075:9:
../drivers/baseband/la12xx/bbdev_la12xx.c:901:9:
error: pointer 'hp_info' may be used after 'rte_free'
[-Werror=use-after-free]
901 | rte_free(hp);
| ^~~~~~~~~~~~
../drivers/baseband/la12xx/bbdev_la12xx.c:791:17:
note: call to 'rte_free' here
791 | rte_free(hp);
| ^~~~~~~~~~~~
Fixes: 24d0ba22546e ("baseband/la12xx: add queue and modem config")
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Reviewed-by: Hemant Agrawal <hemant.agrawal at nxp.com>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
drivers/baseband/la12xx/bbdev_la12xx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/baseband/la12xx/bbdev_la12xx.c b/drivers/baseband/la12xx/bbdev_la12xx.c
index af4b4f1e9a..2432cdf884 100644
--- a/drivers/baseband/la12xx/bbdev_la12xx.c
+++ b/drivers/baseband/la12xx/bbdev_la12xx.c
@@ -789,6 +789,7 @@ setup_la12xx_dev(struct rte_bbdev *dev)
ipc_priv->hugepg_start.size = hp->len;
rte_free(hp);
+ hp = NULL;
}
dev_ipc = open_ipc_dev(priv->modem_id);
--
2.34.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2024-11-11 14:23:06.104682320 +0800
+++ 0014-baseband-la12xx-fix-use-after-free-in-modem-config.patch 2024-11-11 14:23:05.032192841 +0800
@@ -1 +1 @@
-From 6ffb34498913f84713e98d6a2a21d2a86028a604 Mon Sep 17 00:00:00 2001
+From e90be36798669790e22e49aa3db399630e8a4f48 Mon Sep 17 00:00:00 2001
@@ -7,0 +8,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 6ffb34498913f84713e98d6a2a21d2a86028a604 ]
@@ -28 +30,0 @@
-Cc: stable at dpdk.org
More information about the stable
mailing list