patch 'common/idpf: fix use after free in mailbox init' has been queued to stable release 23.11.3
Xueming Li
xuemingl at nvidia.com
Mon Nov 11 07:27:02 CET 2024
Hi,
FYI, your patch has been queued to stable release 23.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging
This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=91f32226a7208deb90b1594cfeb769399b315687
Thanks.
Xueming Li <xuemingl at nvidia.com>
---
>From 91f32226a7208deb90b1594cfeb769399b315687 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:20 -0700
Subject: [PATCH] common/idpf: fix use after free in mailbox init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: Xueming Li <xuemingl at nvidia.com>
[ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ]
The macro in this driver was redefining LIST_FOR_EACH_ENTRY_SAFE
as a simple LIST_FOR_EACH macro.
But they are not the same the _SAFE variant guarantees that
there will not be use after free.
Fixes: fb4ac04e9bfa ("common/idpf: introduce common library")
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
drivers/common/idpf/base/idpf_osdep.h | 10 ++++++++--
drivers/common/idpf/idpf_common_device.c | 3 +--
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/common/idpf/base/idpf_osdep.h b/drivers/common/idpf/base/idpf_osdep.h
index 74a376cb13..581a36cc40 100644
--- a/drivers/common/idpf/base/idpf_osdep.h
+++ b/drivers/common/idpf/base/idpf_osdep.h
@@ -341,10 +341,16 @@ idpf_hweight32(u32 num)
#define LIST_ENTRY_TYPE(type) LIST_ENTRY(type)
#endif
+#ifndef LIST_FOREACH_SAFE
+#define LIST_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = LIST_FIRST((head)); \
+ (var) && ((tvar) = LIST_NEXT((var), field), 1); \
+ (var) = (tvar))
+#endif
+
#ifndef LIST_FOR_EACH_ENTRY_SAFE
#define LIST_FOR_EACH_ENTRY_SAFE(pos, temp, head, entry_type, list) \
- LIST_FOREACH(pos, head, list)
-
+ LIST_FOREACH_SAFE(pos, head, list, temp)
#endif
#ifndef LIST_FOR_EACH_ENTRY
diff --git a/drivers/common/idpf/idpf_common_device.c b/drivers/common/idpf/idpf_common_device.c
index cc4207a46e..77c58170b3 100644
--- a/drivers/common/idpf/idpf_common_device.c
+++ b/drivers/common/idpf/idpf_common_device.c
@@ -136,8 +136,7 @@ idpf_init_mbx(struct idpf_hw *hw)
if (ret != 0)
return ret;
- LIST_FOR_EACH_ENTRY_SAFE(ctlq, NULL, &hw->cq_list_head,
- struct idpf_ctlq_info, cq_list) {
+ LIST_FOR_EACH_ENTRY(ctlq, &hw->cq_list_head, struct idpf_ctlq_info, cq_list) {
if (ctlq->q_id == IDPF_CTLQ_ID &&
ctlq->cq_type == IDPF_CTLQ_TYPE_MAILBOX_TX)
hw->asq = ctlq;
--
2.34.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2024-11-11 14:23:06.178396818 +0800
+++ 0016-common-idpf-fix-use-after-free-in-mailbox-init.patch 2024-11-11 14:23:05.032192841 +0800
@@ -1 +1 @@
-From 4baf54ed9dc87b89ea2150578c51120bc0157bb0 Mon Sep 17 00:00:00 2001
+From 91f32226a7208deb90b1594cfeb769399b315687 Mon Sep 17 00:00:00 2001
@@ -7,0 +8,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ]
@@ -15 +17,0 @@
-Cc: stable at dpdk.org
@@ -27 +29 @@
-index e042ef871c..cf9e553906 100644
+index 74a376cb13..581a36cc40 100644
@@ -50 +52 @@
-index 8403ed83f9..e9fa024850 100644
+index cc4207a46e..77c58170b3 100644
More information about the stable
mailing list