patch 'net/cpfl: fix invalid free in JSON parser' has been queued to stable release 23.11.3

Xueming Li xuemingl at nvidia.com
Mon Nov 11 07:27:07 CET 2024 

Hi,

FYI, your patch has been queued to stable release 23.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=55f413c5ad5c01b4149b239c2342c833d52f77c5

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 55f413c5ad5c01b4149b239c2342c833d52f77c5 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:14 -0700
Subject: [PATCH] net/cpfl: fix invalid free in JSON parser
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 1c20cf5be5c8b3e09673a44da2ce532ec0f35236 ]

With proper annotation, GCC discovers that this driver is calling
rte_free() on an object that was not allocated
(it is part of array in another object).

In function ‘cpfl_flow_js_mr_layout’,
    inlined from ‘cpfl_flow_js_mr_action’ at
	../drivers/net/cpfl/cpfl_flow_parser.c:848:9,
    inlined from ‘cpfl_flow_js_mod_rule’ at
	../drivers/net/cpfl/cpfl_flow_parser.c:908:9,
    inlined from ‘cpfl_parser_init’ at
	../drivers/net/cpfl/cpfl_flow_parser.c:932:8,
    inlined from ‘cpfl_parser_create’ at
	../drivers/net/cpfl/cpfl_flow_parser.c:959:8:
../drivers/net/cpfl/cpfl_flow_parser.c:740:9: warning:
	‘rte_free’ called on pointer ‘*parser.modifications’ with
	nonzero offset [28, 15479062120396] [-Wfree-nonheap-object]
  740 |         rte_free(js_mod->layout);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 6cc97c9971d7 ("net/cpfl: build action mapping rules from JSON")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
 drivers/net/cpfl/cpfl_flow_parser.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/net/cpfl/cpfl_flow_parser.c b/drivers/net/cpfl/cpfl_flow_parser.c
index 011229a470..303e979015 100644
--- a/drivers/net/cpfl/cpfl_flow_parser.c
+++ b/drivers/net/cpfl/cpfl_flow_parser.c
@@ -737,7 +737,6 @@ cpfl_flow_js_mr_layout(json_t *ob_layouts, struct cpfl_flow_js_mr_action_mod *js
 	return 0;

 err:
-	rte_free(js_mod->layout);
 	return -EINVAL;
 }

--
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-11 14:23:06.355857615 +0800
+++ 0021-net-cpfl-fix-invalid-free-in-JSON-parser.patch	2024-11-11 14:23:05.042192841 +0800
@@ -1 +1 @@
-From 1c20cf5be5c8b3e09673a44da2ce532ec0f35236 Mon Sep 17 00:00:00 2001
+From 55f413c5ad5c01b4149b239c2342c833d52f77c5 Mon Sep 17 00:00:00 2001
@@ -7,0 +8,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 1c20cf5be5c8b3e09673a44da2ce532ec0f35236 ]
@@ -29 +31,0 @@
-Cc: stable at dpdk.org

More information about the stable mailing list