patch 'raw/ifpga/base: fix use after free' has been queued to stable release 23.11.3

Xueming Li xuemingl at nvidia.com
Mon Nov 11 07:27:11 CET 2024 

Hi,

FYI, your patch has been queued to stable release 23.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=be5b4c9d2969486ffc3a8606c0b8b2cd77a0169e

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From be5b4c9d2969486ffc3a8606c0b8b2cd77a0169e Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Tue, 8 Oct 2024 09:47:16 -0700
Subject: [PATCH] raw/ifpga/base: fix use after free
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 11986223b54d981300e9de2d365c494eb274645c ]

The TAILQ_FOREACH() macro would refer to info after it
had been freed. Fix by introducing TAILQ_FOREACH_SAFE here.

Fixes: 4a19f89104f8 ("raw/ifpga/base: support multiple cards")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
 drivers/raw/ifpga/base/opae_intel_max10.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
index dd97a5f9fd..d5a9ceb6e3 100644
--- a/drivers/raw/ifpga/base/opae_intel_max10.c
+++ b/drivers/raw/ifpga/base/opae_intel_max10.c
@@ -6,6 +6,13 @@
 #include <libfdt.h>
 #include "opae_osdep.h"

+#ifndef TAILQ_FOREACH_SAFE
+#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \
+	for ((var) = TAILQ_FIRST((head)); \
+		(var) && ((tvar) = TAILQ_NEXT((var), field), 1); \
+	(var) = (tvar))
+#endif
+
 int max10_sys_read(struct intel_max10_device *dev,
 	unsigned int offset, unsigned int *val)
 {
@@ -746,9 +753,9 @@ static int fdt_get_named_reg(const void *fdt, int node, const char *name,

 static void max10_sensor_uinit(struct intel_max10_device *dev)
 {
-	struct opae_sensor_info *info;
+	struct opae_sensor_info *info, *next;

-	TAILQ_FOREACH(info, &dev->opae_sensor_list, node) {
+	TAILQ_FOREACH_SAFE(info, &dev->opae_sensor_list, node, next) {
 		TAILQ_REMOVE(&dev->opae_sensor_list, info, node);
 		opae_free(info);
 	}
--
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-11 14:23:06.515775011 +0800
+++ 0025-raw-ifpga-base-fix-use-after-free.patch	2024-11-11 14:23:05.052192841 +0800
@@ -1 +1 @@
-From 11986223b54d981300e9de2d365c494eb274645c Mon Sep 17 00:00:00 2001
+From be5b4c9d2969486ffc3a8606c0b8b2cd77a0169e Mon Sep 17 00:00:00 2001
@@ -7,0 +8,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 11986223b54d981300e9de2d365c494eb274645c ]
@@ -13 +15,0 @@
-Cc: stable at dpdk.org

More information about the stable mailing list