patch 'net/nfb: fix use after free' has been queued to stable release 23.11.3

Xueming Li xuemingl at nvidia.com
Mon Nov 11 07:27:14 CET 2024

Previous message (by thread): patch 'examples/vhost: fix free function mismatch' has been queued to stable release 23.11.3
Next message (by thread): patch 'power: enable CPPC' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 23.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/30/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=5facb377a447b0150f17cf19b1d2ab006f721a03

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 5facb377a447b0150f17cf19b1d2ab006f721a03 Mon Sep 17 00:00:00 2001
From: Thomas Monjalon <thomas at monjalon.net>
Date: Thu, 10 Oct 2024 19:11:07 +0200
Subject: [PATCH] net/nfb: fix use after free
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ]

With the annotations added to the allocation functions
in commit 80da7efbb4c4 ("eal: annotate allocation functions"),
more issues are detected at compilation time:

nfb_rx.c:133:28: error: pointer 'rxq' used after 'rte_free'

It is fixed by moving the assignment before freeing the parent pointer.

Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")

Signed-off-by: Thomas Monjalon <thomas at monjalon.net>
Reviewed-by: David Marchand <david.marchand at redhat.com>
---
 drivers/net/nfb/nfb_rx.c | 2 +-
 drivers/net/nfb/nfb_tx.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/nfb/nfb_rx.c b/drivers/net/nfb/nfb_rx.c
index 8a9b232305..7941197b77 100644
--- a/drivers/net/nfb/nfb_rx.c
+++ b/drivers/net/nfb/nfb_rx.c
@@ -129,7 +129,7 @@ nfb_eth_rx_queue_release(struct rte_eth_dev *dev, uint16_t qid)

 	if (rxq->queue != NULL) {
 		ndp_close_rx_queue(rxq->queue);
-		rte_free(rxq);
 		rxq->queue = NULL;
+		rte_free(rxq);
 	}
 }
diff --git a/drivers/net/nfb/nfb_tx.c b/drivers/net/nfb/nfb_tx.c
index d49fc324e7..5c38d69934 100644
--- a/drivers/net/nfb/nfb_tx.c
+++ b/drivers/net/nfb/nfb_tx.c
@@ -108,7 +108,7 @@ nfb_eth_tx_queue_release(struct rte_eth_dev *dev, uint16_t qid)

 	if (txq->queue != NULL) {
 		ndp_close_tx_queue(txq->queue);
-		rte_free(txq);
 		txq->queue = NULL;
+		rte_free(txq);
 	}
 }
--
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-11 14:23:06.621227709 +0800
+++ 0028-net-nfb-fix-use-after-free.patch	2024-11-11 14:23:05.062192841 +0800
@@ -1 +1 @@
-From 76da9834ebb6e43e005bd5895ff4568d0e7be78f Mon Sep 17 00:00:00 2001
+From 5facb377a447b0150f17cf19b1d2ab006f721a03 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ]
@@ -15 +17,0 @@
-Cc: stable at dpdk.org
@@ -25 +27 @@
-index f72afafe8f..462bc3b50d 100644
+index 8a9b232305..7941197b77 100644
@@ -38 +40 @@
-index a1318a4205..cf99268c43 100644
+index d49fc324e7..5c38d69934 100644

Previous message (by thread): patch 'examples/vhost: fix free function mismatch' has been queued to stable release 23.11.3
Next message (by thread): patch 'power: enable CPPC' has been queued to stable release 23.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list