patch 'net/nfb: fix use after free' has been queued to stable release 22.11.7

[luca.boccassi at gmail.com]

Hi,

FYI, your patch has been queued to stable release 22.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/25/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/d56b8cfa79131b17c1f40a2f2708a42a3bc94159

Thanks.

Luca Boccassi

---
>From d56b8cfa79131b17c1f40a2f2708a42a3bc94159 Mon Sep 17 00:00:00 2001
From: Thomas Monjalon <thomas at monjalon.net>
Date: Thu, 10 Oct 2024 19:11:07 +0200
Subject: [PATCH] net/nfb: fix use after free

[ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ]

With the annotations added to the allocation functions
in commit 80da7efbb4c4 ("eal: annotate allocation functions"),
more issues are detected at compilation time:

nfb_rx.c:133:28: error: pointer 'rxq' used after 'rte_free'

It is fixed by moving the assignment before freeing the parent pointer.

Fixes: 6435f9a0ac22 ("net/nfb: add new netcope driver")

Signed-off-by: Thomas Monjalon <thomas at monjalon.net>
Reviewed-by: David Marchand <david.marchand at redhat.com>
---
 drivers/net/nfb/nfb_rx.c | 2 +-
 drivers/net/nfb/nfb_tx.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/nfb/nfb_rx.c b/drivers/net/nfb/nfb_rx.c
index 8a9b232305..7941197b77 100644
--- a/drivers/net/nfb/nfb_rx.c
+++ b/drivers/net/nfb/nfb_rx.c
@@ -129,7 +129,7 @@ nfb_eth_rx_queue_release(struct rte_eth_dev *dev, uint16_t qid)
 
 	if (rxq->queue != NULL) {
 		ndp_close_rx_queue(rxq->queue);
-		rte_free(rxq);
 		rxq->queue = NULL;
+		rte_free(rxq);
 	}
 }
diff --git a/drivers/net/nfb/nfb_tx.c b/drivers/net/nfb/nfb_tx.c
index d49fc324e7..5c38d69934 100644
--- a/drivers/net/nfb/nfb_tx.c
+++ b/drivers/net/nfb/nfb_tx.c
@@ -108,7 +108,7 @@ nfb_eth_tx_queue_release(struct rte_eth_dev *dev, uint16_t qid)
 
 	if (txq->queue != NULL) {
 		ndp_close_tx_queue(txq->queue);
-		rte_free(txq);
 		txq->queue = NULL;
+		rte_free(txq);
 	}
 }
-- 
2.45.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-10-23 22:16:41.271460365 +0100
+++ 0019-net-nfb-fix-use-after-free.patch	2024-10-23 22:16:40.451940874 +0100
@@ -1 +1 @@
-From 76da9834ebb6e43e005bd5895ff4568d0e7be78f Mon Sep 17 00:00:00 2001
+From d56b8cfa79131b17c1f40a2f2708a42a3bc94159 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 76da9834ebb6e43e005bd5895ff4568d0e7be78f ]
+
@@ -15 +16,0 @@
-Cc: stable at dpdk.org
@@ -25 +26 @@
-index f72afafe8f..462bc3b50d 100644
+index 8a9b232305..7941197b77 100644
@@ -38 +39 @@
-index a1318a4205..cf99268c43 100644
+index d49fc324e7..5c38d69934 100644