[PATCH 22.11] common/idpf: fix use after free in mailbox init

Stephen Hemminger stephen at networkplumber.org
Fri Oct 25 02:14:23 CEST 2024

Previous message (by thread): [PATCH 4/6] crypto/openssl: fix 3DES-CTR with big endian CPUs
Next message (by thread): [PATCH 22.11] common/idpf: fix use after free in mailbox init
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ upstream commit 4baf54ed9dc87b89ea2150578c51120bc0157bb0 ]

The macro in this driver was redefining LIST_FOR_EACH_ENTRY_SAFE
as a simple LIST_FOR_EACH macro.
But they are not the same the _SAFE variant guarantees that
there will not be use after free.

Fixes: fb4ac04e9bfa ("common/idpf: introduce common library")
Cc: stable at dpdk.org

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
 drivers/common/idpf/base/idpf_osdep.h | 10 ++++++++--
 drivers/net/idpf/idpf_ethdev.c        |  3 +--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/common/idpf/base/idpf_osdep.h b/drivers/common/idpf/base/idpf_osdep.h
index 99ae9cf60a..b6124ab083 100644
--- a/drivers/common/idpf/base/idpf_osdep.h
+++ b/drivers/common/idpf/base/idpf_osdep.h
@@ -349,10 +349,16 @@ idpf_hweight32(u32 num)
 #define LIST_ENTRY_TYPE(type)	   LIST_ENTRY(type)
 #endif
 
+#ifndef LIST_FOREACH_SAFE
+#define LIST_FOREACH_SAFE(var, head, field, tvar)			\
+	for ((var) = LIST_FIRST((head));				\
+	    (var) && ((tvar) = LIST_NEXT((var), field), 1);		\
+	    (var) = (tvar))
+#endif
+
 #ifndef LIST_FOR_EACH_ENTRY_SAFE
 #define LIST_FOR_EACH_ENTRY_SAFE(pos, temp, head, entry_type, list)	\
-	LIST_FOREACH(pos, head, list)
-
+	LIST_FOREACH_SAFE(pos, head, list, temp)
 #endif
 
 #ifndef LIST_FOR_EACH_ENTRY
diff --git a/drivers/net/idpf/idpf_ethdev.c b/drivers/net/idpf/idpf_ethdev.c
index b31cb47e90..65b970d36d 100644
--- a/drivers/net/idpf/idpf_ethdev.c
+++ b/drivers/net/idpf/idpf_ethdev.c
@@ -895,8 +895,7 @@ idpf_init_mbx(struct idpf_hw *hw)
 	if (ret != 0)
 		return ret;
 
-	LIST_FOR_EACH_ENTRY_SAFE(ctlq, NULL, &hw->cq_list_head,
-				 struct idpf_ctlq_info, cq_list) {
+	LIST_FOR_EACH_ENTRY(ctlq, &hw->cq_list_head, struct idpf_ctlq_info, cq_list) {
 		if (ctlq->q_id == IDPF_CTLQ_ID &&
 		    ctlq->cq_type == IDPF_CTLQ_TYPE_MAILBOX_TX)
 			hw->asq = ctlq;
-- 
2.45.2

Previous message (by thread): [PATCH 4/6] crypto/openssl: fix 3DES-CTR with big endian CPUs
Next message (by thread): [PATCH 22.11] common/idpf: fix use after free in mailbox init
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list