Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp39504imb; Thu, 28 Feb 2019 15:17:24 -0800 (PST) X-Google-Smtp-Source: APXvYqz5MdMvl9k39oDLDBKiweYqzL0v8dGgjl5H3fVqLrOlw+Do5uKvvu6X9e56dumcJoybVx+Q X-Received: by 2002:a63:1155:: with SMTP id 21mr1616338pgr.96.1551395844246; Thu, 28 Feb 2019 15:17:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551395844; cv=none; d=google.com; s=arc-20160816; b=JUvrNyxT/mQ8tisCwXvsvp/NKs+BeRTI3qQrD3BRkMSFlQN4zx2qEJU3QnjHr2hQEw O4W8KU+pF/rHNEwGcb5zlr06f3AtHVA3WjkUygij9boIf55dByf/E+e5+rj9fuMxkHa8 XqgVNn3Io5M9PiXt7yF1NMYc/TGplx9cUAKmnrfxWFRXm+VtLpq0bLEVShB5flj91BIp hTzOg4kGjY9XifjZ5DlQZ9MQ9s/QOx6Yv7LqkgyzbP1f/HVviFZk55LAVgusWXAydpA+ FL8FhB/MdkC5REGSR8vvl/Fvj0kD8Nuork7NrKDdVFUbOs87mM7Lg9uCfElW55njho/P 0yQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=dBjUfSi8SSZo6d+K8p+ydz6wylgoOcuYkbYeqOyEYQ8=; b=qjGtpZ+u09Y71MyXufkSKuIZ+YWGmaUDXFJ9sS77vxme5+RGVFyW+jQqPxX1+QoRMy hdkyFsYQCvtlDEMlKw5H4yrino8p9wmK1ZR7RzopaVYy1mYXsBOTLpgJFr91THd1TK1/ Mwed3Q71eD1AjNMcYD/P/H8mCcXOZLc/+bx3zmoJ9v978lg0Bx8+I6okvlnEDbLV8A76 +QBO4IoEdnFggFbddv+4gFSzrMLlPvSm310Cg2VUF21SivwU1eJdg4urSuy/1gwhMqbt 1TmxwK5uMrKCMKBq7mokLf6p9gtAcUtmx0Lsz0EE03af9fuDCrOahKBBzld4V/0SjGrY 5kHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j11si19479377plb.253.2019.02.28.15.17.08; Thu, 28 Feb 2019 15:17:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732231AbfB1W4j (ORCPT + 99 others); Thu, 28 Feb 2019 17:56:39 -0500 Received: from mail-pg1-f195.google.com ([209.85.215.195]:36955 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727717AbfB1W4j (ORCPT ); Thu, 28 Feb 2019 17:56:39 -0500 Received: by mail-pg1-f195.google.com with SMTP id q206so10433760pgq.4; Thu, 28 Feb 2019 14:56:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=dBjUfSi8SSZo6d+K8p+ydz6wylgoOcuYkbYeqOyEYQ8=; b=k9oOFP0zNCga8LT1H5qocz+lQVJ0N3+hsMr67zZlvguCtQXOh7Qw41HJ7fgMyl2CZE GG8+Itkv7Tx6B7XH/UOaJDgefdnGc9IGl6w8yvRE/5GH4xShOF79IPyfykTsxWqz3K9W zgXw5XNg6Hr7JeROhEBZZqVpWvdb/3f9T4LLfNbjixQckrb0PX0kTXIga4zbI+RFj6PL FwO3TJeMj9lk/9AMeOFh/Tpt+2mIMfl8Q8Z+2jbvBI/l5j/iwXQ7wUVw0xDW/w5Zv7vc Z4/F/gVCfdeO0/duTmzgegbiektGh1xs0D/gWY7UnsHEdbbxW4yMhaF2f+6a7iaUJPMG 2Qyw== X-Gm-Message-State: AHQUAuaJ9iJpOycXfG/sxex4ZCMOLDkaKjYRh1tdK6R6M4rNW7c+egKb B74eRRKYcVzfWrtBz2rzVdI= X-Received: by 2002:a62:1851:: with SMTP id 78mr2171973pfy.206.1551394598244; Thu, 28 Feb 2019 14:56:38 -0800 (PST) Received: from ?IPv6:2620:15c:2cd:203:5cdc:422c:7b28:ebb5? ([2620:15c:2cd:203:5cdc:422c:7b28:ebb5]) by smtp.gmail.com with ESMTPSA id j197sm34164773pgc.76.2019.02.28.14.56.37 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 28 Feb 2019 14:56:37 -0800 (PST) Message-ID: <1551394596.31902.209.camel@acm.org> Subject: Re: [PATCH] cxgb4: fix undefined behavior in mem.c From: Bart Van Assche To: Shaobo He , linux-rdma@vger.kernel.org Cc: Steve Wise , Doug Ledford , Jason Gunthorpe , open list Date: Thu, 28 Feb 2019 14:56:36 -0800 In-Reply-To: <1551393519-96595-1-git-send-email-shaobo@cs.utah.edu> References: <1551393519-96595-1-git-send-email-shaobo@cs.utah.edu> Content-Type: text/plain; charset="UTF-7" X-Mailer: Evolution 3.26.2-1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2019-02-28 at 15:38 -0700, Shaobo He wrote: +AD4 In function +AGA-c4iw+AF8-dealloc+AF8-mw+AGA, variable mhp's value is printed after +AD4 freed, which triggers undefined behavior according to this post: +AD4 https://trust-in-soft.com/dangling-pointer-indeterminate/. +AD4 +AD4 This commit fixes it by swapping the order of +AGA-kfree+AGA and +AGA-pr+AF8-debug+AGA. +AD4 +AD4 Signed-off-by: Shaobo He +ADw-shaobo+AEA-cs.utah.edu+AD4 +AD4 --- +AD4 drivers/infiniband/hw/cxgb4/mem.c +AHw 2 +-- +AD4 1 file changed, 1 insertion(+-), 1 deletion(-) +AD4 +AD4 diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c +AD4 index 7b76e6f..bb8e0bc 100644 +AD4 --- a/drivers/infiniband/hw/cxgb4/mem.c +AD4 +-+-+- b/drivers/infiniband/hw/cxgb4/mem.c +AD4 +AEAAQA -684,8 +-684,8 +AEAAQA int c4iw+AF8-dealloc+AF8-mw(struct ib+AF8-mw +ACo-mw) +AD4 mhp-+AD4-wr+AF8-waitp)+ADs +AD4 kfree+AF8-skb(mhp-+AD4-dereg+AF8-skb)+ADs +AD4 c4iw+AF8-put+AF8-wr+AF8-wait(mhp-+AD4-wr+AF8-waitp)+ADs +AD4 - kfree(mhp)+ADs +AD4 pr+AF8-debug(+ACI-ib+AF8-mw +ACU-p mmid 0x+ACU-x ptr +ACU-p+AFw-n+ACI, mw, mmid, mhp)+ADs +AD4 +- kfree(mhp)+ADs +AD4 return 0+ADs +AD4 +AH0 Please quote the relevant paragraphs from the C standard. All I have found about free() in ISO/IEC 9899:2017 is the following: Description The free function causes the space pointed to by ptr to be deallocated, that is, made available for further allocation. If ptr is a null pointer, no action occurs. Otherwise, if the argument does not match a pointer earlier returned by a memory management function, or if the space has been deallocated by a call to free or realloc, the behavior is undefined. That is not sufficient to claim that the above code triggers undefined behavior. Bart.