Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp8658462ybc; Fri, 29 Nov 2019 14:26:20 -0800 (PST) X-Google-Smtp-Source: APXvYqz+2znT3L3ZQeORUxYvv2LiZQEA4CvGhEZUOJ4h6jJBQHcX7KelnVRG9r2YK+ehWFC251cm X-Received: by 2002:a17:906:2505:: with SMTP id i5mr64493600ejb.18.1575066380199; Fri, 29 Nov 2019 14:26:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575066380; cv=none; d=google.com; s=arc-20160816; b=soGD/gk1kIJ4ex3fqqzh5yr8huRhs1o60A3ayhuikrGYxn1tT+f/nlnKzV87a+EyrQ 9jdBNSPdxpSRD+78h/J1xIZfcsV44Z8ZGwUoz8BH+7nlK3JQT3TtaXmHX1nXXAGxB3M9 2ppTR0C2gg63y/5S9CgDT23nZLRXKL7OFAT9nGOdWaynEeoOOAeI5SPhQHzzN6CHJLmD oF9TpBJeO+vU6AtWKF1LEuaKy3+VQRemDfkhNV9dGvKhWY8CN4hOjQm5vtSndeVKw1M8 sMXel6LB6SDVxFGZtENMrri1H4WH6yFkG8Y85SWkLazl74w0d2ZL2iiq8ayKpjvBhZA8 nwWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=rRtoRbaSqC0x3gp8LQlYHLAPMnQdJfVeLlMzEIfkZHs=; b=xx4PIffpCy9hLMqdT2GYaYBcCJyVpMBCFXUiTMjYrDirhoiNuxuQvZTWENDyJ/GD3k vQzfe9Pgr0RnrdOmBQsjx4Hb7GeFHSR4e01fH4+t/YGsYt4LHc4XwezTTcdUC/VQxRrw V17gscwZl7BYidnDEcW94Wv+eaUN86juEkK5iHq2/Hpy4hd1MOadE/n8FNiXE9/RzIU0 mgizb1X+uw9XQemP6t1S2Plv+akS94keHMYwwZfUPOgcxufVNdUUFtnj1mh8ViMvYyNj k0jvKRhN2EG/qhcii7MIw0N37+oFVaQxse8Go5ahAxw68N4uzAo1ilAa6cLGeDEPhvJJ /lPQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9si15393448ejn.147.2019.11.29.14.25.56; Fri, 29 Nov 2019 14:26:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387395AbfK2WYE (ORCPT + 99 others); Fri, 29 Nov 2019 17:24:04 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:33876 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727073AbfK2WYE (ORCPT ); Fri, 29 Nov 2019 17:24:04 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 583241C24D4; Fri, 29 Nov 2019 23:24:02 +0100 (CET) Date: Fri, 29 Nov 2019 23:24:01 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: Pavel Machek , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Huazhong Tan , "David S. Miller" , Sasha Levin Subject: Re: [PATCH 4.19 185/306] net: hns3: bugfix for buffer not free problem during resetting Message-ID: <20191129222401.GA29788@amd> References: <20191127203114.766709977@linuxfoundation.org> <20191127203128.798931840@linuxfoundation.org> <20191129110010.GA4313@amd> <20191129143108.GA3708972@kroah.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j" Content-Disposition: inline In-Reply-To: <20191129143108.GA3708972@kroah.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --nFreZHaLTZJo0R7j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > > > From: Huazhong Tan > > >=20 > > > [ Upstream commit 73b907a083b8a8c1c62cb494bc9fbe6ae086c460 ] > > >=20 > > > When hns3_get_ring_config()/hns3_queue_to_ring()/ > > > hns3_get_vector_ring_chain() failed during resetting, the allocated > > > memory has not been freed before these three functions return. So > > > this patch adds error handler in these functions to fix it. > >=20 > > Correct me if I'm wrong, but... this introduces use-after-free: > > Should it do devm_kfree(&pdev->dev, cur_chain); ? >=20 > I think Sasha tried to backport a fix for this patch, but that fix broke > the build :( >=20 > If you want to provide a working backport, I'll be glad to take it. Actually it looks like problem originated in mainline, and there was more than one problem with this patch. cda69d244585bc4497d3bb878c22fe2b6ad647c1 should fix it; it needs to be back-ported, too. Best regards, Pavel =09 --=20 DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl3hmoEACgkQMOfwapXb+vJv5gCfd6CimahNgIuEDhSzw0ZWZyCO crkAnRl/MyQICWG8uNdj5c/qXiS6pV+m =SJcZ -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j--