Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1261717ybl;
        Tue, 3 Dec 2019 04:28:34 -0800 (PST)
X-Google-Smtp-Source: APXvYqzrvdwFZecgwcaaBVFE1p+pQHpCN9bYTrTtq6wTSWEhP3OaBVFItnSlkYEu5/hqWnhM6E6x
X-Received: by 2002:a9d:7e8c:: with SMTP id m12mr2940905otp.346.1575376113829;
        Tue, 03 Dec 2019 04:28:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575376113; cv=none;
        d=google.com; s=arc-20160816;
        b=qg7sx/iKBVJJhAwpzNFPr2tzLwEbJoNt8pmLo/qz1LPFEyGt1rglDVrBQGS88I5GZa
         hEVit9OBHshM5DZoTev5ZhIZ3kj18ltPOoijYa+koFS2smTsuGjXddjfj82/SltxSq6o
         tdd+Ft1+OG/NhpNGC5e4wZcunLobgbjXBFWZwqZEVuxVprd5/CboEoX+X4RbbyxaGnkm
         JhnfKO43zweZ6vJg8KyIxUdFaFfbyJ1FqniDZt3ts2+h1etVtjIQCD8eulZyhingY5rX
         uRp+Pq9XsaEWAHiqad3xGwt5dJ/x0D6Yx+lbI6+l/PhV4vsA6xa2FufI2ugdKzXDeR0g
         sIrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=c6F4IrT8IVkzRPwR9sgi4YuUwzfnXuDFm2uhtEcogik=;
        b=DqX42sdEmM6S5BBbjZiURu6hJ6ZInei9m0FDCfDb4tWHidcX8ED8HSuoVjGRRlew2F
         l4lKZ06wL8xpjylocqFa1y3PgtDTjyD0BGDqWGUB3LoxntemzzG3k57TCdv5G1VRv0zg
         c3V++q2hrYclOxgBMvkWKV8hlmtOj8R0wdeKTGMmlycvH5RC0gt34+56t9l9fLsJCPTH
         3737hI4w6TbVfcdXBtQVj9R/smOSPkk/Zp6vnGXlUzol6ZV9pRUFVJLGJ6lmBZA//k/X
         qjXv+RuU7twE0hKdo/INiH7e4BfBNHELfQbUSJdsgmHqpRyLwXV8fHCQQaS+u9gnyzNZ
         ak5A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=DNCO7eSc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o21si1202366ote.320.2019.12.03.04.28.20;
        Tue, 03 Dec 2019 04:28:33 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=DNCO7eSc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726105AbfLCM1r (ORCPT <rfc822;tluu11sec@gmail.com> + 99 others);
        Tue, 3 Dec 2019 07:27:47 -0500
Received: from mail.kernel.org ([198.145.29.99]:50738 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725907AbfLCM1r (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Dec 2019 07:27:47 -0500
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 2B0A520684;
        Tue,  3 Dec 2019 12:27:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1575376066;
        bh=3P5USAcp0mKQWvyvt0d9zvEji4+zn7AmEjAHvZ5jy0g=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=DNCO7eScWmDjfnTQrODrhFR5I8C4DXW3CqkpLt56rYTP9+CWC+KQvWUFagjM/Xwq2
         ovJrHhkctL6Jqehif5CNDbNDboPzo+jYbx3gtsfQWzMy/kWQdKCyL077QZBYyiOva5
         jIJmdr4vu8KNOQAr2GAEZmlztbrDaAageBc33Onw=
Date:   Tue, 3 Dec 2019 13:27:44 +0100
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     Pavel Machek <pavel@denx.de>
Cc:     linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        Huazhong Tan <tanhuazhong@huawei.com>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 4.19 185/306] net: hns3: bugfix for buffer not free
 problem during resetting
Message-ID: <20191203122744.GB2131225@kroah.com>
References: <20191127203114.766709977@linuxfoundation.org>
 <20191127203128.798931840@linuxfoundation.org>
 <20191129110010.GA4313@amd>
 <20191129143108.GA3708972@kroah.com>
 <20191129222401.GA29788@amd>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20191129222401.GA29788@amd>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Nov 29, 2019 at 11:24:01PM +0100, Pavel Machek wrote:
> Hi!
> 
> > > > From: Huazhong Tan <tanhuazhong@huawei.com>
> > > > 
> > > > [ Upstream commit 73b907a083b8a8c1c62cb494bc9fbe6ae086c460 ]
> > > > 
> > > > When hns3_get_ring_config()/hns3_queue_to_ring()/
> > > > hns3_get_vector_ring_chain() failed during resetting, the allocated
> > > > memory has not been freed before these three functions return. So
> > > > this patch adds error handler in these functions to fix it.
> > > 
> > > Correct me if I'm wrong, but... this introduces use-after-free:
> > > Should it do devm_kfree(&pdev->dev, cur_chain); ?
> > 
> > I think Sasha tried to backport a fix for this patch, but that fix broke
> > the build :(
> > 
> > If you want to provide a working backport, I'll be glad to take it.
> 
> Actually it looks like problem originated in mainline, and there was
> more than one problem with this patch.
> 
> cda69d244585bc4497d3bb878c22fe2b6ad647c1 should fix it; it needs to be
> back-ported, too.

Yes, that is the one, can you provide a working backport for this?

thanks,

greg k-h