Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1261717ybl; Tue, 3 Dec 2019 04:28:34 -0800 (PST) X-Google-Smtp-Source: APXvYqzrvdwFZecgwcaaBVFE1p+pQHpCN9bYTrTtq6wTSWEhP3OaBVFItnSlkYEu5/hqWnhM6E6x X-Received: by 2002:a9d:7e8c:: with SMTP id m12mr2940905otp.346.1575376113829; Tue, 03 Dec 2019 04:28:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575376113; cv=none; d=google.com; s=arc-20160816; b=qg7sx/iKBVJJhAwpzNFPr2tzLwEbJoNt8pmLo/qz1LPFEyGt1rglDVrBQGS88I5GZa hEVit9OBHshM5DZoTev5ZhIZ3kj18ltPOoijYa+koFS2smTsuGjXddjfj82/SltxSq6o tdd+Ft1+OG/NhpNGC5e4wZcunLobgbjXBFWZwqZEVuxVprd5/CboEoX+X4RbbyxaGnkm JhnfKO43zweZ6vJg8KyIxUdFaFfbyJ1FqniDZt3ts2+h1etVtjIQCD8eulZyhingY5rX uRp+Pq9XsaEWAHiqad3xGwt5dJ/x0D6Yx+lbI6+l/PhV4vsA6xa2FufI2ugdKzXDeR0g sIrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=c6F4IrT8IVkzRPwR9sgi4YuUwzfnXuDFm2uhtEcogik=; b=DqX42sdEmM6S5BBbjZiURu6hJ6ZInei9m0FDCfDb4tWHidcX8ED8HSuoVjGRRlew2F l4lKZ06wL8xpjylocqFa1y3PgtDTjyD0BGDqWGUB3LoxntemzzG3k57TCdv5G1VRv0zg c3V++q2hrYclOxgBMvkWKV8hlmtOj8R0wdeKTGMmlycvH5RC0gt34+56t9l9fLsJCPTH 3737hI4w6TbVfcdXBtQVj9R/smOSPkk/Zp6vnGXlUzol6ZV9pRUFVJLGJ6lmBZA//k/X qjXv+RuU7twE0hKdo/INiH7e4BfBNHELfQbUSJdsgmHqpRyLwXV8fHCQQaS+u9gnyzNZ ak5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DNCO7eSc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o21si1202366ote.320.2019.12.03.04.28.20; Tue, 03 Dec 2019 04:28:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DNCO7eSc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726105AbfLCM1r (ORCPT + 99 others); Tue, 3 Dec 2019 07:27:47 -0500 Received: from mail.kernel.org ([198.145.29.99]:50738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725907AbfLCM1r (ORCPT ); Tue, 3 Dec 2019 07:27:47 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2B0A520684; Tue, 3 Dec 2019 12:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575376066; bh=3P5USAcp0mKQWvyvt0d9zvEji4+zn7AmEjAHvZ5jy0g=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DNCO7eScWmDjfnTQrODrhFR5I8C4DXW3CqkpLt56rYTP9+CWC+KQvWUFagjM/Xwq2 ovJrHhkctL6Jqehif5CNDbNDboPzo+jYbx3gtsfQWzMy/kWQdKCyL077QZBYyiOva5 jIJmdr4vu8KNOQAr2GAEZmlztbrDaAageBc33Onw= Date: Tue, 3 Dec 2019 13:27:44 +0100 From: Greg Kroah-Hartman To: Pavel Machek Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Huazhong Tan , "David S. Miller" , Sasha Levin Subject: Re: [PATCH 4.19 185/306] net: hns3: bugfix for buffer not free problem during resetting Message-ID: <20191203122744.GB2131225@kroah.com> References: <20191127203114.766709977@linuxfoundation.org> <20191127203128.798931840@linuxfoundation.org> <20191129110010.GA4313@amd> <20191129143108.GA3708972@kroah.com> <20191129222401.GA29788@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191129222401.GA29788@amd> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 29, 2019 at 11:24:01PM +0100, Pavel Machek wrote: > Hi! > > > > > From: Huazhong Tan > > > > > > > > [ Upstream commit 73b907a083b8a8c1c62cb494bc9fbe6ae086c460 ] > > > > > > > > When hns3_get_ring_config()/hns3_queue_to_ring()/ > > > > hns3_get_vector_ring_chain() failed during resetting, the allocated > > > > memory has not been freed before these three functions return. So > > > > this patch adds error handler in these functions to fix it. > > > > > > Correct me if I'm wrong, but... this introduces use-after-free: > > > Should it do devm_kfree(&pdev->dev, cur_chain); ? > > > > I think Sasha tried to backport a fix for this patch, but that fix broke > > the build :( > > > > If you want to provide a working backport, I'll be glad to take it. > > Actually it looks like problem originated in mainline, and there was > more than one problem with this patch. > > cda69d244585bc4497d3bb878c22fe2b6ad647c1 should fix it; it needs to be > back-ported, too. Yes, that is the one, can you provide a working backport for this? thanks, greg k-h