Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3524524pxf; Mon, 22 Mar 2021 08:23:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJynflcUJhEEThakIWhdK0weK8r1ZkTrne+ssJlTbjC38s9sR3j6KG0QTkwuSCsZ7LR0WdKS X-Received: by 2002:a17:906:d291:: with SMTP id ay17mr312127ejb.308.1616426595164; Mon, 22 Mar 2021 08:23:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616426595; cv=none; d=google.com; s=arc-20160816; b=RLTTOzkXsHybqv8rxp/UlFUPe1KeGKchi9mzF69WuJikg6xUY3s+NbYga41dbdwfes EcoUhe7nAy0Ao+EriS6yO9sYgsIjCYneDlSI+AVBBxu7ZcoMxr5er+qArEG8dlXVxaVl gFjjrR9qbOaDQCuBEjGrSPDdGbHik1x1d6k3JQlfMZaDI34ZS6GCOpm5SwzjxcJHSUM0 f0Osrpvfo9cDNnyjjtmgaq0t22T8IzrErgi95xeD1ZhIxh4ANEnPrl7VVODeCOyX2w0B YBY5DIgLJFs9eRY6WM8xE3WL7WvuykSKL59ITb/uIypP3lqmzSI92HffWrIUZ2WGbuZF 8SLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:mime-version :content-transfer-encoding:subject:cc:to:from:date:dkim-signature; bh=M/guEIufcLH5UC0PBcvJKM9kuq1NcvG3o6LyL50MkJg=; b=NCtv+aCHsADwuSC28uyg0GaHTZwk+uGwkJL2XNhbFFhhW/e1Q5HiWRFzF2vDQPxKaN 53qJzA6yv/7xLyDtl3cLLLq2OFgHEICoCKinAb+uolW+gkV7aRaohfBHh5lbw85ifipa Kmns5hsIgeV4RbDBZ7Zfv5IGFrTYP8sKnecuoKZADBF+6v5CZ4wvwByDA0rckim3UVZR L8G2hUwQTqEFsfnjWqIcL913tfoebkrDJl4+xNeweSklIpAuOQy7LCczVp3BdkdA1O4o 157/QSr96C4ssLDIbWdrR0pENpWrPI62UFmcTevWTZP/qX2efrdDkx2Jn+jW8D3a+OrO YTtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mail.ustc.edu.cn header.s=dkim header.b=I1ikYb8N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mail.ustc.edu.cn Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gs18si11663844ejb.648.2021.03.22.08.22.52; Mon, 22 Mar 2021 08:23:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mail.ustc.edu.cn header.s=dkim header.b=I1ikYb8N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mail.ustc.edu.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231743AbhCVPTk (ORCPT + 99 others); Mon, 22 Mar 2021 11:19:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230478AbhCVPTd (ORCPT ); Mon, 22 Mar 2021 11:19:33 -0400 Received: from ustc.edu.cn (email6.ustc.edu.cn [IPv6:2001:da8:d800::8]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C3CE1C061574; Mon, 22 Mar 2021 08:19:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.ustc.edu.cn; s=dkim; h=Received:Date:From:To:Cc:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID; bh=M/guEIufcLH5UC0PBcvJKM9kuq1NcvG3o6LyL50MkJg=; b=I1ikYb8N7F6qS 1FW0UYCCekk0dy2PNYJsSn8ff94dJLMUY56svsXmvYlisOKcGStRksxlNjIlR0Hz 42H5nDClHVST63eimi06A3YzQJYK+u5j36apcZI4sbZw6NgcG5cr4GKxZo0M3fMX lL4JP8J2oOmM6zpFsk5sS73LUkAut8= Received: by ajax-webmail-newmailweb.ustc.edu.cn (Coremail) ; Mon, 22 Mar 2021 23:19:07 +0800 (GMT+08:00) X-Originating-IP: [202.38.69.14] Date: Mon, 22 Mar 2021 23:19:07 +0800 (GMT+08:00) X-CM-HeaderCharset: UTF-8 From: lyl2019@mail.ustc.edu.cn To: shshaikh@marvell.com, manishc@marvell.com, GR-Linux-NIC-Dev@marvell.com, davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Bug] qlogic/qlcnic: Report a potential use after free in qlcnic_probe X-Priority: 3 X-Mailer: Coremail Webmail Server Version XT3.0.8 dev build 20190610(cb3344cf) Copyright (c) 2002-2021 www.mailtech.cn ustc-xl X-SendMailWithSms: false Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=UTF-8 MIME-Version: 1.0 Message-ID: <2c78e078.b81d.1785a84ab33.Coremail.lyl2019@mail.ustc.edu.cn> X-Coremail-Locale: zh_CN X-CM-TRANSID: LkAmygBXXkprtVhg4HQOAA--.2W X-CM-SenderInfo: ho1ojiyrz6zt1loo32lwfovvfxof0/1tbiAQsIBlQhn5UKXQAAss X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VWxJw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU= Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, my static analyzer tool reported a potential uaf in qlcnic_probe. The problem file is drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c in Linux Kernel-5.12-rc2. In funtion qlcnic_probe around line 2623, it calls qlcnic_dcb_enable() to enable adapter->dcb. But the adapter->dcb could be freed inside this callee when qlcnic_dcb_attach(dcb) return non-zero. Later the adapter->dcb is used by qlcnic_dcb_get_info(adapter->dcb) and could cause a use after free. Thanks for your time.