Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4753216pxj;
        Wed, 12 May 2021 12:26:45 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzqtWaAegoEzRV3SeYcxBui+kvc4mnuxd7ltnB74EqSh8Sol/VWTx4bu/PRT75o+DYRLkFo
X-Received: by 2002:aca:2b16:: with SMTP id i22mr56144oik.162.1620847605673;
        Wed, 12 May 2021 12:26:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620847605; cv=none;
        d=google.com; s=arc-20160816;
        b=mu1nSuVhO4dE5mbGOVLvfwps/1TZ4jpiDysPWVOw84VR+LbA3yT851j1ms/WdfETn4
         EW/O8ePz0yoeuR4xR4gv2me6JIhTXC5qG/5L5e3PMiYCOvLVY9cvr2XSR7DW/Iq5MXqy
         60kuREL6Vc62QqsfhCMmUctog9dqIJ+VW+OVTw7PA2Dv0uPJKzdddlJdBObzrvbqs8vz
         3/AgNSELKgcmolrTizYBuFQf6rpZTUye7xxRq27CTgpAmH3QA4T7BS6wc19wCzMWP7k/
         +PNOHlaQOx5TrbsStnku0UeVkT2GM8IWdX870Sesgt99Je01XFQVqCWjvnAGj8KbyxqD
         TAiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=lMN9wmPFWUalDT72wxqHsYmgbkGDhrYiLCuabfrDJ6k=;
        b=Km9JjXr12OF/moK7T8eu9MhMgnyWofWYVJHCodWulmzqO5ytI5EOv6mTRjD65ghGCl
         79FI76BAdslYPSznClmuPoyDm0oqKHeRAP5JS0q98DW7y4AXKDgQ9Oi4x+iD4HK8sorT
         9JkKm1DpEdUF4gxh/mRie2p0yKe60x3B1hzpdHZnUIG0SC70XE1sn8hbuOmpLAhcIDJY
         ZYU4GIBpf1IdkQ9Xb+z2YH6wHN4FvqaCthuk/jyuPK3HPqRZtVRh2dM/aUqZC84eskgD
         ikdCcMKMIhQZc1bPnldaXuWFl7OtJMhyUh92IR9rftkUOYLYny3Y7esKYOHbeatq2XFa
         yrtQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ttcukZIy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x15si856993oiv.146.2021.05.12.12.26.32;
        Wed, 12 May 2021 12:26:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ttcukZIy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1379401AbhELTTn (ORCPT <rfc822;lkmlinbox@gmail.com> + 99 others);
        Wed, 12 May 2021 15:19:43 -0400
Received: from mail.kernel.org ([198.145.29.99]:48032 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S244549AbhELQut (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 May 2021 12:50:49 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id EE3AD61C7F;
        Wed, 12 May 2021 16:16:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1620836211;
        bh=Wz1vQYGjMtqr2LWXbeUWRRYsqD4GG77I2JGVxe91OnU=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ttcukZIyYsUUUBC3p3CCRvkRqUJml58whoqaIQea/XwEhBQWnGIp5vHEWwZJ/gJqX
         6vuerSJbX56o0vNHxShRL2rbSx1dkr+sHrqyw7DMWFr43j4xc/H31FcLkdVapPa+Bt
         L5181PavTtWp6+q0JMdgZZse4mLosk9CrPVahyqg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Lv Yunlong <lyl2019@mail.ustc.edu.cn>,
        Leon Romanovsky <leonro@nvidia.com>,
        Devesh Sharma <devesh.sharma@broadcom.com>,
        Jason Gunthorpe <jgg@nvidia.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.12 656/677] RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
Date:   Wed, 12 May 2021 16:51:42 +0200
Message-Id: <20210512144859.160826630@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210512144837.204217980@linuxfoundation.org>
References: <20210512144837.204217980@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>

[ Upstream commit 34b39efa5ae82fc0ad0acc27653c12a56328dbbe ]

In bnxt_qplib_alloc_res, it calls bnxt_qplib_alloc_dpi_tbl().  Inside
bnxt_qplib_alloc_dpi_tbl, dpit->dbr_bar_reg_iomem is freed via
pci_iounmap() in unmap_io error branch. After the callee returns err code,
bnxt_qplib_alloc_res calls
bnxt_qplib_free_res()->bnxt_qplib_free_dpi_tbl() in the fail branch. Then
dpit->dbr_bar_reg_iomem is freed in the second time by pci_iounmap().

My patch set dpit->dbr_bar_reg_iomem to NULL after it is freed by
pci_iounmap() in the first time, to avoid the double free.

Fixes: 1ac5a4047975 ("RDMA/bnxt_re: Add bnxt_re RoCE driver")
Link: https://lore.kernel.org/r/20210426140614.6722-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/hw/bnxt_re/qplib_res.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/infiniband/hw/bnxt_re/qplib_res.c b/drivers/infiniband/hw/bnxt_re/qplib_res.c
index fa7878336100..3ca47004b752 100644
--- a/drivers/infiniband/hw/bnxt_re/qplib_res.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_res.c
@@ -854,6 +854,7 @@ static int bnxt_qplib_alloc_dpi_tbl(struct bnxt_qplib_res     *res,
 
 unmap_io:
 	pci_iounmap(res->pdev, dpit->dbr_bar_reg_iomem);
+	dpit->dbr_bar_reg_iomem = NULL;
 	return -ENOMEM;
 }
 
-- 
2.30.2