Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3722968rdh; Tue, 28 Nov 2023 01:55:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IEsm+VyPwQDqfEiOUcaOlNSVmG0kaP4VlEWwnVAz8JAdjXKrEBBve+6tynKESpKGZIT4b6u X-Received: by 2002:a17:903:454:b0:1ca:a07b:36d with SMTP id iw20-20020a170903045400b001caa07b036dmr14844741plb.48.1701165342170; Tue, 28 Nov 2023 01:55:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701165342; cv=none; d=google.com; s=arc-20160816; b=Q0ajgSeYCXMO7cRX0qz/wQ8ruYwu/129XZAO/zC9Qgo+4V3icOuusZphUv5+kI5Jmc VlKZP1cLXtlCYPbP9WayTyAlWx1rX3M03PTiOztusW1d4HFSuHd2YbOdi9T5arrJQjPL 2HjnzCnNsYrCwDH0Zwh3nXeGxAbBrZiS2pMCMz+kJz6GOssTsWw5LPzfJZHSkFIoZAtX 58YIYl94X9EwrzrMg5fiBQhxrLgNJOe89tQn25Ovm9RdDsSj/zSfrSUHBHfRgbJAbxMb ppEdPDk5d1mBQ6QZ7D39kILxiJ3oZyF9oop4oYwztCKmnRWA547I6FUHelxTjGEXW92+ F8rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=uNtK1TPISezcj213wu4/hg3WdfzJ6KpGq/90DAKkCkQ=; fh=X48S1B78xToH8zxrh9G2wGHXBTFDOCc90l8DXbA5BNo=; b=CE/7zThTXDmasOP/2gyugcWH9AwjYhSp+0SSSaA5glLbEI5M2abTOH01UDCwlvToQg murHGAHCMmEiY74YtSCXJogTD+nm9KlmVtL2VeSK0r3UJK4inpNY3O7rrmYiz7qfCZcQ 7izpwTq9rc/0wDu2wo1gQK8TIt9AK6vtiez+Jzsqz+3oSgxZjPkpoa+lpwlFHg+K17qz Q82pMAXvfkq9KazKTx0IxW3xHXjBOSC+QA8qOvevNoaoehAl01MicB6c7p43aFIwKi9J iDmlz5StCoZY/4NDWIRLTFl9wU1RPrZjJBuKGO7OyxyYN4xQk36XX0xy/wJB3xbXLgkP WbGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lk536cTw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id h10-20020a170902f54a00b001cfe52e0208si2479025plf.538.2023.11.28.01.55.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 01:55:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lk536cTw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 1D2478087F0C; Tue, 28 Nov 2023 01:55:22 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343872AbjK1JzI (ORCPT + 99 others); Tue, 28 Nov 2023 04:55:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230044AbjK1JzG (ORCPT ); Tue, 28 Nov 2023 04:55:06 -0500 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7899BA8; Tue, 28 Nov 2023 01:55:12 -0800 (PST) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-40b4a8db331so5910335e9.3; Tue, 28 Nov 2023 01:55:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701165311; x=1701770111; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=uNtK1TPISezcj213wu4/hg3WdfzJ6KpGq/90DAKkCkQ=; b=lk536cTwukYfEqlMjAgQH6keBmEZ0B2hnV6sFD7UGXt6qkswf/WOPlOqj+ZHtCPrNj uJumn1+Aq3oL36orwKZkFs4z4nYKFYnhfuG8HhXEsDs3gMcPrFhEghUHU+X6Lvlfb7ji h450oOQjxqAqGQBoQed2yEE0jd2Ict+RGdjsX8tMg5npgJt5i/g7ysTmp/uqu3bT3bAJ UNsXI2ksBCH0Rb6ajhB4PXymr4RMlJV5/2O+GHa4HcBMPrlGgLOpnDQRd6T7FuVlim06 3eiZ5ycdeYKa85PTSFwK5lURIfpMHPQ5VMBkblkPH/CBSw7iLXdgo2vTQKpOLCQjgJcA 6/XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701165311; x=1701770111; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uNtK1TPISezcj213wu4/hg3WdfzJ6KpGq/90DAKkCkQ=; b=NBLqhE9u0x37B15GtEgnUr/YkXyFsEolyR/CrtXFJBtG2oMv9m3/pF9zkrqNT/Qmrf Zmu2tQZu9bAV+s0B3PrRZsaFx3LOQG3Oh8HiRFYT95CtUxP6SBHV7S5B/3o1JPtfVnJ+ pgnUAbrDi17R9nTuUrZDsZMb+jWjsndci+3E9XImxxsGvv+abkS8zFvc2AXagV4eKX1K 78gq9VVViryZJbjrlBEmlHnB2NVZ8HTC08481V4ZZRHdqWMWpG5dtFSGDW2QArCyeHMM NyCeKrlaHOX85pNX4c3G79mrLp+OmQACttdLO6yU55sa+hQmvAm8latuxJEfgSax/hvQ 3rLQ== X-Gm-Message-State: AOJu0YznIF0hP5l19BqK+8IC+bzGX1azv7LqFwkZWHLAL084w210nWCy ANpOyo63fUYOPsc8JkMkPMk= X-Received: by 2002:a05:600c:474d:b0:40b:3802:6ef8 with SMTP id w13-20020a05600c474d00b0040b38026ef8mr10185277wmo.34.1701165310650; Tue, 28 Nov 2023 01:55:10 -0800 (PST) Received: from [172.27.56.182] ([193.47.165.251]) by smtp.gmail.com with ESMTPSA id p3-20020a1c7403000000b003feea62440bsm16482424wmc.43.2023.11.28.01.55.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Nov 2023 01:55:10 -0800 (PST) Message-ID: <89b8f461-84f9-4f43-bf16-308a72daa9f1@gmail.com> Date: Tue, 28 Nov 2023 11:55:07 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] [v2] net/mlx5e: fix a potential double-free in fs_udp_create_groups Content-Language: en-US To: Dinghao Liu Cc: Saeed Mahameed , Leon Romanovsky , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Zhengchao Shao , Simon Horman , Rahul Rameshbabu , Aya Levin , Tariq Toukan , netdev@vger.kernel.org, linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org, Tariq Toukan References: <20231128094055.5561-1-dinghao.liu@zju.edu.cn> From: Tariq Toukan In-Reply-To: <20231128094055.5561-1-dinghao.liu@zju.edu.cn> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 28 Nov 2023 01:55:22 -0800 (PST) On 28/11/2023 11:40, Dinghao Liu wrote: > When kcalloc() for ft->g succeeds but kvzalloc() for in fails, > fs_udp_create_groups() will free ft->g. However, its caller > fs_udp_create_table() will free ft->g again through calling > mlx5e_destroy_flow_table(), which will lead to a double-free. > Fix this by setting ft->g to NULL in fs_udp_create_groups(). > > Fixes: 1c80bd684388 ("net/mlx5e: Introduce Flow Steering UDP API") > Signed-off-by: Dinghao Liu > --- > > Changelog: > > v2: Setting ft->g to NULL instead of removing the kfree(). > --- > drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c b/drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c > index be83ad9db82a..e1283531e0b8 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c > @@ -154,6 +154,7 @@ static int fs_udp_create_groups(struct mlx5e_flow_table *ft, enum fs_udp_type ty > in = kvzalloc(inlen, GFP_KERNEL); > if (!in || !ft->g) { > kfree(ft->g); > + ft->g = NULL; > kvfree(in); > return -ENOMEM; > } Thanks for your patch. Reviewed-by: Tariq Toukan