Re: [PATCH v2] net/mlx5: Fix use-after-free
From: "Gustavo A. R. Silva" Date: Thu, 22 Mar 2018 13:44:56 -0500 > _rule_ is being freed and then dereferenced by accessing rule->ctx > > Fix this by copying the value returned by PTR_ERR(rule->ctx) into a local > variable for its safe use after freeing _rule_ > > Addresses-Coverity-ID: 1466041 ("Read from pointer after free") > Fixes: 05564d0ae075 ("net/mlx5: Add flow-steering commands for FPGA IPSec > implementation") > Reviewed-by: Yuval Shaia > Signed-off-by: Gustavo A. R. Silva > --- > Changes in v2: > - Use a short subject prefix as suggested by Yuval Shaia. > - Add Yuval's Reviewed-by. Applied to net-next. Thank you.
Re: [PATCH v2] net/mlx5: Fix use-after-free
On Thu, 2018-03-22 at 13:44 -0500, Gustavo A. R. Silva wrote: > _rule_ is being freed and then dereferenced by accessing rule->ctx > > Fix this by copying the value returned by PTR_ERR(rule->ctx) into a > local > variable for its safe use after freeing _rule_ > > Addresses-Coverity-ID: 1466041 ("Read from pointer after free") > Fixes: 05564d0ae075 ("net/mlx5: Add flow-steering commands for FPGA > IPSec implementation") > Reviewed-by: Yuval Shaia > Signed-off-by: Gustavo A. R. Silva Acked-by: Saeed Mahameed > --- > Changes in v2: > - Use a short subject prefix as suggested by Yuval Shaia. > - Add Yuval's Reviewed-by. > > drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c > b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c > index 4f15685..0f5da49 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c > @@ -1061,8 +1061,9 @@ static int fpga_ipsec_fs_create_fte(struct > mlx5_core_dev *dev, > > rule->ctx = mlx5_fpga_ipsec_fs_create_sa_ctx(dev, fte, > is_egress); > if (IS_ERR(rule->ctx)) { > + int err = PTR_ERR(rule->ctx); > kfree(rule); > - return PTR_ERR(rule->ctx); > + return err; > } > > rule->fte = fte;
[PATCH v2] net/mlx5: Fix use-after-free
_rule_ is being freed and then dereferenced by accessing rule->ctx Fix this by copying the value returned by PTR_ERR(rule->ctx) into a local variable for its safe use after freeing _rule_ Addresses-Coverity-ID: 1466041 ("Read from pointer after free") Fixes: 05564d0ae075 ("net/mlx5: Add flow-steering commands for FPGA IPSec implementation") Reviewed-by: Yuval Shaia Signed-off-by: Gustavo A. R. Silva --- Changes in v2: - Use a short subject prefix as suggested by Yuval Shaia. - Add Yuval's Reviewed-by. drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c index 4f15685..0f5da49 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c @@ -1061,8 +1061,9 @@ static int fpga_ipsec_fs_create_fte(struct mlx5_core_dev *dev, rule->ctx = mlx5_fpga_ipsec_fs_create_sa_ctx(dev, fte, is_egress); if (IS_ERR(rule->ctx)) { + int err = PTR_ERR(rule->ctx); kfree(rule); - return PTR_ERR(rule->ctx); + return err; } rule->fte = fte; -- 2.7.4