Re: [PATCH] [v2] qed: Fix a potential use-after-free in qed_cxt_tables_alloc

From: Jakub Kicinski
Date: Fri Dec 08 2023 - 19:00:04 EST

Next message: Paul E. McKenney: "Re: nolibc changes for 6.8"
Previous message: Chris Li: "Re: [PATCH v6] zswap: memcontrol: implement zswap writeback disabling"
Next in thread: dinghao . liu: "Re: [PATCH] [v2] qed: Fix a potential use-after-free in qed_cxt_tables_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 7 Dec 2023 17:36:06 +0800 Dinghao Liu wrote:
> v2: -Change the bug type from double-free to use-after-free.
> -Move the null check against p_mngr->ilt_shadow to the beginning
> of the function qed_ilt_shadow_free().
> -When kcalloc() fails in qed_ilt_shadow_alloc(), just return
> because there is nothing to free.

This refactoring is not acceptable as part of a fix, sorry.

> @@ -933,6 +936,7 @@ static void qed_ilt_shadow_free(struct qed_hwfn *p_hwfn)
> p_dma->virt_addr = NULL;
> }
> kfree(p_mngr->ilt_shadow);
> + p_hwfn->p_cxt_mngr->ilt_shadow = NULL;

Why do you dereference p_hwfn here?
Seems more natural to use:

p_mngr->ilt_shadow = NULL;

since that's the exact pointer that was passed to free.
--
pw-bot: cr

Next message: Paul E. McKenney: "Re: nolibc changes for 6.8"
Previous message: Chris Li: "Re: [PATCH v6] zswap: memcontrol: implement zswap writeback disabling"
Next in thread: dinghao . liu: "Re: [PATCH] [v2] qed: Fix a potential use-after-free in qed_cxt_tables_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]