Re: [PATCH net] net: sparx5: Fix use after free inside sparx5_del_mact_entry

From: Simon Horman
Date: Mon Mar 04 2024 - 10:50:40 EST

Next message: Bjorn Helgaas: "Re: [PATCH v3] driver core: Cancel scheduled pm_runtime_idle() on device removal"
Previous message: Jason-JH Lin (林睿祥): "Re: [RESEND, PATCH 5/5] mailbox: mtk-cmdq: Add support runtime get and set GCE event"
In reply to: Horatiu Vultur: "[PATCH net] net: sparx5: Fix use after free inside sparx5_del_mact_entry"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] net: sparx5: Fix use after free inside sparx5_del_mact_entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 01, 2024 at 09:06:08AM +0100, Horatiu Vultur wrote:
> Based on the static analyzis of the code it looks like when an entry
> from the MAC table was removed, the entry was still used after being
> freed. More precise the vid of the mac_entry was used after calling
> devm_kfree on the mac_entry.
> The fix consists in first using the vid of the mac_entry to delete the
> entry from the HW and after that to free it.
>
> Fixes: b37a1bae742f ("net: sparx5: add mactable support")
> Signed-off-by: Horatiu Vultur <horatiu.vultur@xxxxxxxxxxxxx>

Reviewed-by: Simon Horman <horms@xxxxxxxxxx>

Next message: Bjorn Helgaas: "Re: [PATCH v3] driver core: Cancel scheduled pm_runtime_idle() on device removal"
Previous message: Jason-JH Lin (林睿祥): "Re: [RESEND, PATCH 5/5] mailbox: mtk-cmdq: Add support runtime get and set GCE event"
In reply to: Horatiu Vultur: "[PATCH net] net: sparx5: Fix use after free inside sparx5_del_mact_entry"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] net: sparx5: Fix use after free inside sparx5_del_mact_entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]