Hi, > -----Original Message----- > From: Dariusz Sosnowski <[email protected]> > Sent: Thursday, November 9, 2023 7:58 PM > To: Matan Azrad <[email protected]>; Slava Ovsiienko > <[email protected]>; Ori Kam <[email protected]>; Suanming Mou > <[email protected]>; Xueming(Steven) Li <[email protected]> > Cc: [email protected]; Raslan Darawsheh <[email protected]>; > [email protected] > Subject: [PATCH] net/mlx5: fix use after free on Rx queue start > > If RX queue is not started yet, then a mlx5_rxq_obj struct used for storing HW > queue objects will be allocated and added to the list held in port's private > data > structure. > After that allocation, Rx queue HW object configuration is done. > If that configuration failed, then mlx5_rxq_obj struct is freed, but not > removed > from the list. This causes an use after free bug, during error handling in > mlx5_rxq_start(), where this deallocated struct was accessed during list > cleanup. > > This patch fixes that by inserting mlx5_rxq_obj struct to the list only after > HW > queue object configuration succeeded. > > Fixes: 09c2555303be ("net/mlx5: support shared Rx queue") > Cc: [email protected] > Cc: [email protected] > > Signed-off-by: Dariusz Sosnowski <[email protected]> > Acked-by: Viacheslav Ovsiienko <[email protected]>
Patch applied to next-net-mlx, Kindest regards, Raslan Darawsheh
