lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Apr 2021 07:51:28 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Lv Yunlong <lyl2019@...l.ustc.edu.cn>
Cc:     selvin.xavier@...adcom.com, devesh.sharma@...adcom.com,
        somnath.kotur@...adcom.com, sriharsha.basavapatna@...adcom.com,
        nareshkumar.pbs@...adcom.com, dledford@...hat.com, jgg@...pe.ca,
        linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] RDMA/bnxt_re/qplib_res: Fix a double free in
 bnxt_qplib_alloc_res

On Mon, Apr 26, 2021 at 07:06:14AM -0700, Lv Yunlong wrote:
> In bnxt_qplib_alloc_res, it calls bnxt_qplib_alloc_dpi_tbl().
> Inside bnxt_qplib_alloc_dpi_tbl, dpit->dbr_bar_reg_iomem is freed via
> pci_iounmap() in unmap_io error branch. After the callee returns err code,
> bnxt_qplib_alloc_res calls bnxt_qplib_free_res()->bnxt_qplib_free_dpi_tbl()
> in fail branch. Then dpit->dbr_bar_reg_iomem is freed in the second time by
> pci_iounmap().
> 
> My patch set dpit->dbr_bar_reg_iomem to NULL after it is freed by pci_iounmap()
> in the first time, to avoid the double free.
> 
> Fixes: 1ac5a40479752 ("RDMA/bnxt_re: Add bnxt_re RoCE driver")
> Signed-off-by: Lv Yunlong <lyl2019@...l.ustc.edu.cn>
> ---
>  drivers/infiniband/hw/bnxt_re/qplib_res.c | 1 +
>  1 file changed, 1 insertion(+)
> 

Thanks,
Reviewed-by: Leon Romanovsky <leonro@...dia.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ