| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Dec 2023 20:40:54 +0800 (GMT+08:00) From: dinghao.liu@....edu.cn To: "Jakub Kicinski" <kuba@...nel.org> Cc: "Ariel Elior" <aelior@...vell.com>, "Manish Chopra" <manishc@...vell.com>, "David S. Miller" <davem@...emloft.net>, "Eric Dumazet" <edumazet@...gle.com>, "Paolo Abeni" <pabeni@...hat.com>, "Yuval Mintz" <Yuval.Mintz@...gic.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] [v2] qed: Fix a potential use-after-free in qed_cxt_tables_alloc > On Thu, 7 Dec 2023 17:36:06 +0800 Dinghao Liu wrote: > > v2: -Change the bug type from double-free to use-after-free. > > -Move the null check against p_mngr->ilt_shadow to the beginning > > of the function qed_ilt_shadow_free(). > > -When kcalloc() fails in qed_ilt_shadow_alloc(), just return > > because there is nothing to free. > > This refactoring is not acceptable as part of a fix, sorry. > > > @@ -933,6 +936,7 @@ static void qed_ilt_shadow_free(struct qed_hwfn *p_hwfn) > > p_dma->virt_addr = NULL; > > } > > kfree(p_mngr->ilt_shadow); > > + p_hwfn->p_cxt_mngr->ilt_shadow = NULL; > > Why do you dereference p_hwfn here? > Seems more natural to use: > > p_mngr->ilt_shadow = NULL; > > since that's the exact pointer that was passed to free. > -- > pw-bot: cr I will resend a new patch to fix this, thanks! Regards, Dinghao
Powered by blists - more mailing lists