releases/5.1.7/net-mlx5-avoid-double-free-in-fs-init-error-unwinding-path.patch

   1 From foo@baz Fri 31 May 2019 03:16:39 PM PDT
   2 From: Parav Pandit <parav@mellanox.com>
   3 Date: Fri, 10 May 2019 10:26:23 -0500
   4 Subject: net/mlx5: Avoid double free in fs init error unwinding path
   5
   6 From: Parav Pandit <parav@mellanox.com>
   7
   8 [ Upstream commit 9414277a5df3669c67e818708c0f881597e0118e ]
   9
  10 In below code flow, for ingress acl table root ns memory leads
  11 to double free.
  12
  13 mlx5_init_fs
  14   init_ingress_acls_root_ns()
  15     init_ingress_acl_root_ns
  16        kfree(steering->esw_ingress_root_ns);
  17        /* steering->esw_ingress_root_ns is not marked NULL */
  18   mlx5_cleanup_fs
  19     cleanup_ingress_acls_root_ns
  20        steering->esw_ingress_root_ns non NULL check passes.
  21        kfree(steering->esw_ingress_root_ns);
  22        /* double free */
  23
  24 Similar issue exist for other tables.
  25
  26 Hence zero out the pointers to not process the table again.
  27
  28 Fixes: 9b93ab981e3bf ("net/mlx5: Separate ingress/egress namespaces for each vport")
  29 Fixes: 40c3eebb49e51 ("net/mlx5: Add support in RDMA RX steering")
  30 Signed-off-by: Parav Pandit <parav@mellanox.com>
  31 Reviewed-by: Mark Bloch <markb@mellanox.com>
  32 Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
  33 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  34 ---
  35  drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |    4 ++++
  36  1 file changed, 4 insertions(+)
  37
  38 --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
  39 +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
  40 @@ -2429,6 +2429,7 @@ static void cleanup_egress_acls_root_ns(
  41                 cleanup_root_ns(steering->esw_egress_root_ns[i]);
  42
  43         kfree(steering->esw_egress_root_ns);
  44 +       steering->esw_egress_root_ns = NULL;
  45  }
  46
  47  static void cleanup_ingress_acls_root_ns(struct mlx5_core_dev *dev)
  48 @@ -2443,6 +2444,7 @@ static void cleanup_ingress_acls_root_ns
  49                 cleanup_root_ns(steering->esw_ingress_root_ns[i]);
  50
  51         kfree(steering->esw_ingress_root_ns);
  52 +       steering->esw_ingress_root_ns = NULL;
  53  }
  54
  55  void mlx5_cleanup_fs(struct mlx5_core_dev *dev)
  56 @@ -2611,6 +2613,7 @@ cleanup_root_ns:
  57         for (i--; i >= 0; i--)
  58                 cleanup_root_ns(steering->esw_egress_root_ns[i]);
  59         kfree(steering->esw_egress_root_ns);
  60 +       steering->esw_egress_root_ns = NULL;
  61         return err;
  62  }
  63
  64 @@ -2638,6 +2641,7 @@ cleanup_root_ns:
  65         for (i--; i >= 0; i--)
  66                 cleanup_root_ns(steering->esw_ingress_root_ns[i]);
  67         kfree(steering->esw_ingress_root_ns);
  68 +       steering->esw_ingress_root_ns = NULL;
  69         return err;
  70  }
  71