[net 11/15] net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device

[pull request][net 00/15] mlx5 fixes 2023-05-22 · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 01/15] net/mlx5: Collect command failures data only for known commands · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
Re: [net 01/15] net/mlx5: Collect command failures data only for known commands · patchwork-bot+netdevbpf@kernel.org · 2023-05-24
[net 02/15] net/mlx5: Handle pairing of E-switch via uplink un/load APIs · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 03/15] net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 04/15] net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 05/15] net/mlx5e: Use correct encap attribute during invalidation · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 06/15] net/mlx5: Fix error message when failing to allocate device memory · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 07/15] net/mlx5e: Fix deadlock in tc route query code · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 08/15] net/mlx5e: Fix SQ wake logic in ptp napi_poll context · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 09/15] net/mlx5e: TC, Fix using eswitch mapping in nic mode · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 10/15] net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 11/15] net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 12/15] net/mlx5: Devcom, serialize devcom registration · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 13/15] net/mlx5: Free irqs only on shutdown callback · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 14/15] net/mlx5: Fix irq affinity management · Saeed Mahameed <saeed@kernel.org> · 2023-05-23
[net 15/15] net/mlx5: Fix indexing of mlx5_irq · Saeed Mahameed <saeed@kernel.org> · 2023-05-23

From: Saeed Mahameed <saeed@kernel.org>
Date: 2023-05-23 05:43:04
Subsystem: mellanox mlx5 core vpi driver, networking drivers, the rest · Maintainers: Saeed Mahameed, Leon Romanovsky, Tariq Toukan, Mark Bloch, Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

From: Shay Drory <redacted>

In case devcom allocation is failed, mlx5 is always freeing the priv.
However, this priv might have been allocated by a different thread,
and freeing it might lead to use-after-free bugs.
Fix it by freeing the priv only in case it was allocated by the
running thread.

Fixes: fadd59fc50d0 ("net/mlx5: Introduce inter-device communication mechanism")
Signed-off-by: Shay Drory <redacted>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/lib/devcom.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/devcom.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/devcom.c
index 070d55f13419..8f978491dd32 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/devcom.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/devcom.c

@@ -112,7 +112,8 @@ struct mlx5_devcom *mlx5_devcom_register_device(struct mlx5_core_dev *dev)
 	priv->devs[idx] = dev;
 	devcom = mlx5_devcom_alloc(priv, idx);
 	if (!devcom) {
-		kfree(priv);
+		if (new_priv)
+			kfree(priv);
 		return ERR_PTR(-ENOMEM);
 	}

-- 
2.40.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help