net/mlx5e: fix a potential double-free in fs_any_create_groups (!4331) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Kamal Heib requested to merge kheib/centos-stream-9:37093 into main May 27, 2024

JIRA: https://issues.redhat.com/browse/RHEL-37093
CVE: CVE-2023-52667

commit aef855df7e1bbd5aa4484851561211500b22707e
Author: Dinghao Liu dinghao.liu@zju.edu.cn
Date: Tue Nov 28 17:29:01 2023 +0800

net/mlx5e: fix a potential double-free in fs_any_create_groups  

When kcalloc() for ft->g succeeds but kvzalloc() for in fails,  
fs_any_create_groups() will free ft->g. However, its caller  
fs_any_create_table() will free ft->g again through calling  
mlx5e_destroy_flow_table(), which will lead to a double-free.  
Fix this by setting ft->g to NULL in fs_any_create_groups().  

Fixes: 0f575c20bf06 ("net/mlx5e: Introduce Flow Steering ANY API")  
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>  
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>  
Reviewed-by: Simon Horman <horms@kernel.org>  
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

Signed-off-by: Kamal Heib kheib@redhat.com

net/mlx5e: fix a potential double-free in fs_any_create_groups

Merge request reports