net/mlx5e: fix a double-free in arfs_create_groups (!4332) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Kamal Heib requested to merge kheib/centos-stream-9:36920 into main May 27, 2024

JIRA: https://issues.redhat.com/browse/RHEL-36922
CVE: CVE-2024-35835

commit 3c6d5189246f590e4e1f167991558bdb72a4738b
Author: Zhipeng Lu alexious@zju.edu.cn
Date: Wed Jan 17 15:17:36 2024 +0800

net/mlx5e: fix a double-free in arfs_create_groups  

When `in` allocated by kvzalloc fails, arfs_create_groups will free  
ft->g and return an error. However, arfs_create_table, the only caller of  
arfs_create_groups, will hold this error and call to  
mlx5e_destroy_flow_table, in which the ft->g will be freed again.  

Fixes: 1cabe6b0965e ("net/mlx5e: Create aRFS flow tables")  
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>  
Reviewed-by: Simon Horman <horms@kernel.org>  
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

Signed-off-by: Kamal Heib kheib@redhat.com

Edited May 28, 2024 by Kamal Heib

net/mlx5e: fix a double-free in arfs_create_groups

Merge request reports