From patchwork Mon May 15 06:40:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raju Rangoju X-Patchwork-Id: 9726159 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0E74F60380 for ; Mon, 15 May 2017 06:40:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EFD622895B for ; Mon, 15 May 2017 06:40:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E288228962; Mon, 15 May 2017 06:40:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B5AD02895B for ; Mon, 15 May 2017 06:40:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759487AbdEOGko (ORCPT ); Mon, 15 May 2017 02:40:44 -0400 Received: from mail-by2nam01on0127.outbound.protection.outlook.com ([104.47.34.127]:13630 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1759481AbdEOGkn (ORCPT ); Mon, 15 May 2017 02:40:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chelsious.onmicrosoft.com; s=selector1-chelsio-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pAzYc9Zy0iqnkIPDy0qkY9cF+H+kZ8L3g9VoerQ/hgs=; b=v8gJZoOJFvKWDNvSSb/5xuIQvoFToZvhexVOGB41OojRJGpjbBbZv7U6iBfB3KO/MY8fr4qnV+lbjAlOnw9OKHbRg6BYvUhGG/P+aeGDzme5qHp6EaIm/0vKHbHcXWrNZTnvq8dJt7JIto96SbkO8E72ByzlAHYYO4PzM0n6YtM= Received: from CY1PR12MB0774.namprd12.prod.outlook.com (10.164.69.140) by CY1PR12MB0774.namprd12.prod.outlook.com (10.164.69.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Mon, 15 May 2017 06:40:40 +0000 Received: from CY1PR12MB0774.namprd12.prod.outlook.com ([10.164.69.140]) by CY1PR12MB0774.namprd12.prod.outlook.com ([10.164.69.140]) with mapi id 15.01.1084.027; Mon, 15 May 2017 06:40:39 +0000 From: "Raju Rangoju" To: "dledford@redhat.com" , "dan.carpenter@oracle.com" , "linux-rdma@vger.kernel.org" CC: SWise OGC , "Raju Rangoju" Subject: RE: [PATCH 1/1] RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers Thread-Topic: [PATCH 1/1] RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers Thread-Index: AQHSykvoVu/iyvAbb0SFO8oXNW811KH09J0g Date: Mon, 15 May 2017 06:40:39 +0000 Message-ID: References: <20170511114354.25046-1-rajur@chelsio.com> In-Reply-To: <20170511114354.25046-1-rajur@chelsio.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: redhat.com; dkim=none (message not signed) header.d=none; redhat.com; dmarc=none action=none header.from=chelsio.com; x-originating-ip: [111.93.130.157] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1PR12MB0774; 7:S3VCzoak9sieWgiXAUjFinCH1ftDblywf/lw47ssrAICyj9j8UYDy/tbGXotKSHrvW6Fx/nTCoP0nMkhE5UJSW2B0GWxKOm7yB4F9jwvxpRmlU9d4jXZZDJxcDP/M3hRDQQmiBQOtfg5FUg+OBkXG986jUiK/tVjL32QXfz9ScVArqCdZiogR3HfZaDqqjD2Cx3wl/O9gFigNvgy1dRIZdLYn7+W2NAFWRnwkdHovd4tXHCmC0OSUIsiDuGWGOJgNbAzfnjjbNyJI9vJOhgRx5DqjuBBoy4Dwrbp8A9IETS7l8iVGtzlvrPIVqFXzzQrhAwXX8WIoa7UOJxqQUxM5w== x-ld-processed: 065db76d-a7ae-4c60-b78a-501e8fc17095,ExtAddr x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6009001)(39400400002)(39830400002)(39410400002)(39450400003)(13464003)(107886003)(66066001)(38730400002)(6246003)(2900100001)(4326008)(2501003)(53936002)(77096006)(6436002)(54906002)(55016002)(6506006)(122556002)(2201001)(9686003)(25786009)(86362001)(53546009)(189998001)(3660700001)(33656002)(5660300001)(2906002)(50986999)(6116002)(54356999)(102836003)(3846002)(76176999)(229853002)(2950100002)(478600001)(3280700002)(7736002)(7696004)(305945005)(81166006)(74316002)(8936002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR12MB0774; H:CY1PR12MB0774.namprd12.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; x-ms-office365-filtering-correlation-id: bb41c7cf-ea6b-4904-f03d-08d49b5d4d5c x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201702281549075); SRVR:CY1PR12MB0774; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(9452136761055)(146099531331640); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6041248)(20161123564025)(2016111802025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123562025)(6072148)(6043046); SRVR:CY1PR12MB0774; BCL:0; PCL:0; RULEID:; SRVR:CY1PR12MB0774; x-forefront-prvs: 0308EE423E spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: chelsio.com X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2017 06:40:39.7322 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 065db76d-a7ae-4c60-b78a-501e8fc17095 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0774 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP -----Original Message----- From: Raju Rangoju [mailto:rajur@chelsio.com] Sent: 11 May 2017 17:14 To: dledford@redhat.com; linux-rdma@vger.kernel.org Cc: SWise OGC ; Raju Rangoju Subject: [PATCH 1/1] RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers The patch 761e19a504af: "RDMA/iw_cxgb4: Handle return value of c4iw_ofld_send() in abort_arp_failure()" from May 6, 2016, leads to the following static checker warning: drivers/infiniband/hw/cxgb4/cm.c:575 abort_arp_failure() warn: passing freed memory 'skb' Also fixes skb leak when l2t resolution fails Fixes: 761e19a504afa55 (RDMA/iw_cxgb4: Handle return value of c4iw_ofld_send() in abort_arp_failure()) Reported-by: Dan Carpenter Cc: Dan Carpenter Signed-off-by: Raju Rangoju Reviewed-by: Steve Wise --- drivers/infiniband/hw/cxgb4/cm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.12.0 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c index b6fe45924c6e..06b110213e92 100644 --- a/drivers/infiniband/hw/cxgb4/cm.c +++ b/drivers/infiniband/hw/cxgb4/cm.c @@ -488,6 +488,7 @@ static int _put_ep_safe(struct c4iw_dev *dev, struct sk_buff *skb) ep = *((struct c4iw_ep **)(skb->cb + 2 * sizeof(void *))); release_ep_resources(ep); + kfree_skb(skb); return 0; } @@ -498,6 +499,7 @@ static int _put_pass_ep_safe(struct c4iw_dev *dev, struct sk_buff *skb) ep = *((struct c4iw_ep **)(skb->cb + 2 * sizeof(void *))); c4iw_put_ep(&ep->parent_ep->com); release_ep_resources(ep); + kfree_skb(skb); return 0; } @@ -569,11 +571,13 @@ static void abort_arp_failure(void *handle, struct sk_buff *skb) pr_debug("%s rdev %p\n", __func__, rdev); req->cmd = CPL_ABORT_NO_RST; + skb_get(skb); ret = c4iw_ofld_send(rdev, skb); if (ret) { __state_set(&ep->com, DEAD); queue_arp_failure_cpl(ep, skb, FAKE_CPL_PUT_EP_SAFE); - } + } else + kfree_skb(skb); } static int send_flowc(struct c4iw_ep *ep)