| Message ID | Z8alMHz89jH3uPJ9@stanley.mountain (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f252f23ab657cd224cb8334ba69966396f3f629b |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v2,net-next] net: Silence use after free static checker warning | expand |
On 2025-03-04 12:01 a.m., Dan Carpenter wrote: > The cpu_rmap_put() will call kfree() when the last reference is dropped. > > Fortunately, this is not the the last reference so it won't free it > here. Unfortunately, static checkers are not clever enough and they > still warn that this could lead to a use after free on the next line. > Flip these two statements around to silence the static checker false > positve. nit: *positive. Beside that: Reviewed-by: Ahmed Zaki <ahmed.zaki@intel.com> Thanks. > > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > net/core/dev.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 9189c4a048d7..c102349e04ee 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -7072,8 +7072,8 @@ void netif_napi_set_irq_locked(struct napi_struct *napi, int irq) > put_rmap: > #ifdef CONFIG_RFS_ACCEL > if (napi->dev->rx_cpu_rmap_auto) { > - cpu_rmap_put(napi->dev->rx_cpu_rmap); > napi->dev->rx_cpu_rmap->obj[napi->napi_rmap_idx] = NULL; > + cpu_rmap_put(napi->dev->rx_cpu_rmap); > napi->napi_rmap_idx = -1; > } > #endif
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Tue, 4 Mar 2025 10:01:04 +0300 you wrote: > The cpu_rmap_put() will call kfree() when the last reference is dropped. > > Fortunately, this is not the the last reference so it won't free it > here. Unfortunately, static checkers are not clever enough and they > still warn that this could lead to a use after free on the next line. > Flip these two statements around to silence the static checker false > positve. > > [...] Here is the summary with links: - [v2,net-next] net: Silence use after free static checker warning https://git.kernel.org/netdev/net-next/c/f252f23ab657 You are awesome, thank you!
diff --git a/net/core/dev.c b/net/core/dev.c index 9189c4a048d7..c102349e04ee 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -7072,8 +7072,8 @@ void netif_napi_set_irq_locked(struct napi_struct *napi, int irq) put_rmap: #ifdef CONFIG_RFS_ACCEL if (napi->dev->rx_cpu_rmap_auto) { - cpu_rmap_put(napi->dev->rx_cpu_rmap); napi->dev->rx_cpu_rmap->obj[napi->napi_rmap_idx] = NULL; + cpu_rmap_put(napi->dev->rx_cpu_rmap); napi->napi_rmap_idx = -1; } #endif
The cpu_rmap_put() will call kfree() when the last reference is dropped. Fortunately, this is not the the last reference so it won't free it here. Unfortunately, static checkers are not clever enough and they still warn that this could lead to a use after free on the next line. Flip these two statements around to silence the static checker false positve. Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)