diff mbox series

net/bnxt: fix a null dereference in cleanup label

Message ID	tencent_8D231E227A318D3C1DA7CE113C3AB8DF8708@qq.com (mailing list archive)
State	Accepted, archived
Delegated to:	Ajit Khaparde
Headers	Message-ID: <tencent_8D231E227A318D3C1DA7CE113C3AB8DF8708@qq.com> From: Weiguo Li <liwg06@foxmail.com> To: ajit.khaparde@broadcom.com Cc: michael.wildt@broadcom.com, dev@dpdk.org Subject: [PATCH] net/bnxt: fix a null dereference in cleanup label Date: Thu, 24 Feb 2022 23:53:59 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	net/bnxt: fix a null dereference in cleanup label \| net/bnxt: fix a null dereference in cleanup label

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS

Commit Message

Weiguo Li Feb. 24, 2022, 3:53 p.m. UTC

  Fixes: a46bbb57605b4 ("net/bnxt: update multi device design")

In tf_session_create(), there is a case that with 'tfp->session' still
be NULL and run 'goto cleanup', which will leads to a null dereference
by 'tfp_free(tfp->session->core_data)' in the cleanup.

Signed-off-by: Weiguo Li <liwg06@foxmail.com>
---
 drivers/net/bnxt/tf_core/tf_session.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Ajit Khaparde March 7, 2022, 5:14 a.m. UTC | #1

On Thu, Feb 24, 2022 at 7:54 AM Weiguo Li <liwg06@foxmail.com> wrote:
>
> Fixes: a46bbb57605b4 ("net/bnxt: update multi device design")
>
> In tf_session_create(), there is a case that with 'tfp->session' still
> be NULL and run 'goto cleanup', which will leads to a null dereference
> by 'tfp_free(tfp->session->core_data)' in the cleanup.
>
> Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Patch applied to dpdk-next-net-brcm.
Thanks

> ---
>  drivers/net/bnxt/tf_core/tf_session.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/bnxt/tf_core/tf_session.c b/drivers/net/bnxt/tf_core/tf_session.c
> index 9f849a0a76..c30c0e7029 100644
> --- a/drivers/net/bnxt/tf_core/tf_session.c
> +++ b/drivers/net/bnxt/tf_core/tf_session.c
> @@ -230,10 +230,12 @@ tf_session_create(struct tf *tfp,
>                             "FW Session close failed, rc:%s\n",
>                             strerror(-rc));
>         }
> +       if (tfp->session) {
> +               tfp_free(tfp->session->core_data);
> +               tfp_free(tfp->session);
> +               tfp->session = NULL;
> +       }
>
> -       tfp_free(tfp->session->core_data);
> -       tfp_free(tfp->session);
> -       tfp->session = NULL;
>         return rc;
>  }
>
> --
> 2.25.1
>

diff mbox series

Patch

diff --git a/drivers/net/bnxt/tf_core/tf_session.c b/drivers/net/bnxt/tf_core/tf_session.c
index 9f849a0a76..c30c0e7029 100644
--- a/drivers/net/bnxt/tf_core/tf_session.c
+++ b/drivers/net/bnxt/tf_core/tf_session.c
@@ -230,10 +230,12 @@  tf_session_create(struct tf *tfp,
 			    "FW Session close failed, rc:%s\n",
 			    strerror(-rc));
 	}
+	if (tfp->session) {
+		tfp_free(tfp->session->core_data);
+		tfp_free(tfp->session);
+		tfp->session = NULL;
+	}
 
-	tfp_free(tfp->session->core_data);
-	tfp_free(tfp->session);
-	tfp->session = NULL;
 	return rc;
 }