Paths

Table of Contentst

qlnxe: Fix a use-after-free in ecore_spq_post()
Needs ReviewPublic
Actions

Authored by markj on Jun 2 2021, 2:10 PM.

Tags

None

Referenced Files

	F85510764: D30612.diff
	Thu, Jun 6, 10:49 PM

	Unknown Object (File)
	Thu, May 23, 8:56 AM

	Unknown Object (File)
	Thu, May 23, 6:23 AM

	Unknown Object (File)
	Thu, May 23, 2:03 AM

	Unknown Object (File)
	Apr 21 2024, 9:08 PM

	Unknown Object (File)
	Mar 4 2024, 5:14 AM

	Unknown Object (File)
	Sep 10 2023, 6:46 AM

	Unknown Object (File)
	Aug 26 2023, 2:20 PM

View All 13 Files

Subscribers

emaste

imp

info_dominicschlegel.ch

Details

Reviewers

davidcs

Summary

ecore_sqp_add_entry() may free the spq entry structure. Then,
ecore_spq_post() may dereference the entry to check
p_ent->comp_mode == ECORE_SPQ_MODE_EBLOCK.

Fix the problem by changing ecore_sqp_add_entry() to return the new
entry pointer.

PR: 255868
MFC after: 1 week

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 39663
Build 36552: arc lint + arc unit

Event Timeline

markj created this revision.Jun 2 2021, 2:10 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 2 2021, 2:10 PM

markj requested review of this revision.Jun 2 2021, 2:10 PM

Harbormaster completed remote builds in B39663: Diff 90321.Jun 2 2021, 2:10 PM

emaste added a subscriber: emaste.Jun 2 2021, 10:43 PM

info_dominicschlegel.ch added a subscriber: info_dominicschlegel.ch.Oct 21 2021, 9:44 AM

Revision Contents
Changeset List

Path

Size

sys/

dev/

qlnx/

qlnxe/

ecore_spq.c

12 lines

Diff 90321

View Options

sys/dev/qlnx/qlnxe/ecore_spq.c

qlnxe: Fix a use-after-free in ecore_spq_post()Needs ReviewPublicActions