Re: [PATCH net] ice: Fix use-after-scope in ice_sched_add_nodes_to_layer()

Next message: Yiyang Chen: "[PATCH bpf 2/2] selftests/bpf: Add skb dynptr writer packet invalidation tests"
Previous message: Can Guo: "Re: [PATCH v8 1/2] dt-bindings: ufs: Document static TX Equalization settings properties"
In reply to: NeKon69: "[PATCH net] ice: Fix use-after-scope in ice_sched_add_nodes_to_layer()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Horman

Date: Mon Jun 15 2026 - 08:13:34 EST

On Sat, Jun 13, 2026 at 01:14:40PM +0300, NeKon69 wrote:
> Commit 7fb09a737536 ("ice: Modify recursive way of adding nodes")
> changed ice_sched_add_nodes_to_layer() from recursive control flow to an
> iterative loop.
>
> Inside the loop, first_teid_ptr may be set to the address of a
> block-local variable:
>
> u32 temp;
> ...
> if (num_added)
> first_teid_ptr = &temp;
>
> On the next loop iteration, first_teid_ptr may be passed to
> ice_sched_add_nodes_to_hw_layer(), after temp from the previous
> iteration has gone out of scope.
>
> Move temp outside the loop so the pointer remains valid for the lifetime
> of ice_sched_add_nodes_to_layer().
>
> This was found by Clang with LifetimeSafety enabled while testing C
> language support on a Linux allmodconfig build.
>
> Fixes: 7fb09a737536 ("ice: Modify recursive way of adding nodes")
> Link: https://github.com/llvm/llvm-project/pull/203270
> Signed-off-by: NeKon69 <nobodqwe@xxxxxxxxx>

I agree that this patch is correct.

However, I do wonder if it would be cleaner to allow
passing NULL as the first_node_teid argument of
ice_sched_add_nodes_to_hw_layer()

...