Re: [PATCH] ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx
From: Jakub Kicinski
Date: Mon Mar 29 2021 - 19:54:51 EST
On Mon, 29 Mar 2021 04:50:02 -0700 Lv Yunlong wrote:
> In nfp_bpf_ctrl_msg_rx, if
> nfp_ccm_get_type(skb) == NFP_CCM_TYPE_BPF_BPF_EVENT is true, the skb
> will be freed. But the skb is still used by nfp_ccm_rx(&bpf->ccm, skb).
>
> My patch adds a return when the skb was freed.
>
> Fixes: bcf0cafab44fd ("nfp: split out common control message handling code")
> Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
Reviewed-by: Jakub Kicinski <kuba@xxxxxxxxxx>