[PATCH] net/mlx5: fix use after free on Rx queue start

[Raslan Darawsheh]

Hi,

> -----Original Message-----
> From: Dariusz Sosnowski <dsosnowski at nvidia.com>
> Sent: Thursday, November 9, 2023 7:58 PM
> To: Matan Azrad <matan at nvidia.com>; Slava Ovsiienko
> <viacheslavo at nvidia.com>; Ori Kam <orika at nvidia.com>; Suanming Mou
> <suanmingm at nvidia.com>; Xueming(Steven) Li <xuemingl at nvidia.com>
> Cc: dev at dpdk.org; Raslan Darawsheh <rasland at nvidia.com>;
> stable at dpdk.org
> Subject: [PATCH] net/mlx5: fix use after free on Rx queue start
> 
> If RX queue is not started yet, then a mlx5_rxq_obj struct used for storing HW
> queue objects will be allocated and added to the list held in port's private data
> structure.
> After that allocation, Rx queue HW object configuration is done.
> If that configuration failed, then mlx5_rxq_obj struct is freed, but not removed
> from the list. This causes an use after free bug, during error handling in
> mlx5_rxq_start(), where this deallocated struct was accessed during list
> cleanup.
> 
> This patch fixes that by inserting mlx5_rxq_obj struct to the list only after HW
> queue object configuration succeeded.
> 
> Fixes: 09c2555303be ("net/mlx5: support shared Rx queue")
> Cc: xuemingl at nvidia.com
> Cc: stable at dpdk.org
> 
> Signed-off-by: Dariusz Sosnowski <dsosnowski at nvidia.com>
> Acked-by: Viacheslav Ovsiienko <viacheslavo at nvidia.com>

Patch applied to next-net-mlx,

Kindest regards,
Raslan Darawsheh