From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 24 Feb 2022 14:53:25 +0000 (+0300)
Subject: net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act()
X-Git-Tag: v6.6.17~7931^2~129^2~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=371c2b349d927e81710f6ac2826d7fcb0374280f;p=platform%2Fkernel%2Flinux-rpi.git

net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act()

This returns freed memory leading to a use after free.  It's supposed to
return NULL.

Fixes: 8300f225268b ("net/mlx5e: Create new flow attr for multi table actions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index 40416e0..e3fc15a 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -3410,7 +3410,7 @@ mlx5e_clone_flow_attr_for_post_act(struct mlx5_flow_attr *attr,
 	if (!attr2 || !parse_attr) {
 		kvfree(parse_attr);
 		kfree(attr2);
-		return attr2;
+		return NULL;
 	}
 
 	memcpy(attr2, attr, attr_sz);