Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2215579/?format=api
{ "id": 2215579, "url": "http://patchwork.ozlabs.org/api/patches/2215579/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260324193530.375628-1-peter.maydell@linaro.org/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260324193530.375628-1-peter.maydell@linaro.org>", "list_archive_url": null, "date": "2026-03-24T19:35:30", "name": "hw/net/rocker: Avoid double-free of l2_flood.group_ids", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "1d2d3d12dc56ce2933488022700ed58e2a721d7b", "submitter": { "id": 5111, "url": "http://patchwork.ozlabs.org/api/people/5111/?format=api", "name": "Peter Maydell", "email": "peter.maydell@linaro.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260324193530.375628-1-peter.maydell@linaro.org/mbox/", "series": [ { "id": 497337, "url": "http://patchwork.ozlabs.org/api/series/497337/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=497337", "date": "2026-03-24T19:35:30", "name": "hw/net/rocker: Avoid double-free of l2_flood.group_ids", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/497337/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2215579/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2215579/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=qylblbRj;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fgKyr6QdRz1y1G\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 25 Mar 2026 06:36:03 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1w57XO-0000sk-RG; Tue, 24 Mar 2026 15:35:38 -0400", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)\n id 1w57XM-0000sL-8I\n for qemu-devel@nongnu.org; Tue, 24 Mar 2026 15:35:36 -0400", "from mail-wm1-x329.google.com ([2a00:1450:4864:20::329])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)\n id 1w57XK-0006nr-DS\n for qemu-devel@nongnu.org; Tue, 24 Mar 2026 15:35:35 -0400", "by mail-wm1-x329.google.com with SMTP id\n 5b1f17b1804b1-48538c5956bso1973855e9.0\n for <qemu-devel@nongnu.org>; Tue, 24 Mar 2026 12:35:33 -0700 (PDT)", "from lanath.. (wildly.archaic.org.uk. [81.2.115.145])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-4871664ad92sm4318255e9.4.2026.03.24.12.35.31\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 24 Mar 2026 12:35:31 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1774380933; x=1774985733; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=GDxBD2slxa/qr05PqNswk0PG2IQH7R7Cd9XrepJdiD8=;\n b=qylblbRjEOxEdh2ru7zklYHND23xru2y/YSNwflap1bKlTKAQPvjNAcKOPKastkkVI\n uG09/g+blA6g93EcE9Nr5npEoFy4AXkCu3Ez2cHih76a/qGQcC2D/3LAZ62v7Klrveyg\n 3Rg/LKrYdVClPBIvxlKhKsNtFTZ9rPpB7qRueFffD+hlkQotuEMk5/npfSKjaYCPMdL6\n vc7G44A88yYJtO/f7uuzvu4MNC0VvDuRvef6wnn3VH0BlFcyMlDL0EiDxa/MocwbJ2LN\n rR4kxySPcC7f47EEDwj4KhYCsUB+T1wHgCdTiaPsG32+Uf1qbdKGgY0lDh0Aul4uSIP2\n jrpg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1774380933; x=1774985733;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=GDxBD2slxa/qr05PqNswk0PG2IQH7R7Cd9XrepJdiD8=;\n b=Y/8C+12LBghc7irmimRFLlkqlM/zjpmxxvHyrVFC/p7oDOz3uQl58g9TpP4jpyUem3\n qWynJPZv7J/MNOA8UynJOaxtM4bHfBcmBx12ITgmM86RqJxISs+2atL3Mv+1d04x7gwp\n zKsYIhEkZJLFLHpW/sx2Fcat+iMJZVawdNXMqw5ZXeDj5RIcq+ez3DcTn7/X0QyXPtMW\n K95xg9gfyx4z9lS997M5Ijx7qjlKgUtWvk8urjGmB9DASPba58MpyJM5ZC3J5BjRmH8H\n Ua+EBGcCOvyxApWa9eMDO9YThKZGzf9n83vBCnIEa8LA59dDOlLVIWoTZdtX8MLN4aQT\n feGA==", "X-Gm-Message-State": "AOJu0YzkzwTaoA7KPhnrbcjhnnU5efEvUObaE3mBg0ROnjbQ8Vz+5ZWm\n D0b9Q6dsUMmgbmas3UB0ayzHkn6o8BRs1NI3AnCDhHdQfl40ovWOw+S87UsCF1TxRqAew4zDuxm\n ouGHRHe0=", "X-Gm-Gg": "ATEYQzwck+R0mGTUEjYlqf+oc/e9U/RIDjiMxk7zSntfzF44VmzsMXL6+zEIjUoDD5w\n n8g8Df1U3gYEW4ipyp2bwUmxzUf2RO0xTbs1gSez9nKKlA0etXb5r4INeAhZ117TMFLz/wEhj2I\n CfC4Z0B+rHry9x/gM22S+75q3ce8FVKj7X+mQihbYq5OlpIayxgJqlYI0Wge2xQV1Ean0C5V1Zm\n iKWSskHHbdzD/YDNeLO69jJ8cqrcFCXjDNvL5oX9Hr8buAXiCWaKd8c76yANWPvpo7GcuDzhWOm\n rZ9xI6u6DhqnT32YvloTnjJX/n1z8tfV4xhfB8E97z7vhhgJzIjEeezVVY9B7eeS3veg1gnMk2c\n irA+1ZkoGjaPLVXLpshVaPuonOI8waN7W2yK9kmV4dbBDJMIG68Dt1BbLB3LXAnRD9L2bVUzGPT\n QZiMR+BNHnQbHaKP6Ab2IuOezkDyq5HZZa3zWT7gFzrceJOpfG6CDUPaFnZOeaioKjeOOFVz5LC\n xaYEUEqe39Wq5+uUVFHJEUW0y7K+fk=", "X-Received": "by 2002:a05:600c:5288:b0:485:3e00:944a with SMTP id\n 5b1f17b1804b1-48716075f66mr13447065e9.9.1774380932230;\n Tue, 24 Mar 2026 12:35:32 -0700 (PDT)", "From": "Peter Maydell <peter.maydell@linaro.org>", "To": "qemu-devel@nongnu.org", "Cc": "Jiri Pirko <jiri@resnulli.us>,\n\tJason Wang <jasowang@redhat.com>", "Subject": "[PATCH] hw/net/rocker: Avoid double-free of l2_flood.group_ids", "Date": "Tue, 24 Mar 2026 19:35:30 +0000", "Message-ID": "<20260324193530.375628-1-peter.maydell@linaro.org>", "X-Mailer": "git-send-email 2.43.0", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=2a00:1450:4864:20::329;\n envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x329.google.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "In of_dpa_cmd_add_l2_flood(), we allocate memory for the\ngroup->l2_flood.group_ids array, freeing any previous array.\nHowever, in the error-exit path we free the group_ids memory but do\nnot clear the pointer to NULL. This means that if the guest causes\nus to take the error-exit path and then later call the function\nagain, we will try again to free the memory we already freed.\n\nFix this by clearing the group_ids pointer in the error exit\npath, so we maintain the invariant of \"either it points at\nallocated memory, or it is NULL\" (both being valid to g_free()).\n\nCc: qemu-stable@nongnu.org\nFixes: dc488f88806 (\"rocker: add new rocker switch device\")\nResolves: https://gitlab.com/qemu-project/qemu/-/work_items/3253\nSigned-off-by: Peter Maydell <peter.maydell@linaro.org>\n---\n hw/net/rocker/rocker_of_dpa.c | 1 +\n 1 file changed, 1 insertion(+)", "diff": "diff --git a/hw/net/rocker/rocker_of_dpa.c b/hw/net/rocker/rocker_of_dpa.c\nindex 814f19afc5..3190a0e75c 100644\n--- a/hw/net/rocker/rocker_of_dpa.c\n+++ b/hw/net/rocker/rocker_of_dpa.c\n@@ -2059,6 +2059,7 @@ static int of_dpa_cmd_add_l2_flood(OfDpa *of_dpa, OfDpaGroup *group,\n err_out:\n group->l2_flood.group_count = 0;\n g_free(group->l2_flood.group_ids);\n+ group->l2_flood.group_ids = NULL;\n g_free(tlvs);\n \n return err;\n", "prefixes": [] }