From 2f20dc3f7614b583fe7f125f42a28ac47b76b36e Mon Sep 17 00:00:00 2001
From: Shaun Tancheff <shaun.tancheff@hpe.com>
Date: Wed, 1 May 2024 11:39:26 +0700
Subject: [PATCH] LU-17797 lnet: avoid use after free of lnet ifaces

Durning inet4 / inet6 enumeration the array of nids can be
reallocated for freed.

When the array is freed the originating reference should be
nulled to avoid a possible use after free.

CoverityID: 425360 ("USE_AFTER_FREE")

Test-Parameters: trivial
Fixes: ab6c8bd18 ("LU-16822 lnet: always initialize IPv6 at start up")
Signed-off-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Change-Id: Ifd751e0c2f0095b33f8b2cd8dd58cfd8572c5ff4
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54975
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
---
 lnet/lnet/lib-socket.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lnet/lnet/lib-socket.c b/lnet/lnet/lib-socket.c
index e436289..7eb8dc5 100644
--- a/lnet/lnet/lib-socket.c
+++ b/lnet/lnet/lib-socket.c
@@ -447,8 +447,8 @@ static int lnet_inet4_enumerate(struct net_device *dev, int flags,
 			tmp = krealloc(ifaces, *nalloc * sizeof(*tmp),
 				       GFP_KERNEL);
 			if (!tmp) {
-				kfree(ifaces);
-				ifaces = NULL;
+				kfree(*dev_list);
+				*dev_list = NULL;
 				return -ENOMEM;
 			}
 			ifaces = tmp;
@@ -501,8 +501,8 @@ static int lnet_inet6_enumerate(struct net_device *dev, int flags,
 			tmp = krealloc(ifaces, *nalloc * sizeof(*tmp),
 				       GFP_KERNEL);
 			if (!tmp) {
-				kfree(ifaces);
-				ifaces = NULL;
+				kfree(*dev_list);
+				*dev_list = NULL;
 				return -ENOMEM;
 			}
 			ifaces = tmp;
-- 
1.8.3.1