openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net
History
Yonglong Liu bb989501ab net: hns: Fix use after free identified by SLUB debug 
When enable SLUB debug, than remove hns_enet_drv module, SLUB debug will
identify a use after free bug:

[134.189505] Unable to handle kernel paging request at virtual address
		006b6b6b6b6b6b6b
[134.197553] Mem abort info:
[134.200381]   ESR = 0x96000004
[134.203487]   Exception class = DABT (current EL), IL = 32 bits
[134.209497]   SET = 0, FnV = 0
[134.212596]   EA = 0, S1PTW = 0
[134.215777] Data abort info:
[134.218701]   ISV = 0, ISS = 0x00000004
[134.222596]   CM = 0, WnR = 0
[134.225606] [006b6b6b6b6b6b6b] address between user and kernel address ranges
[134.232851] Internal error: Oops: 96000004 [#1] SMP
[134.237798] CPU: 21 PID: 27834 Comm: rmmod Kdump: loaded Tainted: G
		OE     4.19.5-1.2.34.aarch64 #1
[134.247856] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018
[134.255181] pstate: 20000005 (nzCv daif -PAN -UAO)
[134.260044] pc : hns_ae_put_handle+0x38/0x60
[134.264372] lr : hns_ae_put_handle+0x24/0x60
[134.268700] sp : ffff00001be93c50
[134.272054] x29: ffff00001be93c50 x28: ffff802faaec8040
[134.277442] x27: 0000000000000000 x26: 0000000000000000
[134.282830] x25: 0000000056000000 x24: 0000000000000015
[134.288284] x23: ffff0000096fe098 x22: ffff000001050070
[134.293671] x21: ffff801fb3c044a0 x20: ffff80afb75ec098
[134.303287] x19: ffff80afb75ec098 x18: 0000000000000000
[134.312945] x17: 0000000000000000 x16: 0000000000000000
[134.322517] x15: 0000000000000002 x14: 0000000000000000
[134.332030] x13: dead000000000100 x12: ffff7e02bea3c988
[134.341487] x11: ffff80affbee9e68 x10: 0000000000000000
[134.351033] x9 : 6fffff8000008101 x8 : 0000000000000000
[134.360569] x7 : dead000000000100 x6 : ffff000009579748
[134.370059] x5 : 0000000000210d00 x4 : 0000000000000000
[134.379550] x3 : 0000000000000001 x2 : 0000000000000000
[134.388813] x1 : 6b6b6b6b6b6b6b6b x0 : 0000000000000000
[134.397993] Process rmmod (pid: 27834, stack limit = 0x00000000d474b7fd)
[134.408498] Call trace:
[134.414611]  hns_ae_put_handle+0x38/0x60
[134.422208]  hnae_put_handle+0xd4/0x108
[134.429563]  hns_nic_dev_remove+0x60/0xc0 [hns_enet_drv]
[134.438342]  platform_drv_remove+0x2c/0x70
[134.445958]  device_release_driver_internal+0x174/0x208
[134.454810]  driver_detach+0x70/0xd8
[134.461913]  bus_remove_driver+0x64/0xe8
[134.469396]  driver_unregister+0x34/0x60
[134.476822]  platform_driver_unregister+0x20/0x30
[134.485130]  hns_nic_dev_driver_exit+0x14/0x6e4 [hns_enet_drv]
[134.494634]  __arm64_sys_delete_module+0x238/0x290

struct hnae_handle is a member of struct hnae_vf_cb, so when vf_cb is
freed, than use hnae_handle will cause use after free panic.

This patch frees vf_cb after hnae_handle used.

Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-01-04 13:33:57 -08:00
..
appletalk drivers/net: appletalk/cops: remove redundant if statement and mask 2018-12-24 14:48:26 -08:00
arcnet
bonding bonding: fix indentation issues, remove extra spaces 2018-12-18 15:01:23 -08:00
caif
can can: flexcan: split the Message Buffer RAM area 2018-11-28 16:52:25 +01:00
dsa net: dsa: mt7530: Drop unused GPIO include 2019-01-04 13:07:23 -08:00
ethernet net: hns: Fix use after free identified by SLUB debug 2019-01-04 13:33:57 -08:00
fddi FDDI: defza: Make the driver version string constant 2018-11-07 21:53:31 -08:00
fjes fjes: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-10 12:05:20 -08:00
hamradio net/hamradio/6pack: use mod_timer() to rearm timers 2019-01-02 10:27:01 -08:00
hippi
hyperv net: dev: Add extack argument to dev_set_mac_address() 2018-12-13 18:41:38 -08:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
ipvlan net: ipvlan: Issue NETDEV_PRE_CHANGEADDR 2018-12-13 18:41:38 -08:00
netdevsim drivers: net: netdevsim: use skb_sec_path helper 2018-12-19 11:21:37 -08:00
phy Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
plip
ppp ppp: Move PFC decompression to PPP generic layer 2018-12-20 16:49:30 -08:00
slip
team net: dev: Add extack argument to dev_set_mac_address() 2018-12-13 18:41:38 -08:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-21 15:06:20 -08:00
vmxnet3
wan soc/fsl/qe: fix err handling of ucc_of_parse_tdm 2019-01-04 12:50:43 -08:00
wimax
wireless for-4.21/block-20181221 2018-12-28 13:19:59 -08:00
xen-netback net: xenbus: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-10 12:05:20 -08:00
Kconfig net: documentation: build a directory structure for drivers 2018-12-05 11:30:06 -08:00
LICENSE.SRC
Makefile
Space.c
dummy.c
eql.c
geneve.c geneve: Initialize addr6 with memset 2018-11-17 22:03:06 -08:00
gtp.c
ifb.c
loopback.c
macsec.c
macvlan.c net: dev: Add extack argument to dev_set_mac_address() 2018-12-13 18:41:38 -08:00
macvtap.c
mdio.c
mii.c
net_failover.c net: core: dev: Add extack argument to dev_open() 2018-12-06 13:26:06 -08:00
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c rapidio/rionet: do not free skb before reading its length 2018-11-28 10:38:48 -08:00
sb1000.c
sungem_phy.c
tap.c tap: call skb_probe_transport_header after setting skb->dev 2019-01-01 12:01:02 -08:00
thunderbolt.c
tun.c tun: replace get_cpu_ptr with this_cpu_ptr when bh disabled 2018-12-14 13:36:26 -08:00
veth.c
virtio_net.c virtio-net: ethtool configurable LRO 2018-12-20 19:14:15 -08:00
vrf.c net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
vsockmon.c
vxlan.c vxlan: Correct merge error. 2018-12-20 16:14:22 -08:00
xen-netfront.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00