openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net/ethernet/hisilicon/hns
History
Yonglong Liu bb989501ab net: hns: Fix use after free identified by SLUB debug 
When enable SLUB debug, than remove hns_enet_drv module, SLUB debug will
identify a use after free bug:

[134.189505] Unable to handle kernel paging request at virtual address
		006b6b6b6b6b6b6b
[134.197553] Mem abort info:
[134.200381]   ESR = 0x96000004
[134.203487]   Exception class = DABT (current EL), IL = 32 bits
[134.209497]   SET = 0, FnV = 0
[134.212596]   EA = 0, S1PTW = 0
[134.215777] Data abort info:
[134.218701]   ISV = 0, ISS = 0x00000004
[134.222596]   CM = 0, WnR = 0
[134.225606] [006b6b6b6b6b6b6b] address between user and kernel address ranges
[134.232851] Internal error: Oops: 96000004 [#1] SMP
[134.237798] CPU: 21 PID: 27834 Comm: rmmod Kdump: loaded Tainted: G
		OE     4.19.5-1.2.34.aarch64 #1
[134.247856] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018
[134.255181] pstate: 20000005 (nzCv daif -PAN -UAO)
[134.260044] pc : hns_ae_put_handle+0x38/0x60
[134.264372] lr : hns_ae_put_handle+0x24/0x60
[134.268700] sp : ffff00001be93c50
[134.272054] x29: ffff00001be93c50 x28: ffff802faaec8040
[134.277442] x27: 0000000000000000 x26: 0000000000000000
[134.282830] x25: 0000000056000000 x24: 0000000000000015
[134.288284] x23: ffff0000096fe098 x22: ffff000001050070
[134.293671] x21: ffff801fb3c044a0 x20: ffff80afb75ec098
[134.303287] x19: ffff80afb75ec098 x18: 0000000000000000
[134.312945] x17: 0000000000000000 x16: 0000000000000000
[134.322517] x15: 0000000000000002 x14: 0000000000000000
[134.332030] x13: dead000000000100 x12: ffff7e02bea3c988
[134.341487] x11: ffff80affbee9e68 x10: 0000000000000000
[134.351033] x9 : 6fffff8000008101 x8 : 0000000000000000
[134.360569] x7 : dead000000000100 x6 : ffff000009579748
[134.370059] x5 : 0000000000210d00 x4 : 0000000000000000
[134.379550] x3 : 0000000000000001 x2 : 0000000000000000
[134.388813] x1 : 6b6b6b6b6b6b6b6b x0 : 0000000000000000
[134.397993] Process rmmod (pid: 27834, stack limit = 0x00000000d474b7fd)
[134.408498] Call trace:
[134.414611]  hns_ae_put_handle+0x38/0x60
[134.422208]  hnae_put_handle+0xd4/0x108
[134.429563]  hns_nic_dev_remove+0x60/0xc0 [hns_enet_drv]
[134.438342]  platform_drv_remove+0x2c/0x70
[134.445958]  device_release_driver_internal+0x174/0x208
[134.454810]  driver_detach+0x70/0xd8
[134.461913]  bus_remove_driver+0x64/0xe8
[134.469396]  driver_unregister+0x34/0x60
[134.476822]  platform_driver_unregister+0x20/0x30
[134.485130]  hns_nic_dev_driver_exit+0x14/0x6e4 [hns_enet_drv]
[134.494634]  __arm64_sys_delete_module+0x238/0x290

struct hnae_handle is a member of struct hnae_vf_cb, so when vf_cb is
freed, than use hnae_handle will cause use after free panic.

This patch frees vf_cb after hnae_handle used.

Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-01-04 13:33:57 -08:00
..
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hnae.c net: hns: fix for unmapping problem when SMMU is on 2018-09-25 10:42:20 -07:00
hnae.h net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_ae_adapt.c net: hns: Fix use after free identified by SLUB debug 2019-01-04 13:33:57 -08:00
hns_dsaf_gmac.c net: hns: Add mac pcs config when enable|disable mac 2018-12-16 12:07:32 -08:00
hns_dsaf_gmac.h
hns_dsaf_mac.c net: hns: All ports can not work when insmod hns ko after rmmod. 2018-12-16 12:07:31 -08:00
hns_dsaf_mac.h net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_main.c net: hns: Fix ping failed when use net bridge and send multicast 2018-12-16 12:07:32 -08:00
hns_dsaf_main.h net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_misc.c net: hns: Make many functions static 2018-07-26 09:41:48 -07:00
hns_dsaf_misc.h net: hns: Add support of ACPI to HNS driver RoCE Reset function 2016-08-25 10:05:10 -04:00
hns_dsaf_ppe.c net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_ppe.h net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_rcb.c net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_rcb.h net: hns: add the code for cleaning pkt in chip 2018-08-29 18:08:20 -07:00
hns_dsaf_reg.h net: hns: Add mac pcs config when enable|disable mac 2018-12-16 12:07:32 -08:00
hns_dsaf_xgmac.c net: hisilicon: hns: Replace mdelay() with msleep() 2018-07-27 13:45:14 -07:00
hns_dsaf_xgmac.h net: hns: fix to intimate the link-status change by adding LF/RF method 2016-11-10 11:45:37 -05:00
hns_enet.c net: hns: Fix WARNING when hns modules installed 2019-01-04 13:33:57 -08:00
hns_enet.h net: hns: Add self-adaptive interrupt coalesce support in hns driver 2017-08-03 09:21:14 -07:00
hns_ethtool.c net: core: dev: Add extack argument to dev_open() 2018-12-06 13:26:06 -08:00