niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/drivers/net/ethernet/broadcom/bnxt
History
Selvin Xavier 89b59a84cb bnxt_en: Fix the double free during device removal 
Following warning reported by KASAN during driver unload

==================================================================
BUG: KASAN: double-free in bnxt_remove_one+0x103/0x200 [bnxt_en]
Free of addr ffff88814e8dd4c0 by task rmmod/17469
CPU: 47 PID: 17469 Comm: rmmod Kdump: loaded Tainted: G S                 6.2.0-rc7+ #2
Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.3.10 08/15/2019
Call Trace:
 <TASK>
 dump_stack_lvl+0x33/0x46
 print_report+0x17b/0x4b3
 ? __call_rcu_common.constprop.79+0x27e/0x8c0
 ? __pfx_free_object_rcu+0x10/0x10
 ? __virt_addr_valid+0xe3/0x160
 ? bnxt_remove_one+0x103/0x200 [bnxt_en]
 kasan_report_invalid_free+0x64/0xd0
 ? bnxt_remove_one+0x103/0x200 [bnxt_en]
 ? bnxt_remove_one+0x103/0x200 [bnxt_en]
 __kasan_slab_free+0x179/0x1c0
 ? bnxt_remove_one+0x103/0x200 [bnxt_en]
 __kmem_cache_free+0x194/0x350
 bnxt_remove_one+0x103/0x200 [bnxt_en]
 pci_device_remove+0x62/0x110
 device_release_driver_internal+0xf6/0x1c0
 driver_detach+0x76/0xe0
 bus_remove_driver+0x89/0x160
 pci_unregister_driver+0x26/0x110
 ? strncpy_from_user+0x188/0x1c0
 bnxt_exit+0xc/0x24 [bnxt_en]
 __x64_sys_delete_module+0x21f/0x390
 ? __pfx___x64_sys_delete_module+0x10/0x10
 ? __pfx_mem_cgroup_handle_over_high+0x10/0x10
 ? _raw_spin_lock+0x87/0xe0
 ? __pfx__raw_spin_lock+0x10/0x10
 ? __audit_syscall_entry+0x185/0x210
 ? ktime_get_coarse_real_ts64+0x51/0x80
 ? syscall_trace_enter.isra.18+0x126/0x1a0
 do_syscall_64+0x37/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7effcb6fd71b
Code: 73 01 c3 48 8b 0d 6d 17 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 17 2c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffeada270b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 00005623660e0750 RCX: 00007effcb6fd71b
RDX: 000000000000000a RSI: 0000000000000800 RDI: 00005623660e07b8
RBP: 0000000000000000 R08: 00007ffeada26031 R09: 0000000000000000
R10: 00007effcb771280 R11: 0000000000000206 R12: 00007ffeada272e0
R13: 00007ffeada28bc4 R14: 00005623660e02a0 R15: 00005623660e0750
 </TASK>

Auxiliary device structures are freed in bnxt_aux_dev_release. So avoid
calling kfree from bnxt_remove_one.

Also, set bp->edev to NULL before freeing the auxilary private structure.

Fixes: d80d88b0df ("bnxt_en: Add auxiliary driver support")
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-03-06 09:36:08 +00:00
..
bnxt.c bnxt_en: Fix the double free during device removal 2023-03-06 09:36:08 +00:00
bnxt.h bnxt_en: Add auxiliary driver support 2023-02-01 19:02:06 -08:00
bnxt_coredump.c bnxt_en: use firmware provided max timeout for messages 2022-01-09 16:27:23 -08:00
bnxt_coredump.h bnxt_en: move coredump functions into dedicated file 2021-10-29 12:13:05 +01:00
bnxt_dcb.c bnxt_en: Properly report no pause support on some cards 2022-03-05 11:16:56 +00:00
bnxt_dcb.h bnxt_en: Use struct_group_attr() for memcpy() region 2021-09-25 08:20:48 -07:00
bnxt_debugfs.c bnxt: no need to check return value of debugfs_create functions 2019-08-10 15:25:47 -07:00
bnxt_debugfs.h bnxt_en: add debugfs support for DIM 2018-04-27 14:47:30 -04:00
bnxt_devlink.c devlink: remove devlink features 2023-01-30 08:37:46 +00:00
bnxt_devlink.h bnxt: revert hastily merged uAPI aberrations 2022-03-09 19:55:00 -08:00
bnxt_dim.c linux/dim: Move implementation to .c files 2019-06-25 13:46:39 -07:00
bnxt_ethtool.c bnxt: Do not read past the end of test names 2023-01-20 12:52:29 +00:00
bnxt_ethtool.h bnxt_en: implement callbacks for devlink selftests 2022-07-28 21:56:53 -07:00
bnxt_fw_hdr.h bnxt_en: Added support for Secure Firmware Update 2016-09-19 21:32:24 -04:00
bnxt_hsi.h bnxt: Do not read past the end of test names 2023-01-20 12:52:29 +00:00
bnxt_hwrm.c bnxt_en: fix the handling of PCIE-AER 2022-11-04 19:29:02 -07:00
bnxt_hwrm.h bnxt_en: Increase firmware message response DMA wait time 2022-02-20 13:47:15 +00:00
bnxt_nvm_defs.h bnxt_en: Fix memory fault in bnxt_ethtool_init() 2018-04-19 16:35:09 -04:00
bnxt_ptp.c ptp: bnxt: convert .adjfreq to .adjfine 2022-11-11 10:58:39 +00:00
bnxt_ptp.h bnxt_en: Add a non-real time mode to access NIC clock 2022-11-08 12:39:02 +01:00
bnxt_sriov.c RDMA/bnxt_re: Remove the sriov config callback 2023-02-01 19:02:18 -08:00
bnxt_sriov.h ethernet: constify references to netdev->dev_addr in drivers 2021-10-14 09:22:11 -07:00
bnxt_tc.c flow_offload: reject to offload tc actions in offload drivers 2021-12-19 14:08:47 +00:00
bnxt_tc.h bnxt_en: Fix array overrun in bnxt_fill_l2_rewrite_fields(). 2019-11-13 14:28:30 -08:00
bnxt_ulp.c bnxt_en: Fix the double free during device removal 2023-03-06 09:36:08 +00:00
bnxt_ulp.h bnxt_en: Remove runtime interrupt vector allocation 2023-02-01 19:02:20 -08:00
bnxt_vfr.c net: ethernet: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:26 -07:00
bnxt_vfr.h bnxt_en: Free and allocate VF-Reps during error recovery. 2021-04-12 13:20:38 -07:00
bnxt_xdp.c drivers: net: turn on XDP features 2023-02-02 20:48:23 -08:00
bnxt_xdp.h bnxt_en: Fix XDP RX path 2022-12-28 10:16:57 +00:00
Makefile bnxt_en: move coredump functions into dedicated file 2021-10-29 12:13:05 +01:00