From: Jakub Kicinski <kuba@kernel.org>
To: Wentao_Liang <Wentao_Liang_g@163.com>, jdmason@kudzu.us
Cc: davem@davemloft.net, edumazet@google.com, pabeni@redhat.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c
Date: Wed, 15 Jun 2022 19:50:50 -0700 [thread overview]
Message-ID: <20220615195050.6e4785ef@kernel.org> (raw)
In-Reply-To: <20220615013816.6593-1-Wentao_Liang_g@163.com>
Jon, if you're there, do you have any sense on whether this HW is still
in production somewhere? I scrolled thru last 5 years of the git history
and there doesn't seem to be any meaningful change here while there's a
significant volume of refactoring going in.
On the patch itself:
On Wed, 15 Jun 2022 09:38:16 +0800 Wentao_Liang wrote:
> Subject: [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c
No need to repeat "[PATCH]"
The driver is not called "vexy" as far as I can tell.
> The pointer vdev points to a memory region adjacent to a net_device
> structure ndev, which is a field of hldev. At line 4740, the invocation
> to vxge_device_unregister unregisters device hldev, and it also releases
> the memory region pointed by vdev->bar0. At line 4743, the freed memory
> region is referenced (i.e., iounmap(vdev->bar0)), resulting in a
> use-after-free vulnerability. We can fix the bug by calling iounmap
> before vxge_device_unregister.
Are you sure the bar0 is not needed by the netdev? You're freeing
memory that the netdev may need until it's unregistered.
next prev parent reply other threads:[~2022-06-16 2:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 1:38 [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c Wentao_Liang
2022-06-16 2:50 ` Jakub Kicinski [this message]
[not found] ` <1f10f9f8.6c02.1816cb0dc51.Coremail.wentao_liang_g@163.com>
2022-06-16 15:50 ` Jakub Kicinski
2022-06-20 14:40 ` Jon Mason
2022-06-20 15:02 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220615195050.6e4785ef@kernel.org \
--to=kuba@kernel.org \
--cc=Wentao_Liang_g@163.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jdmason@kudzu.us \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.