From: Jakub Kicinski <kuba@kernel.org>
To: Sasha Levin <sashal@kernel.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Wentao_Liang <Wentao_Liang_g@163.com>,
"David S . Miller" <davem@davemloft.net>,
jdmason@kudzu.us, edumazet@google.com, pabeni@redhat.com,
paskripkin@gmail.com, jgg@ziepe.ca, liuhangbin@gmail.com,
arnd@arndb.de, christophe.jaillet@wanadoo.fr,
netdev@vger.kernel.org
Subject: Re: [PATCH AUTOSEL 5.18 24/53] drivers/net/ethernet/neterion/vxge: Fix a use-after-free bug in vxge-main.c
Date: Mon, 27 Jun 2022 21:38:47 -0700 [thread overview]
Message-ID: <20220627213847.60d09e43@kernel.org> (raw)
In-Reply-To: <20220628021839.594423-24-sashal@kernel.org>
On Mon, 27 Jun 2022 22:18:10 -0400 Sasha Levin wrote:
> From: Wentao_Liang <Wentao_Liang_g@163.com>
>
> [ Upstream commit 8fc74d18639a2402ca52b177e990428e26ea881f ]
>
> The pointer vdev points to a memory region adjacent to a net_device
> structure ndev, which is a field of hldev. At line 4740, the invocation
> to vxge_device_unregister unregisters device hldev, and it also releases
> the memory region pointed by vdev->bar0. At line 4743, the freed memory
> region is referenced (i.e., iounmap(vdev->bar0)), resulting in a
> use-after-free vulnerability. We can fix the bug by calling iounmap
> before vxge_device_unregister.
This is a dud see commit 877fe9d49b74 ("Revert
"drivers/net/ethernet/neterion/vxge: Fix a use-after-free bug in vxge-main.c"")
next prev parent reply other threads:[~2022-06-28 4:38 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-28 2:17 [PATCH AUTOSEL 5.18 01/53] spi: spi-cadence: Fix SPI CS gets toggling sporadically Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 02/53] spi: cadence: Detect transmit FIFO depth Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 03/53] spi: spi-mem: Fix spi_mem_poll_status() Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 04/53] arm64: s32g2: Pass unit name to soc node Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 05/53] regulator: qcom_smd: correct MP5496 ranges Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 06/53] ALSA: usb-audio: US16x08: Move overflow check before array access Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 07/53] bus: bt1-apb: Don't print error on -EPROBE_DEFER Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 08/53] bus: bt1-axi: " Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 09/53] selftests: Fix clang cross compilation Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 10/53] drm/vc4: plane: Prevent async update if we don't have a dlist Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 11/53] drm/vc4: crtc: Use an union to store the page flip callback Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 12/53] drm/vc4: crtc: Move the BO handling out of common page-flip callback Sasha Levin
2022-06-28 2:17 ` Sasha Levin
2022-06-28 2:17 ` [PATCH AUTOSEL 5.18 13/53] selftests: vm: Fix resource leak when return error Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 14/53] scsi: ufs: Simplify ufshcd_clear_cmd() Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 15/53] scsi: ufs: Support clearing multiple commands at once Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 16/53] scsi: ufs: Fix a race between the interrupt handler and the reset handler Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 17/53] selftests/bpf: Shuffle cookies symbols in kprobe multi test Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 18/53] ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 19/53] ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 20/53] hamradio: 6pack: fix array-index-out-of-bounds in decode_std_command() Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 21/53] block: serialize all debugfs operations using q->debugfs_mutex Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 22/53] block: remove per-disk debugfs files in blk_unregister_queue Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 23/53] block: freeze the queue earlier in del_gendisk Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 24/53] drivers/net/ethernet/neterion/vxge: Fix a use-after-free bug in vxge-main.c Sasha Levin
2022-06-28 4:38 ` Jakub Kicinski [this message]
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 25/53] powerpc/prom_init: Fix build failure with GCC_PLUGIN_STRUCTLEAK_BYREF_ALL and KASAN Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 26/53] libperf evsel: Open shouldn't leak fd on failure Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 27/53] drm: panel-orientation-quirks: Add quirk for Aya Neo Next Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 28/53] iio: freq: admv1014: Fix warning about dubious x & !y and improve readability Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 29/53] spi: rockchip: Unmask IRQ at the final to avoid preemption Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 30/53] video: fbdev: skeletonfb: Fix syntax errors in comments Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 31/53] video: fbdev: intelfb: Use aperture size from pci_resource_len Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 32/53] io_uring: mark reissue requests with REQ_F_PARTIAL_IO Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 33/53] video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 34/53] video: fbdev: simplefb: Check before clk_put() not needed Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 35/53] btrfs: add missing inode updates on each iteration when replacing extents Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 36/53] btrfs: do not BUG_ON() on failure to migrate space " Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 37/53] io_uring: fix merge error in checking send/recv addr2 flags Sasha Levin
2022-06-28 13:12 ` Jens Axboe
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 38/53] drm/xen: Add missing VM_DONTEXPAND flag in mmap callback Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 39/53] arch: mips: generic: Add missing of_node_put() in board-ranchu.c Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 40/53] mips: mti-malta: Fix refcount leak in malta-time.c Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 41/53] mips: ralink: Fix refcount leak in of.c Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 42/53] mips: lantiq: falcon: Fix refcount leak bug in sysctrl Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 43/53] mips: lantiq: xway: " Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 44/53] mips/pic32/pic32mzda: Fix refcount leak bugs Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 45/53] mips: dts: ingenic: Add TCU clock to x1000/x1830 tcu device node Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 46/53] mips: lantiq: Add missing of_node_put() in irq.c Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 47/53] drm/sun4i: Add DMA mask and segment size Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 48/53] drm/sun4i: Return if frontend is not present Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 49/53] hinic: Replace memcpy() with direct assignment Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 50/53] drm/amdgpu: Adjust logic around GTT size (v3) Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 51/53] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 52/53] gpio: grgpio: Fix device removing Sasha Levin
2022-06-28 2:18 ` [PATCH AUTOSEL 5.18 53/53] arm: mach-spear: Add missing of_node_put() in time.c Sasha Levin
2022-06-28 2:18 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220627213847.60d09e43@kernel.org \
--to=kuba@kernel.org \
--cc=Wentao_Liang_g@163.com \
--cc=arnd@arndb.de \
--cc=christophe.jaillet@wanadoo.fr \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jdmason@kudzu.us \
--cc=jgg@ziepe.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=paskripkin@gmail.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.