* [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
@ 2024-06-04 8:25 Aleksandr Mishin
2024-06-04 19:39 ` Sergey Ryazanov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Aleksandr Mishin @ 2024-06-04 8:25 UTC (permalink / raw)
To: M Chetan Kumar
Cc: Aleksandr Mishin, Loic Poulain, Sergey Ryazanov, Johannes Berg,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
netdev, linux-kernel, lvc-project
In case of region creation fail in ipc_devlink_create_region(), previously
created regions delete process starts from tainted pointer which actually
holds error code value.
Fix this bug by decreasing region index before delete.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
---
drivers/net/wwan/iosm/iosm_ipc_devlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_devlink.c b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
index bef6819986e9..33d6342124bc 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_devlink.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
@@ -211,7 +211,7 @@ static int ipc_devlink_create_region(struct iosm_devlink *devlink)
rc = PTR_ERR(devlink->cd_regions[i]);
dev_err(devlink->dev, "Devlink region fail,err %d", rc);
/* Delete previously created regions */
- for ( ; i >= 0; i--)
+ for (i--; i >= 0; i--)
devlink_region_destroy(devlink->cd_regions[i]);
goto region_create_fail;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
2024-06-04 8:25 [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail Aleksandr Mishin
@ 2024-06-04 19:39 ` Sergey Ryazanov
2024-06-05 18:58 ` Simon Horman
2024-06-06 8:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Sergey Ryazanov @ 2024-06-04 19:39 UTC (permalink / raw)
To: Aleksandr Mishin, M Chetan Kumar
Cc: Loic Poulain, Johannes Berg, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, linux-kernel, lvc-project
On 04.06.2024 11:25, Aleksandr Mishin wrote:
> In case of region creation fail in ipc_devlink_create_region(), previously
> created regions delete process starts from tainted pointer which actually
> holds error code value.
> Fix this bug by decreasing region index before delete.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Nice catch!
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
2024-06-04 8:25 [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail Aleksandr Mishin
2024-06-04 19:39 ` Sergey Ryazanov
@ 2024-06-05 18:58 ` Simon Horman
2024-06-06 8:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2024-06-05 18:58 UTC (permalink / raw)
To: Aleksandr Mishin
Cc: M Chetan Kumar, Loic Poulain, Sergey Ryazanov, Johannes Berg,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
netdev, linux-kernel, lvc-project
On Tue, Jun 04, 2024 at 11:25:00AM +0300, Aleksandr Mishin wrote:
> In case of region creation fail in ipc_devlink_create_region(), previously
> created regions delete process starts from tainted pointer which actually
> holds error code value.
> Fix this bug by decreasing region index before delete.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Reviewed-by: Simon Horman <horms@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
2024-06-04 8:25 [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail Aleksandr Mishin
2024-06-04 19:39 ` Sergey Ryazanov
2024-06-05 18:58 ` Simon Horman
@ 2024-06-06 8:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-06-06 8:40 UTC (permalink / raw)
To: Aleksandr Mishin
Cc: m.chetan.kumar, loic.poulain, ryazanov.s.a, johannes, davem,
edumazet, kuba, pabeni, netdev, linux-kernel, lvc-project
Hello:
This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:
On Tue, 4 Jun 2024 11:25:00 +0300 you wrote:
> In case of region creation fail in ipc_devlink_create_region(), previously
> created regions delete process starts from tainted pointer which actually
> holds error code value.
> Fix this bug by decreasing region index before delete.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> [...]
Here is the summary with links:
- [net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
https://git.kernel.org/netdev/net/c/b0c9a2643541
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-06 8:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-04 8:25 [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail Aleksandr Mishin
2024-06-04 19:39 ` Sergey Ryazanov
2024-06-05 18:58 ` Simon Horman
2024-06-06 8:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).