[PATCH net] liquidio: check other_oct before dereferencing

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net] liquidio: check other_oct before dereferencing
@ 2025-04-29 21:00 Alexey V. Vissarionov
  2025-04-30 20:46 ` Jacob Keller
  0 siblings, 1 reply; 3+ messages in thread
From: Alexey V. Vissarionov @ 2025-04-29 21:00 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: Alexey V. Vissarionov, David S. Miller, Derek Chickles,
	Dr. David Alan Gilbert, Eric Dumazet, Felix Manlunas,
	Jakub Kicinski, Paolo Abeni, netdev, lvc-project

get_other_octeon_device() may return NULL; avoid dereferencing the
other_oct pointer in that case.

Found by ALT Linux Team (altlinux.org) and Linux Verification Center
(linuxtesting.org).

Fixes: bb54be589c7a ("liquidio: fix Octeon core watchdog timeout false alarm")
Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
---
 drivers/net/ethernet/cavium/liquidio/lio_main.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index 1d79f6eaa41f6cbf..7b255126289b9fcd 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -796,10 +796,11 @@ static int liquidio_watchdog(void *param)
 
 #ifdef CONFIG_MODULE_UNLOAD
 		vfs_mask1 = READ_ONCE(oct->sriov_info.vf_drv_loaded_mask);
-		vfs_mask2 = READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
-
-		vfs_referencing_pf  = hweight64(vfs_mask1);
-		vfs_referencing_pf += hweight64(vfs_mask2);
+		vfs_referencing_pf = hweight64(vfs_mask1);
+		if (other_oct) {
+			vfs_mask2 = READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
+			vfs_referencing_pf += hweight64(vfs_mask2);
+		}
 
 		refcount = module_refcount(THIS_MODULE);
 		if (refcount >= vfs_referencing_pf) {


-- 
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH net] liquidio: check other_oct before dereferencing
  2025-04-29 21:00 [PATCH net] liquidio: check other_oct before dereferencing Alexey V. Vissarionov
@ 2025-04-30 20:46 ` Jacob Keller
  2025-05-05  3:00   ` Alexey V. Vissarionov
  0 siblings, 1 reply; 3+ messages in thread
From: Jacob Keller @ 2025-04-30 20:46 UTC (permalink / raw)
  To: Alexey V. Vissarionov, Andrew Lunn
  Cc: David S. Miller, Derek Chickles, Dr. David Alan Gilbert,
	Eric Dumazet, Felix Manlunas, Jakub Kicinski, Paolo Abeni, netdev,
	lvc-project



On 4/29/2025 2:00 PM, Alexey V. Vissarionov wrote:
> get_other_octeon_device() may return NULL; avoid dereferencing the
> other_oct pointer in that case.
> 
> Found by ALT Linux Team (altlinux.org) and Linux Verification Center
> (linuxtesting.org).
> 
> Fixes: bb54be589c7a ("liquidio: fix Octeon core watchdog timeout false alarm")
> Signed-off-by: Alexey V. Vissarionov <gremlin@altlinux.org>
> ---
>  drivers/net/ethernet/cavium/liquidio/lio_main.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
> index 1d79f6eaa41f6cbf..7b255126289b9fcd 100644
> --- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
> +++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
> @@ -796,10 +796,11 @@ static int liquidio_watchdog(void *param)
>  
>  #ifdef CONFIG_MODULE_UNLOAD
>  		vfs_mask1 = READ_ONCE(oct->sriov_info.vf_drv_loaded_mask);
> -		vfs_mask2 = READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
> -
> -		vfs_referencing_pf  = hweight64(vfs_mask1);
> -		vfs_referencing_pf += hweight64(vfs_mask2);
> +		vfs_referencing_pf = hweight64(vfs_mask1);
> +		if (other_oct) {
> +			vfs_mask2 = READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
> +			vfs_referencing_pf += hweight64(vfs_mask2);
> +		}

Obviously crashing when other_oct is NULL is bad..

But is it ok to proceed when it is NULL? Is leaving out the counts ok? I
guess I don't really understand what other_oct actually represents here.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH net] liquidio: check other_oct before dereferencing
  2025-04-30 20:46 ` Jacob Keller
@ 2025-05-05  3:00   ` Alexey V. Vissarionov
  0 siblings, 0 replies; 3+ messages in thread
From: Alexey V. Vissarionov @ 2025-05-05  3:00 UTC (permalink / raw)
  To: Jacob Keller
  Cc: Alexey V. Vissarionov, Andrew Lunn, David S. Miller,
	Derek Chickles, Dr. David Alan Gilbert, Eric Dumazet,
	Felix Manlunas, Jakub Kicinski, Paolo Abeni, netdev, lvc-project

Good ${greeting_time}!

On 2025-04-30 13:46:54 -0700, Jacob Keller wrote:

 >> get_other_octeon_device() may return NULL; avoid dereferencing
 >> the other_oct pointer in that case.
 >> @@ -796,10 +796,11 @@ static int liquidio_watchdog(void *param)
 >>
 >> #ifdef CONFIG_MODULE_UNLOAD
 >>		vfs_mask1 =
 >>		READ_ONCE(oct->sriov_info.vf_drv_loaded_mask);
 >> -		vfs_mask2 =
 >> READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
 >> -
 >> -		vfs_referencing_pf = hweight64(vfs_mask1);
 >> -		vfs_referencing_pf += hweight64(vfs_mask2);
 >> +		vfs_referencing_pf = hweight64(vfs_mask1);
 >> +		if (other_oct) {
 >> +			vfs_mask2 =
 >> READ_ONCE(other_oct->sriov_info.vf_drv_loaded_mask);
 >> +			vfs_referencing_pf += hweight64(vfs_mask2);
 >> +		}
 > Obviously crashing when other_oct is NULL is bad..

Yes, even if this happens only when attempting to unload the
module.

 > But is it ok to proceed when it is NULL? Is leaving out the
 > counts ok? I guess I don't really understand what other_oct
 > actually represents here.

As I can see, the vf_drv_loaded_mask is a bitmap containing
the flags for all existing virtual functions of all devices.
So, if there's no other device, its' functions are missing
and marked as unavailable in the vf_drv_loaded_mask.


-- 
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-05-05  3:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-29 21:00 [PATCH net] liquidio: check other_oct before dereferencing Alexey V. Vissarionov
2025-04-30 20:46 ` Jacob Keller
2025-05-05  3:00   ` Alexey V. Vissarionov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).