From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Shalom Toledo <shalomt@mellanox.com>,
Jiri Pirko <jiri@mellanox.com>,
Ido Schimmel <idosch@mellanox.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.19 15/24] mlxsw: core: Fix devlink unregister flow
Date: Fri, 2 Nov 2018 19:34:48 +0100 [thread overview]
Message-ID: <20181102182842.146919357@linuxfoundation.org> (raw)
In-Reply-To: <20181102182839.725385066@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shalom Toledo <shalomt@mellanox.com>
[ Upstream commit a22712a962912faf257e857ab6857f56a93cfb34 ]
After a failed reload, the driver is still registered to devlink, its
devlink instance is still allocated and the 'reload_fail' flag is set.
Then, in the next reload try, the driver's allocated devlink instance will
be freed without unregistering from devlink and its components (e.g,
resources). This scenario can cause a use-after-free if the user tries to
execute command via devlink user-space tool.
Fix by not freeing the devlink instance during reload (failed or not).
Fixes: 24cc68ad6c46 ("mlxsw: core: Add support for reload")
Signed-off-by: Shalom Toledo <shalomt@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/core.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/core.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/core.c
@@ -943,8 +943,8 @@ static int mlxsw_devlink_core_bus_device
mlxsw_core->bus,
mlxsw_core->bus_priv, true,
devlink);
- if (err)
- mlxsw_core->reload_fail = true;
+ mlxsw_core->reload_fail = !!err;
+
return err;
}
@@ -1083,8 +1083,15 @@ void mlxsw_core_bus_device_unregister(st
{
struct devlink *devlink = priv_to_devlink(mlxsw_core);
- if (mlxsw_core->reload_fail)
- goto reload_fail;
+ if (mlxsw_core->reload_fail) {
+ if (!reload)
+ /* Only the parts that were not de-initialized in the
+ * failed reload attempt need to be de-initialized.
+ */
+ goto reload_fail_deinit;
+ else
+ return;
+ }
if (mlxsw_core->driver->fini)
mlxsw_core->driver->fini(mlxsw_core);
@@ -1098,9 +1105,12 @@ void mlxsw_core_bus_device_unregister(st
if (!reload)
devlink_resources_unregister(devlink, NULL);
mlxsw_core->bus->fini(mlxsw_core->bus_priv);
- if (reload)
- return;
-reload_fail:
+
+ return;
+
+reload_fail_deinit:
+ devlink_unregister(devlink);
+ devlink_resources_unregister(devlink, NULL);
devlink_free(devlink);
}
EXPORT_SYMBOL(mlxsw_core_bus_device_unregister);
next prev parent reply other threads:[~2018-11-03 3:45 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-02 18:34 [PATCH 4.19 00/24] 4.19.1-stable review Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 01/24] bridge: do not add port to router list when receives query with source 0.0.0.0 Greg Kroah-Hartman
2019-02-17 14:29 ` Sebastian Gottschall
2019-02-17 16:48 ` Greg Kroah-Hartman
2019-02-18 10:18 ` Sebastian Gottschall
2019-02-20 12:48 ` Sebastian Gottschall
2019-02-20 13:09 ` Nikolay Aleksandrov
2019-02-20 13:11 ` Nikolay Aleksandrov
2019-02-20 14:46 ` Hangbin Liu
2019-02-21 12:50 ` Sebastian Gottschall
2019-02-21 11:41 ` Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 02/24] ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 03/24] net/mlx5e: fix csum adjustments caused by RXFCS Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 04/24] net: sched: gred: pass the right attribute to gred_change_table_def() Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 05/24] net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 06/24] net: udp: fix handling of CHECKSUM_COMPLETE packets Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 07/24] Revert "net: simplify sock_poll_wait" Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 08/24] rtnetlink: Disallow FDB configuration for non-Ethernet device Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 09/24] vhost: Fix Spectre V1 vulnerability Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 10/24] bonding: fix length of actor system Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 11/24] openvswitch: Fix push/pop ethernet validation Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 12/24] net/ipv6: Allow onlink routes to have a device mismatch if it is the default route Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 13/24] net/smc: fix smc_buf_unuse to use the lgr pointer Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 14/24] mlxsw: spectrum_switchdev: Dont ignore deletions of learned MACs Greg Kroah-Hartman
2018-11-02 18:34 ` Greg Kroah-Hartman [this message]
2018-11-02 18:34 ` [PATCH 4.19 16/24] net: drop skb on failure in ip_check_defrag() Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 17/24] net: Properly unlink GRO packets on overflow Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 18/24] r8169: fix broken Wake-on-LAN from S5 (poweroff) Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 19/24] Revert "be2net: remove desc field from be_eq_obj" Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 20/24] sctp: check policy more carefully when getting pr status Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 21/24] sparc64: Export __node_distance Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 22/24] sparc64: Make corrupted user stacks more debuggable Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 23/24] sparc64: Wire up compat getpeername and getsockname Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 24/24] net: bridge: remove ipv6 zero address check in mcast queries Greg Kroah-Hartman
2018-11-03 14:33 ` [PATCH 4.19 00/24] 4.19.1-stable review Guenter Roeck
2018-11-04 4:24 ` Naresh Kamboju
2018-11-04 7:10 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181102182842.146919357@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=idosch@mellanox.com \
--cc=jiri@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=shalomt@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).