| Message ID | cover.1628091954.git.paskripkin@gmail.com |
|---|---|
| Headers | show |
| Series | net: fix use-after-free bugs | expand |
> -----Original Message----- > From: Pavel Skripkin <paskripkin@gmail.com> > Sent: 2021年8月4日 23:52 > To: davem@davemloft.net; kuba@kernel.org; Joakim Zhang > <qiangqing.zhang@nxp.com>; hslester96@gmail.com; fugang.duan@nxp.com > Cc: dan.carpenter@oracle.com; netdev@vger.kernel.org; > linux-kernel@vger.kernel.org; Pavel Skripkin <paskripkin@gmail.com> > Subject: [PATCH 1/2] net: fec: fix use-after-free in fec_drv_remove > > Smatch says: > drivers/net/ethernet/freescale/fec_main.c:3994 fec_drv_remove() error: > Using fep after free_{netdev,candev}(ndev); > drivers/net/ethernet/freescale/fec_main.c:3995 fec_drv_remove() error: > Using fep after free_{netdev,candev}(ndev); > > Since fep pointer is netdev private data, accessing it after free_netdev() call can > cause use-after-free bug. Fix it by moving free_netdev() call at the end of the > function > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Fixes: a31eda65ba21 ("net: fec: fix clock count mis-match") > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> > --- Thanks. Reviewed-by: Joakim Zhang <qiangqing.zhang@nxp.com> Best Regards, Joakim Zhang
Hello: This series was applied to netdev/net.git (refs/heads/master): On Wed, 4 Aug 2021 18:48:57 +0300 you wrote: > I've added new checker to smatch yesterday. It warns about using > netdev_priv() pointer after free_{netdev,candev}() call. I hope, it will > get into next smatch release. > > Some of the reported bugs are fixed and upstreamed already, but Dan ran new > smatch with allmodconfig and found 2 more. Big thanks to Dan for doing it, > because I totally forgot to do it. > > [...] Here is the summary with links: - [1/2] net: fec: fix use-after-free in fec_drv_remove https://git.kernel.org/netdev/net/c/44712965bf12 - [2/2] net: vxge: fix use-after-free in vxge_device_unregister https://git.kernel.org/netdev/net/c/942e560a3d38 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
I've added new checker to smatch yesterday. It warns about using netdev_priv() pointer after free_{netdev,candev}() call. I hope, it will get into next smatch release. Some of the reported bugs are fixed and upstreamed already, but Dan ran new smatch with allmodconfig and found 2 more. Big thanks to Dan for doing it, because I totally forgot to do it. Pavel Skripkin (2): net: fec: fix use-after-free in fec_drv_remove net: vxge: fix use-after-free in vxge_device_unregister drivers/net/ethernet/freescale/fec_main.c | 2 +- drivers/net/ethernet/neterion/vxge/vxge-main.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)