diff mbox series

igb: Fix potential invalid memory access in igb_init_module()

Message ID 20241022063807.37561-1-yuancan@huawei.com (mailing list archive)
State New
Delegated to: Netdev Maintainers
Headers show
Series igb: Fix potential invalid memory access in igb_init_module() | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 13 of 13 maintainers
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 10 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 38 this patch: 38
netdev/source_inline success Was 0 now: 0
netdev/contest warning net-next-2024-10-22--15-00 (tests: 766)

Commit Message

Yuan Can Oct. 22, 2024, 6:38 a.m. UTC 
The pci_register_driver() can fail and when this happened, the dca_notifier
needs to be unregistered, otherwise the dca_notifier can be called when
igb fails to install, resulting to invalid memory access.

Fixes: fe4506b6a2f9 ("igb: add DCA support")
Signed-off-by: Yuan Can <yuancan@huawei.com>
---
 drivers/net/ethernet/intel/igb/igb_main.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Simon Horman Oct. 22, 2024, 3:56 p.m. UTC | #1 
+ Alexander Duyck

On Tue, Oct 22, 2024 at 02:38:07PM +0800, Yuan Can wrote:
> The pci_register_driver() can fail and when this happened, the dca_notifier
> needs to be unregistered, otherwise the dca_notifier can be called when
> igb fails to install, resulting to invalid memory access.
> 
> Fixes: fe4506b6a2f9 ("igb: add DCA support")

I don't think this problem was introduced by the commit cited above,
as it added the call to dca_unregister_notify() before
pci_register_driver(). But rather by the commit cited below which reversed
the order of these function calls.

bbd98fe48a43 ("igb: Fix DCA errors and do not use context index for 82576")

I'm unsure if it is necessary to repost the patch to address that.
But if you do, and assuming we are treating this as a bug fix,
please target it for the net (or iwl-net) tree like this:

Subject: [PATCH net v2] ...

> Signed-off-by: Yuan Can <yuancan@huawei.com>
> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> index f1d088168723..18284a838e24 100644
> --- a/drivers/net/ethernet/intel/igb/igb_main.c
> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> @@ -637,6 +637,10 @@ static int __init igb_init_module(void)
>  	dca_register_notify(&dca_notifier);
>  #endif
>  	ret = pci_register_driver(&igb_driver);
> +#ifdef CONFIG_IGB_DCA
> +	if (ret)
> +		dca_unregister_notify(&dca_notifier);
> +#endif
>  	return ret;
>  }
>  
> -- 
> 2.17.1
> 
>
Alexander Duyck Oct. 22, 2024, 5:25 p.m. UTC | #2 
On Tue, Oct 22, 2024 at 8:56 AM Simon Horman <horms@kernel.org> wrote:
>
> + Alexander Duyck
>
> On Tue, Oct 22, 2024 at 02:38:07PM +0800, Yuan Can wrote:
> > The pci_register_driver() can fail and when this happened, the dca_notifier
> > needs to be unregistered, otherwise the dca_notifier can be called when
> > igb fails to install, resulting to invalid memory access.
> >
> > Fixes: fe4506b6a2f9 ("igb: add DCA support")
>
> I don't think this problem was introduced by the commit cited above,
> as it added the call to dca_unregister_notify() before
> pci_register_driver(). But rather by the commit cited below which reversed
> the order of these function calls.
>
> bbd98fe48a43 ("igb: Fix DCA errors and do not use context index for 82576")
>
> I'm unsure if it is necessary to repost the patch to address that.
> But if you do, and assuming we are treating this as a bug fix,
> please target it for the net (or iwl-net) tree like this:
>
> Subject: [PATCH net v2] ...
>
> > Signed-off-by: Yuan Can <yuancan@huawei.com>
> > ---
> >  drivers/net/ethernet/intel/igb/igb_main.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> > index f1d088168723..18284a838e24 100644
> > --- a/drivers/net/ethernet/intel/igb/igb_main.c
> > +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> > @@ -637,6 +637,10 @@ static int __init igb_init_module(void)
> >       dca_register_notify(&dca_notifier);
> >  #endif
> >       ret = pci_register_driver(&igb_driver);
> > +#ifdef CONFIG_IGB_DCA
> > +     if (ret)
> > +             dca_unregister_notify(&dca_notifier);
> > +#endif
> >       return ret;
> >  }
> >

Makes sense to me. I agree on the "Fix DCA errors" patch being the one
that is being fixed. So essentially this is a notifier leak since we
are registering it but not unregistering.

Thanks,

- Alex
diff mbox series

Patch

diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index f1d088168723..18284a838e24 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -637,6 +637,10 @@  static int __init igb_init_module(void)
 	dca_register_notify(&dca_notifier);
 #endif
 	ret = pci_register_driver(&igb_driver);
+#ifdef CONFIG_IGB_DCA
+	if (ret)
+		dca_unregister_notify(&dca_notifier);
+#endif
 	return ret;
 }