[net] net/mlx5e: Cleanup MACsec uninitialization routine

Message ID	b43b1c5aadd5cfdcd2e385ce32693220331700ba.1665645548.git.leonro@nvidia.com (mailing list archive)
State	Superseded
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <netdev-owner@kernel.org> From: Leon Romanovsky <leon@kernel.org> To: "David S . Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org> Cc: Leon Romanovsky <leonro@nvidia.com>, Dan Carpenter <dan.carpenter@oracle.com>, Emeel Hakim <ehakim@nvidia.com>, Eric Dumazet <edumazet@google.com>, linux-rdma@vger.kernel.org, netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>, Raed Salem <raeds@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>, Tariq Toukan <tariqt@nvidia.com> Subject: [PATCH net] net/mlx5e: Cleanup MACsec uninitialization routine Date: Thu, 13 Oct 2022 10:21:00 +0300 Message-Id: <b43b1c5aadd5cfdcd2e385ce32693220331700ba.1665645548.git.leonro@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[net] net/mlx5e: Cleanup MACsec uninitialization routine \| expand [net] net/mlx5e: Cleanup MACsec uninitialization routine

Context	Check	Description
netdev/tree_selection	success	Clearly marked for net
netdev/fixes_present	success	Fixes tag present in non-next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Single patches do not need cover letters
netdev/patch_count	success	Link
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 1 this patch: 1
netdev/cc_maintainers	warning	2 maintainers not CCed: liorna@nvidia.com borisp@nvidia.com
netdev/build_clang	success	Errors and warnings before: 0 this patch: 0
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	Fixes tag looks correct
netdev/build_allmodconfig_warn	success	Errors and warnings before: 1 this patch: 1
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 26 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Leon Romanovsky Oct. 13, 2022, 7:21 a.m. UTC

From: Leon Romanovsky <leonro@nvidia.com>

The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
doesn't support MACsec (priv->macsec will be NULL) together with useless
comment line, assignment and extra blank lines.

Fix everything in one patch.

Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
 .../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

Tariq Toukan Oct. 13, 2022, 10:03 a.m. UTC | #1

On 10/13/2022 10:21 AM, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
> doesn't support MACsec (priv->macsec will be NULL) together with useless
> comment line, assignment and extra blank lines.
> 
> Fix everything in one patch.
> 
> Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> ---
>   .../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 +----------
>   1 file changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> index 41970067917b..4331235b21ee 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> @@ -1846,25 +1846,16 @@ int mlx5e_macsec_init(struct mlx5e_priv *priv)
>   void mlx5e_macsec_cleanup(struct mlx5e_priv *priv)
>   {
>   	struct mlx5e_macsec *macsec = priv->macsec;
> -	struct mlx5_core_dev *mdev = macsec->mdev;
> +	struct mlx5_core_dev *mdev = priv->mdev;
>   

simply defer the mdev calculation to be after the early return, trying 
to keep this macsec function as independent as possible.

>   	if (!macsec)
>   		return;
>   
>   	mlx5_notifier_unregister(mdev, &macsec->nb);
> -
>   	mlx5e_macsec_fs_cleanup(macsec->macsec_fs);
> -
> -	/* Cleanup workqueue */
>   	destroy_workqueue(macsec->wq);
> -
>   	mlx5e_macsec_aso_cleanup(&macsec->aso, mdev);
> -
> -	priv->macsec = NULL;
> -

Why remove this assignment?

It protects against accessing freed memory, for instance when querying 
the macsec stats, see 
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_stats.c

>   	rhashtable_destroy(&macsec->sci_hash);
> -
>   	mutex_destroy(&macsec->lock);
> -
>   	kfree(macsec);
>   }

Leon Romanovsky Oct. 13, 2022, 10:14 a.m. UTC | #2

On Thu, Oct 13, 2022 at 01:03:43PM +0300, Tariq Toukan wrote:
> 
> 
> On 10/13/2022 10:21 AM, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
> > doesn't support MACsec (priv->macsec will be NULL) together with useless
> > comment line, assignment and extra blank lines.
> > 
> > Fix everything in one patch.
> > 
> > Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > ---
> >   .../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 +----------
> >   1 file changed, 1 insertion(+), 10 deletions(-)
> > 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> > index 41970067917b..4331235b21ee 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> > @@ -1846,25 +1846,16 @@ int mlx5e_macsec_init(struct mlx5e_priv *priv)
> >   void mlx5e_macsec_cleanup(struct mlx5e_priv *priv)
> >   {
> >   	struct mlx5e_macsec *macsec = priv->macsec;
> > -	struct mlx5_core_dev *mdev = macsec->mdev;
> > +	struct mlx5_core_dev *mdev = priv->mdev;
> 
> simply defer the mdev calculation to be after the early return, trying to
> keep this macsec function as independent as possible.

It is done to keep _cleanup symmetrical to _init one. The function
should operate on same priv->mdev as was used there without any relation
to macsec->mdev. Of course, it is the same pointer, but it is better to have
same code.

> 
> >   	if (!macsec)
> >   		return;
> >   	mlx5_notifier_unregister(mdev, &macsec->nb);
> > -
> >   	mlx5e_macsec_fs_cleanup(macsec->macsec_fs);
> > -
> > -	/* Cleanup workqueue */
> >   	destroy_workqueue(macsec->wq);
> > -
> >   	mlx5e_macsec_aso_cleanup(&macsec->aso, mdev);
> > -
> > -	priv->macsec = NULL;
> > -
> 
> Why remove this assignment?
> 
> It protects against accessing freed memory, for instance when querying the
> macsec stats, see
> drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_stats.c

You can't and shouldn't access anything related to MACsec after call to
mlx5e_macsec_cleanup(). If you do so, you are already in trouble as you
don't have any locking protection from stat access and cleanup.

So no, it doesn't protect from accessing freed memory. It is just
anti-pattern of hiding bugs related to unlocked concurrent accesses
and wrong release flows. Don't do it.

Thanks

> 
> >   	rhashtable_destroy(&macsec->sci_hash);
> > -
> >   	mutex_destroy(&macsec->lock);
> > -
> >   	kfree(macsec);
> >   }

Leon Romanovsky Oct. 18, 2022, 10:26 a.m. UTC | #3

On Thu, Oct 13, 2022 at 10:21:00AM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
> 
> The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
> doesn't support MACsec (priv->macsec will be NULL) together with useless
> comment line, assignment and extra blank lines.
> 
> Fix everything in one patch.
> 
> Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> ---
>  .../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 +----------
>  1 file changed, 1 insertion(+), 10 deletions(-)

Gentle ping.

Thanks

Jakub Kicinski Oct. 18, 2022, 6:04 p.m. UTC | #4

On Tue, 18 Oct 2022 13:26:09 +0300 Leon Romanovsky wrote:
> On Thu, Oct 13, 2022 at 10:21:00AM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@nvidia.com>
> > 
> > The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
> > doesn't support MACsec (priv->macsec will be NULL) together with useless
> > comment line, assignment and extra blank lines.
> > 
> > Fix everything in one patch.
> > 
> > Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
>
> Gentle ping.

Just repost. I'm guessing that the maintainer who marked it as Changes
Requested wasn't sure if Tariq was convinced and decided to err on the
side of caution. If you repost and Tariq doesn't disagree again the
case will be clear.

[net] net/mlx5e: Cleanup MACsec uninitialization routine

Checks

Commit Message

Comments

Patch