lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 Jun 2014 12:17:20 +0800
From:	Wei Yang <weiyang@...ux.vnet.ibm.com>
To:	Or Gerlitz <ogerlitz@...lanox.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org, amirv@...lanox.com,
	Wei Yang <weiyang@...ux.vnet.ibm.com>,
	Bjorn Helgaas <bhelgaas@...gle.com>,
	Jack Morgenstein <jackm@....mellanox.co.il>
Subject: Re: [PATCH net-next 2/2] net/mlx4_core: Keep only one driver entry
 release mlx4_priv

Thanks Or :-)

On Sun, Jun 08, 2014 at 01:49:46PM +0300, Or Gerlitz wrote:
>From: Wei Yang <weiyang@...ux.vnet.ibm.com>
>
>Following commit befdf89 "net/mlx4_core: Preserve pci_dev_data after
>__mlx4_remove_one()", there are two mlx4 pci callbacks which will
>attempt to release the mlx4_priv object -- .shutdown and .remove.
>
>This leads to a use-after-free access to the already freed mlx4_priv
>instance and trigger a "Kernel access of bad area" crash when both
>.shutdown and .remove are called.
>
>During reboot or kexec, .shutdown is called, with the VFs probed to
>the host going through shutdown first and then the PF. Later, the PF
>will trigger VFs' .remove since VFs still have driver attached.
>
>Fix that by keeping only one driver entry which releases mlx4_priv.
>
>Fixes: befdf89 ('net/mlx4_core: Preserve pci_dev_data after __mlx4_remove_one()')
>CC: Bjorn Helgaas <bhelgaas@...gle.com>
>Signed-off-by: Or Gerlitz <ogerlitz@...lanox.com>
>Signed-off-by: Jack Morgenstein <jackm@....mellanox.co.il>
>Signed-off-by: Wei Yang <weiyang@...ux.vnet.ibm.com>
>---
> drivers/net/ethernet/mellanox/mlx4/main.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
>index 19606a4..703121a 100644
>--- a/drivers/net/ethernet/mellanox/mlx4/main.c
>+++ b/drivers/net/ethernet/mellanox/mlx4/main.c
>@@ -2757,7 +2757,7 @@ static struct pci_driver mlx4_driver = {
> 	.name		= DRV_NAME,
> 	.id_table	= mlx4_pci_table,
> 	.probe		= mlx4_init_one,
>-	.shutdown	= mlx4_remove_one,
>+	.shutdown	= __mlx4_remove_one,
> 	.remove		= mlx4_remove_one,
> 	.err_handler    = &mlx4_err_handler,
> };
>-- 
>1.7.1

-- 
Richard Yang
Help you, Help me

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ