lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260125131956.GC13967@unreal>
Date: Sun, 25 Jan 2026 15:19:56 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Pavan Chebbi <pavan.chebbi@...adcom.com>
Cc: jgg@...pe.ca, michael.chan@...adcom.com, linux-kernel@...r.kernel.org,
	dave.jiang@...el.com, saeedm@...dia.com,
	Jonathan.Cameron@...wei.com, gospo@...adcom.com,
	selvin.xavier@...adcom.com, kalesh-anakkur.purayil@...adcom.com
Subject: Re: [PATCH fwctl 4/5] fwctl/bnxt_fwctl: Add bnxt fwctl device

On Sun, Jan 18, 2026 at 04:34:00AM -0800, Pavan Chebbi wrote:
> Create bnxt_fwctl device. This will bind to bnxt's aux device.
> On the upper edge, it will register with the fwctl subsystem.
> It will make use of bnxt's ULP functions to send FW commands.
> 
> Reviewed-by: Andy Gospodarek <gospo@...adcom.com>
> Reviewed-by: Dave Jiang <dave.jiang@...el.com>
> Signed-off-by: Pavan Chebbi <pavan.chebbi@...adcom.com>
> ---
>  MAINTAINERS                 |   6 +
>  drivers/fwctl/Kconfig       |  11 +
>  drivers/fwctl/Makefile      |   1 +
>  drivers/fwctl/bnxt/Makefile |   4 +
>  drivers/fwctl/bnxt/main.c   | 416 ++++++++++++++++++++++++++++++++++++
>  include/uapi/fwctl/bnxt.h   |  64 ++++++
>  include/uapi/fwctl/fwctl.h  |   1 +
>  7 files changed, 503 insertions(+)
>  create mode 100644 drivers/fwctl/bnxt/Makefile
>  create mode 100644 drivers/fwctl/bnxt/main.c
>  create mode 100644 include/uapi/fwctl/bnxt.h

<...>

> +static void *bnxtctl_fw_rpc(struct fwctl_uctx *uctx,
> +			    enum fwctl_rpc_scope scope,
> +			    void *in, size_t in_len, size_t *out_len)
> +{
> +	struct bnxtctl_dev *bnxtctl =
> +		container_of(uctx->fwctl, struct bnxtctl_dev, fwctl);
> +	struct bnxt_aux_priv *bnxt_aux_priv = bnxtctl->aux_priv;
> +	void *dma_virt_addr[MAX_NUM_DMA_INDICATIONS];
> +	dma_addr_t dma_addr[MAX_NUM_DMA_INDICATIONS];
> +	struct fwctl_dma_info_bnxt *dma_buf = NULL;
> +	struct device *dev = &uctx->fwctl->dev;
> +	struct fwctl_rpc_bnxt *msg = in;
> +	struct bnxt_fw_msg rpc_in;
> +	int i, rc, err = 0;
> +
> +	rpc_in.msg = memdup_user(u64_to_user_ptr(msg->req), msg->req_len);
> +	if (IS_ERR(rpc_in.msg))
> +		return rpc_in.msg;
> +
> +	if (!bnxtctl_validate_rpc(bnxt_aux_priv->edev, &rpc_in, scope)) {
> +		err = -EPERM;
> +		goto free_msg_out;
> +	}


<...>

> +free_msg_out:
> +	kfree(rpc_in.msg);
> +
> +	if (err) {
> +		kfree(rpc_in.resp);

You are kfree junk address here.

Thanks

> +		return ERR_PTR(err);
> +	}
> +
> +	return rpc_in.resp;
> +}
> +

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ