lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 18 Feb 2018 10:08:40 -0600
From:   Thomas Falcon <tlfalcon@...ux.vnet.ibm.com>
To:     netdev@...r.kernel.org
Cc:     nfont@...ux.vnet.ibm.com, jallen@...ux.vnet.ibm.com,
        Thomas Falcon <tlfalcon@...ux.vnet.ibm.com>
Subject: [PATCH net] ibmvnic: Clean RX pools only during a hard reset

Sorry, this fixes a bug in commit d0869c0071e4. The cause of the
bug is that "stale" RX buffers containing packet data are returned
to the driver after device close and open. While most buffers will be
returned with an error and handled by the polling routine, some buffers
will be returned as containing valid data. Unfortunately, the socket
buffers allocated were already freed when the device was closed, so
attempts to process them result in a panic.

RX pools still need to be cleaned in some cases, such as during
a fatal reset. In all other cases, the socket buffers will either
be freed in the polling routine or processed by the kernel.

Fixes: d0869c0071e4 ("ibmvnic: Clean RX pool buffers during device close")
Signed-off-by: Thomas Falcon <tlfalcon@...ux.vnet.ibm.com>
---
 drivers/net/ethernet/ibm/ibmvnic.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
index 996f475..6710313 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -1179,7 +1179,9 @@ static int __ibmvnic_close(struct net_device *netdev)
 			}
 		}
 	}
-	clean_rx_pools(adapter);
+	if (unlikely(adapter->resetting &&
+		     adapter->reset_reason != VNIC_RESET_NON_FATAL))
+		clean_rx_pools(adapter);
 	clean_tx_pools(adapter);
 	adapter->state = VNIC_CLOSED;
 	return rc;
-- 
2.7.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ