| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <446abc60-b954-6c41-e6f6-62e0ff02c9e9@gmail.com>
Date: Thu, 13 Oct 2022 13:03:43 +0300
From: Tariq Toukan <ttoukan.linux@...il.com>
To: Leon Romanovsky <leon@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: Leon Romanovsky <leonro@...dia.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Emeel Hakim <ehakim@...dia.com>,
Eric Dumazet <edumazet@...gle.com>, linux-rdma@...r.kernel.org,
netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com>,
Raed Salem <raeds@...dia.com>,
Saeed Mahameed <saeedm@...dia.com>,
Tariq Toukan <tariqt@...dia.com>
Subject: Re: [PATCH net] net/mlx5e: Cleanup MACsec uninitialization routine
On 10/13/2022 10:21 AM, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@...dia.com>
>
> The mlx5e_macsec_cleanup() routine has pointer dereferencing if mlx5 device
> doesn't support MACsec (priv->macsec will be NULL) together with useless
> comment line, assignment and extra blank lines.
>
> Fix everything in one patch.
>
> Fixes: 1f53da676439 ("net/mlx5e: Create advanced steering operation (ASO) object for MACsec")
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Leon Romanovsky <leonro@...dia.com>
> ---
> .../net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 11 +----------
> 1 file changed, 1 insertion(+), 10 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> index 41970067917b..4331235b21ee 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
> @@ -1846,25 +1846,16 @@ int mlx5e_macsec_init(struct mlx5e_priv *priv)
> void mlx5e_macsec_cleanup(struct mlx5e_priv *priv)
> {
> struct mlx5e_macsec *macsec = priv->macsec;
> - struct mlx5_core_dev *mdev = macsec->mdev;
> + struct mlx5_core_dev *mdev = priv->mdev;
>
simply defer the mdev calculation to be after the early return, trying
to keep this macsec function as independent as possible.
> if (!macsec)
> return;
>
> mlx5_notifier_unregister(mdev, &macsec->nb);
> -
> mlx5e_macsec_fs_cleanup(macsec->macsec_fs);
> -
> - /* Cleanup workqueue */
> destroy_workqueue(macsec->wq);
> -
> mlx5e_macsec_aso_cleanup(&macsec->aso, mdev);
> -
> - priv->macsec = NULL;
> -
Why remove this assignment?
It protects against accessing freed memory, for instance when querying
the macsec stats, see
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_stats.c
> rhashtable_destroy(&macsec->sci_hash);
> -
> mutex_destroy(&macsec->lock);
> -
> kfree(macsec);
> }
Powered by blists - more mailing lists