lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9f7beed4-588e-4503-80ba-adb0357a5d7d@kernel.org>
Date: Sat, 18 Nov 2023 11:53:41 +0200
From: Roger Quadros <rogerq@...nel.org>
To: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
Cc: Siddharth Vadapalli <s-vadapalli@...com>,
 Dan Carpenter <dan.carpenter@...aro.org>, netdev@...r.kernel.org,
 kernel@...gutronix.de
Subject: Re: [PATCH 1/7] net: ethernet: ti: am65-cpsw: Don't error out in
 .remove()



On 17/11/2023 11:16, Uwe Kleine-König wrote:
> Returning early from .remove() with an error code still results in the
> driver unbinding the device. So the driver core ignores the returned error
> code and the resources that were not freed are never catched up. In
> combination with devm this also often results in use-after-free bugs.
> 
> In case of the am65-cpsw-nuss driver there is an error path, but it's never
> taken because am65_cpts_resume() never fails (which however might be
> another problem). Still make this explicit and drop the early return in
> exchange for an error message (that is more useful than the error the
> driver core emits when .remove() returns non-zero).
> 
> This prepares changing am65_cpsw_nuss_remove() to return void.
> 
> Fixes: 93a76530316a ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver")
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
> ---
>  drivers/net/ethernet/ti/am65-cpsw-nuss.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/ti/am65-cpsw-nuss.c b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
> index ece9f8df98ae..960cb3fa0754 100644
> --- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
> +++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
> @@ -3007,9 +3007,12 @@ static int am65_cpsw_nuss_remove(struct platform_device *pdev)
>  
>  	common = dev_get_drvdata(dev);
>  
> -	ret = pm_runtime_resume_and_get(&pdev->dev);
> +	ret = pm_runtime_get_sync(&pdev->dev);
>  	if (ret < 0)
> -		return ret;
> +		/* am65_cpts_resume() doesn't fail, so handling ret < 0 is only
> +		 * for the sake of completeness.
> +		 */
> +		dev_err(dev, "runtime resume failed (%pe)\n", ERR_PTR(ret));

If the pm_runtime_get_sync() call fails then
am65_cpts_release()->am65_cpts_disable() will cause a bus error
as we are accessing the module with its power domain turned off.

So, the am65_cpts_disable() call needs to be avoided in
the pm_runtime_get_sync() failure path.

>  
>  	am65_cpsw_unregister_devlink(common);
>  	am65_cpsw_unregister_notifiers(common);

-- 
cheers,
-roger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ