lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <29efcfe2-852d-4df2-9b9c-a06b4fd2deed@lunn.ch>
Date: Tue, 29 Oct 2024 13:37:07 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Jeremy Kerr <jk@...econstruct.com.au>
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Joel Stanley <joel@....id.au>,
	Jacky Chou <jacky_chou@...eedtech.com>,
	Jacob Keller <jacob.e.keller@...el.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net 1/2] net: ethernet: ftgmac100: prevent use after free
 on unregister when using NCSI

On Tue, Oct 29, 2024 at 12:32:53PM +0800, Jeremy Kerr wrote:
> Hi Andrew,
> 
> > ftgmac100_remove() should be a mirror of ftgmac100_probe() which does
> > not register the ncsi device....
> 
> Sure it does:
> 
>     static int ftgmac100_probe(struct platform_device *pdev)
>     {
> 
>         /* ... */
> 
>         if (np && of_get_property(np, "use-ncsi", NULL)) {
>                 if (!IS_ENABLED(CONFIG_NET_NCSI)) {
>                         dev_err(&pdev->dev, "NCSI stack not enabled\n");
>                         err = -EINVAL;
>                         goto err_phy_connect;
>                 }
> 
>                 dev_info(&pdev->dev, "Using NCSI interface\n");
>                 priv->use_ncsi = true;
>  =>             priv->ndev = ncsi_register_dev(netdev, ftgmac100_ncsi_handler);
>                 if (!priv->ndev) {
>                         err = -EINVAL;
>                         goto err_phy_connect;
>                 }

Ah, OK, i missed that.

However, _open and _stop are not mirrors.

For ftgmac100_open():

        if (netdev->phydev) {
                /* If we have a PHY, start polling */
                phy_start(netdev->phydev);
        }
        if (priv->use_ncsi) {
                /* If using NC-SI, set our carrier on and start the stack */
                netif_carrier_on(netdev);

                /* Start the NCSI device */
                err = ncsi_start_dev(priv->ndev);
                if (err)
                        goto err_ncsi;
        }


ftgmac100_stop

        if (netdev->phydev)
                phy_stop(netdev->phydev);
        if (priv->use_ncsi)
                ncsi_stop_dev(priv->ndev);

The order should be reversed, you undo in the opposite order to what
you do. This is probably not the issue you are having, but it does
show this driver has ordering issues. If you solve the ordering
issues, i expect your problem goes away.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ