| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <02d685e2aa8721a119f528bde2f4ec9533101663.camel@siemens.com>
Date: Tue, 11 Mar 2025 13:53:10 +0000
From: "Sverdlin, Alexander" <alexander.sverdlin@...mens.com>
To: "andrew+netdev@...n.ch" <andrew+netdev@...n.ch>, "s-vadapalli@...com"
<s-vadapalli@...com>, "davem@...emloft.net" <davem@...emloft.net>,
"dan.carpenter@...aro.org" <dan.carpenter@...aro.org>, "jpanis@...libre.com"
<jpanis@...libre.com>, "c-vankar@...com" <c-vankar@...com>,
"pabeni@...hat.com" <pabeni@...hat.com>, "horms@...nel.org"
<horms@...nel.org>, "edumazet@...gle.com" <edumazet@...gle.com>,
"rogerq@...nel.org" <rogerq@...nel.org>, "kuba@...nel.org" <kuba@...nel.org>
CC: "linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>, "vigneshr@...com" <vigneshr@...com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "srk@...com"
<srk@...com>
Subject: Re: [PATCH net v2] net: ethernet: ti: am65-cpsw: Fix NAPI
registration sequence
Hi Siddharth!
On Tue, 2025-03-11 at 18:31 +0530, Siddharth Vadapalli wrote:
> From: Vignesh Raghavendra <vigneshr@...com>
>
> Registering the interrupts for TX or RX DMA Channels prior to registering
> their respective NAPI callbacks can result in a NULL pointer dereference.
> This is seen in practice as a random occurrence since it depends on the
> randomness associated with the generation of traffic by Linux and the
> reception of traffic from the wire.
>
> Fixes: 681eb2beb3ef ("net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path")
> Signed-off-by: Vignesh Raghavendra <vigneshr@...com>
> Co-developed-by: Siddharth Vadapalli <s-vadapalli@...com>
> Signed-off-by: Siddharth Vadapalli <s-vadapalli@...com>
...
> v1 of this patch is at:
> https://lore.kernel.org/all/20250311061214.4111634-1-s-vadapalli@ti.com/
> Changes since v1:
> - Based on the feedback provided by Alexander Sverdlin <alexander.sverdlin@...mens.com>
> the patch has been updated to account for the cleanup path in terms of an imbalance
> between the number of successful netif_napi_add_tx/netif_napi_add calls and the
> number of successful devm_request_irq() calls. In the event of an error, we will
> always have one extra successful netif_napi_add_tx/netif_napi_add that needs to be
> cleaned up before we clean an equal number of netif_napi_add_tx/netif_napi_add and
> devm_request_irq.
...
> --- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
> +++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
> @@ -2569,6 +2570,9 @@ static int am65_cpsw_nuss_init_rx_chns(struct am65_cpsw_common *common)
> HRTIMER_MODE_REL_PINNED);
> flow->rx_hrtimer.function = &am65_cpsw_nuss_rx_timer_callback;
>
> + netif_napi_add(common->dma_ndev, &flow->napi_rx,
> + am65_cpsw_nuss_rx_poll);
> +
> ret = devm_request_irq(dev, flow->irq,
> am65_cpsw_nuss_rx_irq,
> IRQF_TRIGGER_HIGH,
> @@ -2579,9 +2583,6 @@ static int am65_cpsw_nuss_init_rx_chns(struct am65_cpsw_common *common)
> flow->irq = -EINVAL;
> goto err_flow;
> }
> -
> - netif_napi_add(common->dma_ndev, &flow->napi_rx,
> - am65_cpsw_nuss_rx_poll);
> }
>
> /* setup classifier to route priorities to flows */
> @@ -2590,10 +2591,11 @@ static int am65_cpsw_nuss_init_rx_chns(struct am65_cpsw_common *common)
> return 0;
>
> err_flow:
> - for (--i; i >= 0 ; i--) {
> + netif_napi_del(&flow->napi_rx);
There are totally 3 "goto err_flow;" instances, so if k3_udma_glue_rx_flow_init() or
k3_udma_glue_rx_get_irq() would fail on the first iteration, we would come here without
a single call to netif_napi_add().
> + for (--i; i >= 0; i--) {
> flow = &rx_chn->flows[i];
> - netif_napi_del(&flow->napi_rx);
> devm_free_irq(dev, flow->irq, flow);
> + netif_napi_del(&flow->napi_rx);
> }
>
> err:
--
Alexander Sverdlin
Siemens AG
www.siemens.com
Powered by blists - more mailing lists