From: Dan Carpenter <dan.carpenter@linaro.org>
To: oe-kbuild@lists.linux.dev, Geetha sowjanya <gakula@marvell.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev, kuba@kernel.org,
davem@davemloft.net, pabeni@redhat.com, edumazet@google.com,
sgoutham@marvell.com, sbhatta@marvell.com, hkelam@marvell.com
Subject: Re: [net-next PATCH 3/9] octeontx2-pf: Create representor netdev
Date: Wed, 17 Apr 2024 18:36:47 +0300 [thread overview]
Message-ID: <d5ce5cd4-3d4f-444d-be1d-e201c1439421@moroto.mountain> (raw)
In-Reply-To: <a55c4d98-030c-420e-b29d-3836e1ce0876@moroto.mountain>
On Wed, Apr 17, 2024 at 06:24:13PM +0300, Dan Carpenter wrote:
> f9a5b510759eeb Geetha sowjanya 2024-04-16 132 int rvu_rep_create(struct otx2_nic *priv)
> f9a5b510759eeb Geetha sowjanya 2024-04-16 133 {
> f9a5b510759eeb Geetha sowjanya 2024-04-16 134 int rep_cnt = priv->rep_cnt;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 135 struct net_device *ndev;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 136 struct rep_dev *rep;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 137 int rep_id, err;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 138 u16 pcifunc;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 139
> f9a5b510759eeb Geetha sowjanya 2024-04-16 140 priv->reps = devm_kcalloc(priv->dev, rep_cnt, sizeof(struct rep_dev), GFP_KERNEL);
> f9a5b510759eeb Geetha sowjanya 2024-04-16 141 if (!priv->reps)
> f9a5b510759eeb Geetha sowjanya 2024-04-16 142 return -ENOMEM;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 143
> f9a5b510759eeb Geetha sowjanya 2024-04-16 144 for (rep_id = 0; rep_id < rep_cnt; rep_id++) {
> f9a5b510759eeb Geetha sowjanya 2024-04-16 145 ndev = alloc_etherdev(sizeof(*rep));
> f9a5b510759eeb Geetha sowjanya 2024-04-16 146 if (!ndev) {
> f9a5b510759eeb Geetha sowjanya 2024-04-16 147 dev_err(priv->dev, "PFVF representor:%d creation failed\n", rep_id);
> f9a5b510759eeb Geetha sowjanya 2024-04-16 148 err = -ENOMEM;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 149 goto exit;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 150 }
> f9a5b510759eeb Geetha sowjanya 2024-04-16 151
> f9a5b510759eeb Geetha sowjanya 2024-04-16 152 rep = netdev_priv(ndev);
> f9a5b510759eeb Geetha sowjanya 2024-04-16 153 priv->reps[rep_id] = rep;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 154 rep->mdev = priv;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 155 rep->netdev = ndev;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 156 rep->rep_id = rep_id;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 157
> f9a5b510759eeb Geetha sowjanya 2024-04-16 158 ndev->min_mtu = OTX2_MIN_MTU;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 159 ndev->max_mtu = priv->hw.max_mtu;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 160 pcifunc = priv->rep_pf_map[rep_id];
> f9a5b510759eeb Geetha sowjanya 2024-04-16 161 rep->pcifunc = pcifunc;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 162
> f9a5b510759eeb Geetha sowjanya 2024-04-16 163 snprintf(ndev->name, sizeof(ndev->name), "r%dp%dv%d", rep_id,
> f9a5b510759eeb Geetha sowjanya 2024-04-16 164 rvu_get_pf(pcifunc), (pcifunc & RVU_PFVF_FUNC_MASK));
> f9a5b510759eeb Geetha sowjanya 2024-04-16 165
> f9a5b510759eeb Geetha sowjanya 2024-04-16 166 eth_hw_addr_random(ndev);
> f9a5b510759eeb Geetha sowjanya 2024-04-16 167 if (register_netdev(ndev)) {
>
> err = register_netdev(ndev);
> if (err) {
>
> f9a5b510759eeb Geetha sowjanya 2024-04-16 168 dev_err(priv->dev, "PFVF reprentator registration failed\n");
> f9a5b510759eeb Geetha sowjanya 2024-04-16 169 free_netdev(ndev);
> ^^^^
> freed
>
> f9a5b510759eeb Geetha sowjanya 2024-04-16 @170 ndev->netdev_ops = NULL;
> ^^^^^^^^^^^^^^^^^^^^^^^
> Use after free
>
> f9a5b510759eeb Geetha sowjanya 2024-04-16 171 goto exit;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 172 }
> f9a5b510759eeb Geetha sowjanya 2024-04-16 173 }
> f9a5b510759eeb Geetha sowjanya 2024-04-16 174 err = rvu_rep_napi_init(priv);
> f9a5b510759eeb Geetha sowjanya 2024-04-16 175 if (err)
> f9a5b510759eeb Geetha sowjanya 2024-04-16 176 goto exit;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 177
> f9a5b510759eeb Geetha sowjanya 2024-04-16 178 return 0;
> f9a5b510759eeb Geetha sowjanya 2024-04-16 179 exit:
> f9a5b510759eeb Geetha sowjanya 2024-04-16 180 rvu_rep_free_netdev(priv);
>
> rvu_rep_free_netdev() also calls free_netdev() so it's a double free.
Actually the rep->netdev->netdev_ops check in rvu_rep_free_netdev() was
supposed to prevent the double free. But since rep->netdev is already
freed, then it's another use after free. You could use a different flag
instead of rep->netdev->netdev_ops to mean "don't free this". But
really, it's just better to write it how I have suggested.
My patch adds some duplicate code but when you remove the conditions in
rvu_rep_free_netdev() and the "ndev->netdev_ops = NULL" assignment, then
overall it's fewer lines of code this way.
https://staticthinking.wordpress.com/2022/04/28/free-the-last-thing-style/
regards,
dan carpenter
next prev parent reply other threads:[~2024-04-17 15:36 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-16 5:06 [net-next PATCH 0/9] Introduce RVU representors Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 1/9] octeontx2-pf: Refactoring RVU driver Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 2/9] octeontx2-pf: RVU representor driver Geetha sowjanya
2024-04-16 16:17 ` Kalesh Anakkur Purayil
2024-04-17 13:37 ` Dan Carpenter
2024-04-17 13:45 ` [EXTERNAL] " Geethasowjanya Akula
2024-04-17 16:22 ` kernel test robot
2024-04-16 5:06 ` [net-next PATCH 3/9] octeontx2-pf: Create representor netdev Geetha sowjanya
2024-04-17 0:31 ` kernel test robot
2024-04-17 1:24 ` kernel test robot
2024-04-17 4:28 ` Kalesh Anakkur Purayil
2024-04-17 13:43 ` [EXTERNAL] " Geethasowjanya Akula
2024-04-17 15:24 ` Dan Carpenter
2024-04-17 15:36 ` Dan Carpenter [this message]
2024-04-16 5:06 ` [net-next PATCH 4/9] octeontx2-pf: Add basic net_device_ops Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 5/9] octeontx2-af: Add packet path between representor and VF Geetha sowjanya
2024-04-17 4:10 ` Kalesh Anakkur Purayil
2024-04-17 4:15 ` Kalesh Anakkur Purayil
2024-04-17 13:48 ` [EXTERNAL] " Geethasowjanya Akula
2024-04-17 18:08 ` Dan Carpenter
2024-04-16 5:06 ` [net-next PATCH 6/9] octeontx2-pf: Get VF stats via representor Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 7/9] octeontx2-pf: Add support to sync link state between representor and VFs Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 8/9] octeontx2-pf: Configure VF mtu via representor Geetha sowjanya
2024-04-16 5:06 ` [net-next PATCH 9/9] octeontx2-pf: Add representors for sdp MAC Geetha sowjanya
-- strict thread matches above, loose matches on Subject: below --
2024-04-17 14:37 [net-next PATCH 3/9] octeontx2-pf: Create representor netdev kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d5ce5cd4-3d4f-444d-be1d-e201c1439421@moroto.mountain \
--to=dan.carpenter@linaro.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=hkelam@marvell.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=netdev@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=oe-kbuild@lists.linux.dev \
--cc=pabeni@redhat.com \
--cc=sbhatta@marvell.com \
--cc=sgoutham@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.