From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Duoming Zhou <duoming@zju.edu.cn>,
Paolo Abeni <pabeni@redhat.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.2 024/110] cxgb4: fix use after free bugs caused by circular dependency problem
Date: Mon, 24 Apr 2023 15:16:46 +0200 [thread overview]
Message-ID: <20230424131137.040237149@linuxfoundation.org> (raw)
In-Reply-To: <20230424131136.142490414@linuxfoundation.org>
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit e50b9b9e8610d47b7c22529443e45a16b1ea3a15 ]
The flower_stats_timer can schedule flower_stats_work and
flower_stats_work can also arm the flower_stats_timer. The
process is shown below:
----------- timer schedules work ------------
ch_flower_stats_cb() //timer handler
schedule_work(&adap->flower_stats_work);
----------- work arms timer ------------
ch_flower_stats_handler() //workqueue callback function
mod_timer(&adap->flower_stats_timer, ...);
When the cxgb4 device is detaching, the timer and workqueue
could still be rearmed. The process is shown below:
(cleanup routine) | (timer and workqueue routine)
remove_one() |
free_some_resources() | ch_flower_stats_cb() //timer
cxgb4_cleanup_tc_flower() | schedule_work()
del_timer_sync() |
| ch_flower_stats_handler() //workqueue
| mod_timer()
cancel_work_sync() |
kfree(adapter) //FREE | ch_flower_stats_cb() //timer
| adap->flower_stats_work //USE
This patch changes del_timer_sync() to timer_shutdown_sync(),
which could prevent rearming of the timer from the workqueue.
Fixes: e0f911c81e93 ("cxgb4: fetch stats for offloaded tc flower flows")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20230415081227.7463-1-duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
index dd9be229819a5..d3541159487dd 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c
@@ -1135,7 +1135,7 @@ void cxgb4_cleanup_tc_flower(struct adapter *adap)
return;
if (adap->flower_stats_timer.function)
- del_timer_sync(&adap->flower_stats_timer);
+ timer_shutdown_sync(&adap->flower_stats_timer);
cancel_work_sync(&adap->flower_stats_work);
rhashtable_destroy(&adap->flower_tbl);
adap->tc_flower_initialized = false;
--
2.39.2
next prev parent reply other threads:[~2023-04-24 13:29 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-24 13:16 [PATCH 6.2 000/110] 6.2.13-rc1 review Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 001/110] ARM: dts: rockchip: fix a typo error for rk3288 spdif node Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 002/110] arm64: dts: rockchip: Lower sd speed on rk3566-soquartz Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 003/110] arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 004/110] arm64: dts: qcom: ipq8074-hk10: " Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 005/110] arm64: dts: meson-g12-common: specify full DMC range Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 006/110] arm64: dts: meson-g12-common: resolve conflict between canvas & pmu Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 007/110] perf/amlogic: adjust register offsets Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 008/110] arm64: dts: qcom: sc8280xp-pmics: fix pon compatible and registers Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 009/110] arm64: dts: imx8mm-evk: correct pmic clock source Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 010/110] arm64: dts: imx8mm-verdin: correct off-on-delay Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 011/110] arm64: dts: imx8mp-verdin: " Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 012/110] netfilter: br_netfilter: fix recent physdev match breakage Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 013/110] netfilter: nf_tables: Modify nla_memdups flag to GFP_KERNEL_ACCOUNT Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 014/110] rust: str: fix requierments->requirements typo Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 015/110] regulator: fan53555: Explicitly include bits header Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 016/110] regulator: fan53555: Fix wrong TCS_SLEW_MASK Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 017/110] net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 018/110] virtio_net: bugfix overflow inside xdp_linearize_page() Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 019/110] sfc: Fix use-after-free due to selftest_work Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 020/110] netfilter: nf_tables: fix ifdef to also consider nf_tables=m Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 021/110] i40e: fix accessing vsi->active_filters without holding lock Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 022/110] i40e: fix i40e_setup_misc_vector() error handling Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 023/110] netfilter: nf_tables: validate catch-all set elements Greg Kroah-Hartman
2023-04-24 13:16 ` Greg Kroah-Hartman [this message]
2023-04-24 13:16 ` [PATCH 6.2 025/110] netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 026/110] bnxt_en: Do not initialize PTP on older P3/P4 chips Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 027/110] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 028/110] LoongArch: Fix build error if CONFIG_SUSPEND is not set Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 029/110] bonding: Fix memory leak when changing bond type to Ethernet Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 030/110] net: rpl: fix rpl header size calculation Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 031/110] mlxsw: pci: Fix possible crash during initialization Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 032/110] spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe() Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 033/110] bpf: Fix incorrect verifier pruning due to missing register precision taints Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 034/110] net: dsa: microchip: ksz8795: Correctly handle huge frame configuration Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 035/110] bnxt_en: fix free-runnig PHC mode Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 036/110] e1000e: Disable TSO on i219-LM card to increase speed Greg Kroah-Hartman
2023-04-24 13:16 ` [PATCH 6.2 037/110] net: bridge: switchdev: dont notify FDB entries with "master dynamic" Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 038/110] f2fs: Fix f2fs_truncate_partial_nodes ftrace event Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 039/110] platform/x86/intel: vsec: Fix a memory leak in intel_vsec_add_aux Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 040/110] platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 041/110] selftests: sigaltstack: fix -Wuninitialized Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 042/110] scsi: megaraid_sas: Fix fw_crash_buffer_show() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 043/110] scsi: core: Improve scsi_vpd_inquiry() checks Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 044/110] net: dsa: b53: mmap: add phy ops Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 045/110] platform/x86: gigabyte-wmi: add support for B650 AORUS ELITE AX Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 046/110] s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 047/110] drm: buddy_allocator: Fix buddy allocator init on 32-bit systems Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 048/110] drm: test: Fix 32-bit issue in drm_buddy_test Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 049/110] nvme-tcp: fix a possible UAF when failing to allocate an io queue Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 050/110] xen/netback: use same error messages for same errors Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 051/110] platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 052/110] platform/x86: asus-nb-wmi: Add quirk_asus_tablet_mode to other ROG Flow X13 models Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 053/110] mtd: spi-nor: fix memory leak when using debugfs_lookup() Greg Kroah-Hartman
2023-04-24 13:17 ` Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 054/110] pwm: Zero-initialize the pwm_state passed to drivers .get_state() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 055/110] Revert "userfaultfd: dont fail on unrecognized features" Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 056/110] Revert "ACPICA: Events: Support fixed PCIe wake event" Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 057/110] iio: dac: ad5755: Add missing fwnode_handle_put() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 058/110] iio: light: tsl2772: fix reading proximity-diodes from device tree Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 059/110] ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 060/110] btrfs: set default discard iops_limit to 1000 Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 061/110] btrfs: reinterpret async discard iops_limit=0 as no delay Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 062/110] rust: kernel: Mark rust_fmt_argument as extern "C" Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 063/110] LoongArch: module: set section addresses to 0x0 Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 064/110] LoongArch: Check unwind_error() in arch_stack_walk() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 065/110] LoongArch: Fix probing of the CRC32 feature Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 066/110] LoongArch: Mark 3 symbol exports as non-GPL Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 067/110] wifi: ath9k: Dont mark channelmap stack variable read-only in ath9k_mci_update_wlan_channels() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 068/110] maple_tree: make maple state reusable after mas_empty_area_rev() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 069/110] maple_tree: fix mas_empty_area() search Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 070/110] maple_tree: fix a potential memory leak, OOB access, or other unpredictable bug Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 071/110] ASoC: SOF: ipc4-topology: Clarify bind failure caused by missing fw_module Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 072/110] nilfs2: initialize unused bytes in segment summary blocks Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 073/110] mptcp: stops worker on unaccepted sockets at listener close Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 074/110] mptcp: fix accept vs worker race Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 075/110] tools/mm/page_owner_sort.c: fix TGID output when cull=tg is used Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 076/110] memstick: fix memory leak if card device is never registered Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 077/110] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 078/110] writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 079/110] mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 080/110] drm/i915: Fix fast wake AUX sync len Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 081/110] drm/amdgpu: Fix desktop freezed after gpu-reset Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 082/110] drm/amd/display: set dcn315 lb bpp to 48 Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 083/110] drm/rockchip: vop2: fix suspend/resume Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 084/110] drm/rockchip: vop2: Use regcache_sync() to " Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 085/110] mm: fix memory leak on mm_init error handling Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 086/110] mm/userfaultfd: fix uffd-wp handling for THP migration entries Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 087/110] mm/khugepaged: check again on anon uffd-wp during isolation Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 088/110] mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 089/110] mm: kmsan: handle alloc failures in kmsan_ioremap_page_range() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 090/110] mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 091/110] mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 092/110] mm/mmap: regression fix for unmapped_area{_topdown} Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 093/110] cifs: avoid dup prefix path in dfs_get_automount_devname() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 094/110] KVM: arm64: Make vcpu flag updates non-preemptible Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 095/110] KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 096/110] MIPS: Define RUNTIME_DISCARD_EXIT in LD script Greg Kroah-Hartman
2023-04-24 13:17 ` [PATCH 6.2 097/110] LoongArch: Make -mstrict-align configurable Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 098/110] LoongArch: Make WriteCombine configurable for ioremap() Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 099/110] purgatory: fix disabling debug info Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 100/110] PCI/MSI: Remove over-zealous hardware size check in pci_msix_validate_entries() Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 101/110] gcc: disable -Warray-bounds for gcc-13 too Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 102/110] Input: cyttsp5 - fix sensing configuration data structure Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 103/110] Input: pegasus-notetaker - check pipe type when probing Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 104/110] iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 105/110] fpga: bridge: properly initialize bridge device before populating children Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 106/110] mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 107/110] ASoC: SOF: pm: Tear down pipelines only if DSP was active Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 108/110] ASoC: fsl_asrc_dma: fix potential null-ptr-deref Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 109/110] ASoC: fsl_sai: Fix pins setting for i.MX8QM platform Greg Kroah-Hartman
2023-04-24 13:18 ` [PATCH 6.2 110/110] ASN.1: Fix check for strdup() success Greg Kroah-Hartman
2023-04-24 19:23 ` [PATCH 6.2 000/110] 6.2.13-rc1 review Markus Reichelt
2023-04-24 23:38 ` Ron Economos
2023-04-25 1:06 ` Guenter Roeck
2023-04-25 4:42 ` Bagas Sanjaya
2023-04-25 4:47 ` Bagas Sanjaya
2023-04-25 7:03 ` Conor Dooley
2023-04-25 10:41 ` Chris Paterson
2023-04-25 10:44 ` Jon Hunter
2023-04-25 10:45 ` Jon Hunter
2023-04-25 15:14 ` Naresh Kamboju
2023-04-26 0:18 ` Shuah Khan
2023-04-26 1:46 ` Justin Forbes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230424131137.040237149@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=duoming@zju.edu.cn \
--cc=pabeni@redhat.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.