From: Jon Mason <jdmason@kudzu.us>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Wentao_Liang <Wentao_Liang_g@163.com>,
davem@davemloft.net, edumazet@google.com, pabeni@redhat.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c
Date: Mon, 20 Jun 2022 10:40:16 -0400 [thread overview]
Message-ID: <YrCG0CZy4Onh/8RI@kudzu.us> (raw)
In-Reply-To: <20220615195050.6e4785ef@kernel.org>
On Wed, Jun 15, 2022 at 07:50:50PM -0700, Jakub Kicinski wrote:
> Jon, if you're there, do you have any sense on whether this HW is still
> in production somewhere? I scrolled thru last 5 years of the git history
> and there doesn't seem to be any meaningful change here while there's a
> significant volume of refactoring going in.
Neterion was killed off by Exar after acquiring it roughly a decade
ago. To my knowledge no one ever acquired the IP. So, this should be
viewed as an EOL'ed part. It is a mature driver and I believe there are
parts out in the field still. So, no need to kill off the driver.
Thanks,
Jon
>
>
> On the patch itself:
>
> On Wed, 15 Jun 2022 09:38:16 +0800 Wentao_Liang wrote:
> > Subject: [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c
>
> No need to repeat "[PATCH]"
> The driver is not called "vexy" as far as I can tell.
>
> > The pointer vdev points to a memory region adjacent to a net_device
> > structure ndev, which is a field of hldev. At line 4740, the invocation
> > to vxge_device_unregister unregisters device hldev, and it also releases
> > the memory region pointed by vdev->bar0. At line 4743, the freed memory
> > region is referenced (i.e., iounmap(vdev->bar0)), resulting in a
> > use-after-free vulnerability. We can fix the bug by calling iounmap
> > before vxge_device_unregister.
>
> Are you sure the bar0 is not needed by the netdev? You're freeing
> memory that the netdev may need until it's unregistered.
next prev parent reply other threads:[~2022-06-20 15:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 1:38 [PATCH] [PATCH net v2]vexy: Fix a use-after-free bug in vxge-main.c Wentao_Liang
2022-06-16 2:50 ` Jakub Kicinski
[not found] ` <1f10f9f8.6c02.1816cb0dc51.Coremail.wentao_liang_g@163.com>
2022-06-16 15:50 ` Jakub Kicinski
2022-06-20 14:40 ` Jon Mason [this message]
2022-06-20 15:02 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YrCG0CZy4Onh/8RI@kudzu.us \
--to=jdmason@kudzu.us \
--cc=Wentao_Liang_g@163.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.