* [PATCH net] net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup
@ 2020-11-13 20:12 Subash Abhinov Kasiviswanathan
2020-11-17 0:40 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Subash Abhinov Kasiviswanathan @ 2020-11-13 20:12 UTC (permalink / raw)
To: kuba, davem, netdev; +Cc: Subash Abhinov Kasiviswanathan, Sean Tranchetti
During rmnet unregistration, the real device rx_handler is first cleared
followed by the removal of rx_handler_data after the rcu synchronization.
Any packets in the receive path may observe that the rx_handler is NULL.
However, there is no check when dereferencing this value to use the
rmnet_port information.
This fixes following splat by adding the NULL check.
Unable to handle kernel NULL pointer dereference at virtual
address 000000000000000d
pc : rmnet_rx_handler+0x124/0x284
lr : rmnet_rx_handler+0x124/0x284
rmnet_rx_handler+0x124/0x284
__netif_receive_skb_core+0x758/0xd74
__netif_receive_skb+0x50/0x17c
process_backlog+0x15c/0x1b8
napi_poll+0x88/0x284
net_rx_action+0xbc/0x23c
__do_softirq+0x20c/0x48c
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
index 29a7bfa..3d7d3ab 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
@@ -188,6 +188,11 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb)
dev = skb->dev;
port = rmnet_get_port_rcu(dev);
+ if (unlikely(!port)) {
+ atomic_long_inc(&skb->dev->rx_nohandler);
+ kfree_skb(skb);
+ goto done;
+ }
switch (port->rmnet_mode) {
case RMNET_EPMODE_VND:
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup
2020-11-13 20:12 [PATCH net] net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup Subash Abhinov Kasiviswanathan
@ 2020-11-17 0:40 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2020-11-17 0:40 UTC (permalink / raw)
To: Subash Abhinov Kasiviswanathan; +Cc: kuba, davem, netdev, stranche
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Fri, 13 Nov 2020 13:12:05 -0700 you wrote:
> During rmnet unregistration, the real device rx_handler is first cleared
> followed by the removal of rx_handler_data after the rcu synchronization.
>
> Any packets in the receive path may observe that the rx_handler is NULL.
> However, there is no check when dereferencing this value to use the
> rmnet_port information.
>
> [...]
Here is the summary with links:
- [net] net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup
https://git.kernel.org/netdev/net/c/fc70f5bf5e52
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-17 0:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-13 20:12 [PATCH net] net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup Subash Abhinov Kasiviswanathan
2020-11-17 0:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).