Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/net/ethernet/amd
History
Shannon Nelson dfd76010f8 pds_core: remove write-after-free of client_id 
A use-after-free error popped up in stress testing:

[Mon Apr 21 21:21:33 2025] BUG: KFENCE: use-after-free write in pdsc_auxbus_dev_del+0xef/0x160 [pds_core]
[Mon Apr 21 21:21:33 2025] Use-after-free write at 0x000000007013ecd1 (in kfence-#47):
[Mon Apr 21 21:21:33 2025]  pdsc_auxbus_dev_del+0xef/0x160 [pds_core]
[Mon Apr 21 21:21:33 2025]  pdsc_remove+0xc0/0x1b0 [pds_core]
[Mon Apr 21 21:21:33 2025]  pci_device_remove+0x24/0x70
[Mon Apr 21 21:21:33 2025]  device_release_driver_internal+0x11f/0x180
[Mon Apr 21 21:21:33 2025]  driver_detach+0x45/0x80
[Mon Apr 21 21:21:33 2025]  bus_remove_driver+0x83/0xe0
[Mon Apr 21 21:21:33 2025]  pci_unregister_driver+0x1a/0x80

The actual device uninit usually happens on a separate thread
scheduled after this code runs, but there is no guarantee of order
of thread execution, so this could be a problem.  There's no
actual need to clear the client_id at this point, so simply
remove the offending code.

Fixes: 10659034c6 ("pds_core: add the aux client API")
Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250425203857.71547-1-shannon.nelson@amd.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-04-28 15:54:30 -07:00
..
pds_core pds_core: remove write-after-free of client_id 2025-04-28 15:54:30 -07:00
xgbe amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload 2025-04-28 13:59:59 -07:00
7990.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
7990.h
Kconfig net: handle HAS_IOPORT dependencies 2024-04-08 11:56:56 +01:00
Makefile
a2065.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
a2065.h
amd8111e.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
amd8111e.h net: amd8111e: Remove duplicate definition of PCI_VENDOR_ID_AMD 2024-10-28 15:48:51 -07:00
ariadne.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
ariadne.h
atarilance.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
au1000_eth.c net: au1000_eth: Mark au1000_ReleaseDB() static 2025-03-25 08:27:27 -07:00
au1000_eth.h
declance.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
hplance.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
hplance.h
lance.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
mvme147.c net: amd: mvme147: Fix probe banner message 2024-10-09 12:45:51 +01:00
nmclan_cs.c net: annotate data-races around dev->if_port 2024-05-08 18:51:30 -07:00
pcnet32.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
sun3lance.c net: amd: add missing MODULE_DESCRIPTION() macros 2024-06-19 17:21:40 -07:00
sunlance.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00