Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Ke Xiao d3f4cb674d i40e: fix use-after-free in i40e_aqc_add_filters() 
[ Upstream commit 6a15584e99db8918b60e507539c7446375dcf366 ]

Commit 3116f59c12bd ("i40e: fix use-after-free in
i40e_sync_filters_subtask()") avoided use-after-free issues,
by increasing refcount during update the VSI filter list to
the HW. However, it missed the unicast situation.

When deleting an unicast FDB entry, the i40e driver will release
the mac_filter, and i40e_service_task will concurrently request
firmware to add the mac_filter, which will lead to the following
use-after-free issue.

Fix again for both netdev->uc and netdev->mc.

BUG: KASAN: use-after-free in i40e_aqc_add_filters+0x55c/0x5b0 [i40e]
Read of size 2 at addr ffff888eb3452d60 by task kworker/8:7/6379

CPU: 8 PID: 6379 Comm: kworker/8:7 Kdump: loaded Tainted: G
Workqueue: i40e i40e_service_task [i40e]
Call Trace:
 dump_stack+0x71/0xab
 print_address_description+0x6b/0x290
 kasan_report+0x14a/0x2b0
 i40e_aqc_add_filters+0x55c/0x5b0 [i40e]
 i40e_sync_vsi_filters+0x1676/0x39c0 [i40e]
 i40e_service_task+0x1397/0x2bb0 [i40e]
 process_one_work+0x56a/0x11f0
 worker_thread+0x8f/0xf40
 kthread+0x2a0/0x390
 ret_from_fork+0x1f/0x40

Allocated by task 21948:
 kasan_kmalloc+0xa6/0xd0
 kmem_cache_alloc_trace+0xdb/0x1c0
 i40e_add_filter+0x11e/0x520 [i40e]
 i40e_addr_sync+0x37/0x60 [i40e]
 __hw_addr_sync_dev+0x1f5/0x2f0
 i40e_set_rx_mode+0x61/0x1e0 [i40e]
 dev_uc_add_excl+0x137/0x190
 i40e_ndo_fdb_add+0x161/0x260 [i40e]
 rtnl_fdb_add+0x567/0x950
 rtnetlink_rcv_msg+0x5db/0x880
 netlink_rcv_skb+0x254/0x380
 netlink_unicast+0x454/0x610
 netlink_sendmsg+0x747/0xb00
 sock_sendmsg+0xe2/0x120
 __sys_sendto+0x1ae/0x290
 __x64_sys_sendto+0xdd/0x1b0
 do_syscall_64+0xa0/0x370
 entry_SYSCALL_64_after_hwframe+0x65/0xca

Freed by task 21948:
 __kasan_slab_free+0x137/0x190
 kfree+0x8b/0x1b0
 __i40e_del_filter+0x116/0x1e0 [i40e]
 i40e_del_mac_filter+0x16c/0x300 [i40e]
 i40e_addr_unsync+0x134/0x1b0 [i40e]
 __hw_addr_sync_dev+0xff/0x2f0
 i40e_set_rx_mode+0x61/0x1e0 [i40e]
 dev_uc_del+0x77/0x90
 rtnl_fdb_del+0x6a5/0x860
 rtnetlink_rcv_msg+0x5db/0x880
 netlink_rcv_skb+0x254/0x380
 netlink_unicast+0x454/0x610
 netlink_sendmsg+0x747/0xb00
 sock_sendmsg+0xe2/0x120
 __sys_sendto+0x1ae/0x290
 __x64_sys_sendto+0xdd/0x1b0
 do_syscall_64+0xa0/0x370
 entry_SYSCALL_64_after_hwframe+0x65/0xca

Fixes: 3116f59c12bd ("i40e: fix use-after-free in i40e_sync_filters_subtask()")
Fixes: 41c445ff0f48 ("i40e: main driver core")
Signed-off-by: Ke Xiao <xiaoke@sangfor.com.cn>
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
Cc: Di Zhu <zhudi2@huawei.com>
Reviewed-by: Jan Sokolowski <jan.sokolowski@intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-18 12:12:07 +01:00
..
accessibility Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA 2024-11-18 12:10:57 +01:00
amba Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
android binder_alloc: Disable debug logging by default 2024-11-17 17:43:54 +01:00
ata ata: pata_isapnp: Add missing error check for devm_ioport_map() 2024-11-18 12:10:54 +01:00
atm atm: solos-pci: Fix potential deadlock on &tx_queue_lock 2024-11-18 12:11:48 +01:00
auxdisplay Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
base devcoredump: Send uevent once devcd is ready 2024-11-18 12:11:48 +01:00
battery drivers: battery_v2: sec_battery: export {CURRENT/VOLTAGE}_MAX to sysfs 2024-11-17 17:43:14 +01:00
bcma Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block zram: use copy_page for full page copy 2024-11-17 17:41:38 +01:00
bluetooth Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE 2024-11-18 11:43:27 +01:00
bts Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bus bus: ti-sysc: Flush posted write only after srst_udelay 2024-11-18 12:12:01 +01:00
cdrom Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
char hwrng: geode - fix accessing registers 2024-11-18 11:43:02 +01:00
clk clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks 2024-11-18 11:43:22 +01:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2024-11-18 11:43:12 +01:00
connector Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2024-11-08 11:25:51 +01:00
cpufreq cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily 2024-11-18 12:11:13 +01:00
cpuidle Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crypto crypto: qat - increase size of buffers 2024-11-18 11:43:03 +01:00
dax Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dca Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devfreq PM / devfreq: rockchip-dfi: Make pmu regmap mandatory 2024-11-18 11:42:49 +01:00
dio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dma dmaengine: stm32-mdma: correct desc prep when channel running 2024-11-18 11:43:25 +01:00
dma-buf Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
edac Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eisa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extcon Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fingerprint Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
firewire firewire: core: fix possible memory leak in create_units() 2024-11-18 12:11:08 +01:00
firmware firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit 2024-11-18 11:43:25 +01:00
fpga Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gnss Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gpio gpiolib: sysfs: Fix error handling on failed export 2024-11-18 12:11:45 +01:00
gpu drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern 2024-11-18 12:12:06 +01:00
greybus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gud Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hid HID: hid-asus: add const to read-only outgoing usb buffer 2024-11-18 12:11:57 +01:00
hsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hv Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hwmon hwmon: (acpi_power_meter) Fix 4.29 MW bug 2024-11-18 12:11:41 +01:00
hwspinlock Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hwtracing Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
i2c i2c: aspeed: Handle the coalesced stop conditions with the start conditions. 2024-11-18 12:11:59 +01:00
i3c i3c: master: cdns: Fix reading status register 2024-11-18 11:43:26 +01:00
ide Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
idle Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ifconn Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iio iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() 2024-11-18 12:12:00 +01:00
infiniband RDMA/bnxt_re: Correct module description string 2024-11-18 12:11:41 +01:00
input Input: soc_button_array - add mapping for airplane mode button 2024-11-18 12:12:01 +01:00
interconnect interconnect: Treat xlate() returning NULL node as an error 2024-11-18 12:12:00 +01:00
iommu iommu/vt-d: Add MTL to quirk list to skip TE disabling 2024-11-18 12:11:09 +01:00
ipack Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irqchip irqchip/stm32-exti: add missing DT IRQ flag translation 2024-11-18 10:58:46 +01:00
isdn Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kperfmon Kperfmon: add xyunbound version 2024-06-15 16:28:49 -03:00
kq/mesh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
leds leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' 2024-11-18 11:43:05 +01:00
lightnvm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
macintosh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mailbox Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mcb mcb: fix error handling for different scenarios when parsing 2024-11-18 11:43:25 +01:00
md dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() 2024-11-18 12:12:03 +01:00
media media: ccs: Correctly initialise try compose rectangle 2024-11-18 12:10:56 +01:00
memory Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
memstick Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
message Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mfd mfd: dln2: Fix double put in dln2_probe 2024-11-18 11:43:04 +01:00
misc misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write 2024-11-18 12:11:45 +01:00
mmc mmc: block: Be sure to wait while busy in CQE error recovery 2024-11-18 12:11:47 +01:00
most Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mtd mtd: cfi_cmdset_0001: Byte swap OTP info 2024-11-18 11:43:26 +01:00
muic Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mux Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
net i40e: fix use-after-free in i40e_aqc_add_filters() 2024-11-18 12:12:07 +01:00
nfc drivers/nfc_logger: Fix implicit int 2024-06-15 16:28:48 -03:00
ntb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nubus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvdimm nd_btt: Make BTT lanes preemptible 2024-11-18 11:43:03 +01:00
nvme nvmet: nul-terminate the NQNs passed in the connect command 2024-11-18 12:10:55 +01:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2024-11-18 10:58:31 +01:00
of of: base: Fix some formatting issues and provide missing descriptions 2024-11-18 12:11:27 +01:00
opp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
oprofile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parisc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parport parport: Add support for Brainboxes IX/UC/PX parallel cards 2024-11-18 12:11:45 +01:00
pci Revert "PCI: acpiphp: Reassign resources on bridge if necessary" 2024-11-18 12:11:50 +01:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2024-11-18 11:43:06 +01:00
perf perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 2024-11-08 11:24:52 +01:00
phy phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins 2024-11-08 11:26:20 +01:00
pinctrl pinctrl: at91-pio4: use dedicated lock class for IRQ 2024-11-18 12:11:59 +01:00
platform platform/x86: intel_telemetry: Fix kernel doc descriptions 2024-11-18 12:11:56 +01:00
pnp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
power Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
powercap Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pps Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ps3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ptp ptp: annotate data-race around q->head and q->tail 2024-11-18 11:43:19 +01:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2024-11-18 11:43:07 +01:00
rapidio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ras Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
regulator regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" 2024-11-08 11:26:17 +01:00
remoteproc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reset reset: Fix crash when freeing non-existent optional resets 2024-11-18 12:11:58 +01:00
rpmsg rpmsg: Fix possible refcount leak in rpmsg_register_device_override() 2024-11-18 10:58:46 +01:00
rtc rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call 2024-11-18 11:43:06 +01:00
s390 s390/dasd: protect device queue against concurrent access 2024-11-18 12:10:57 +01:00
samsung Fix clang 16 errors treewide 2024-06-15 16:28:48 -03:00
sbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scsi scsi: core: Always send batch on reset or error handling command 2024-11-18 12:12:05 +01:00
sensorhub treewide: fix build errors 2024-06-15 16:21:17 -03:00
sensors Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sfi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
siox Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
slimbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
soc soc: qcom: llcc: Handle a second device without data corruption 2024-11-18 11:43:02 +01:00
soundwire soundwire: stream: fix NULL pointer dereference for multi_link 2024-11-18 12:11:57 +01:00
spi spi: atmel: Fix PDC transfer setup bug 2024-11-18 12:12:04 +01:00
spmi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
spu_verify Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ssb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
staging net: vlan: introduce skb_vlan_eth_hdr() 2024-11-18 12:11:48 +01:00
sti Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
target Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tee tee: optee: Fix supplicant based device enumeration 2024-11-18 12:11:39 +01:00
thermal thermal: core: prevent potential string overflow 2024-11-18 11:42:50 +01:00
thunderbolt thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge 2024-11-08 11:26:11 +01:00
tty tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() 2024-11-18 12:11:58 +01:00
uh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
usb usb: fotg210-hcd: delete an incorrect bounds test 2024-11-18 12:12:02 +01:00
vdpa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vfio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vhost Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vibrator Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
video fbdev: stifb: Make the STI next font pointer a 32-bit signed offset 2024-11-18 12:11:12 +01:00
virt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virtio virtio-mmio: fix memory leak of vm_dev 2024-11-18 10:58:28 +01:00
vision Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vision3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
visorbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vlynq Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vme Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
w1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watchdog Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xen swiotlb-xen: provide the "max_mapping_size" method 2024-11-18 12:10:57 +01:00
zorro Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Kconfig.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Makefile.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00