• Lorenzo Bianconi's avatar
    net: thunderx: fix NULL pointer dereference in nic_remove · f05ca3e4
    Lorenzo Bianconi authored
    [ Upstream commit 24a6d2dd263bc910de018c78d1148b3e33b94512 ]
    
    Fix a possible NULL pointer dereference in nic_remove routine
    removing the nicpf module if nic_probe fails.
    The issue can be triggered with the following reproducer:
    
    $rmmod nicvf
    $rmmod nicpf
    
    [  521.412008] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000014
    [  521.422777] Mem abort info:
    [  521.425561]   ESR = 0x96000004
    [  521.428624]   Exception class = DABT (current EL), IL = 32 bits
    [  521.434535]   SET = 0, FnV = 0
    [  521.437579]   EA = 0, S1PTW = 0
    [  521.440730] Data abort info:
    [  521.443603]   ISV = 0, ISS = 0x00000004
    [  521.447431]   CM = 0, WnR = 0
    [  521.450417] user pgtable: 4k pages, 48-bit VAs, pgdp = 0000000072a3da42
    [  521.457022] [0000000000000014] pgd=0000000000000000
    [  521.461916] Internal error: Oops: 96000004 [#1] SMP
    [  521.511801] Hardware name: GIGABYTE H270-T70/MT70-HD0, BIOS T49 02/02/2018
    [  521.518664] pstate: 80400005 (Nzcv daif +PAN -UAO)
    [  521.523451] pc : nic_remove+0x24/0x88 [nicpf]
    [  521.527808] lr : pci_device_remove+0x48/0xd8
    [  521.532066] sp : ffff000013433cc0
    [  521.535370] x29: ffff000013433cc0 x28: ffff810f6ac50000
    [  521.540672] x27: 0000000000000000 x26: 0000000000000000
    [  521.545974] x25: 0000000056000000 x24: 0000000000000015
    [  521.551274] x23: ffff8007ff89a110 x22: ffff000001667070
    [  521.556576] x21: ffff8007ffb170b0 x20: ffff8007ffb17000
    [  521.561877] x19: 0000000000000000 x18: 0000000000000025
    [  521.567178] x17: 0000000000000000 x16: 000000000000010ffc33ff98 x8 : 0000000000000000
    [  521.593683] x7 : 0000000000000000 x6 : 0000000000000001
    [  521.598983] x5 : 0000000000000002 x4 : 0000000000000003
    [  521.604284] x3 : ffff8007ffb17184 x2 : ffff8007ffb17184
    [  521.609585] x1 : ffff000001662118 x0 : ffff000008557be0
    [  521.614887] Process rmmod (pid: 1897, stack limit = 0x00000000859535c3)
    [  521.621490] Call trace:
    [  521.623928]  nic_remove+0x24/0x88 [nicpf]
    [  521.627927]  pci_device_remove+0x48/0xd8
    [  521.631847]  device_release_driver_internal+0x1b0/0x248
    [  521.637062]  driver_detach+0x50/0xc0
    [  521.640628]  bus_remove_driver+0x60/0x100
    [  521.644627]  driver_unregister+0x34/0x60
    [  521.648538]  pci_unregister_driver+0x24/0xd8
    [  521.652798]  nic_cleanup_module+0x14/0x111c [nicpf]
    [  521.657672]  __arm64_sys_delete_module+0x150/0x218
    [  521.662460]  el0_svc_handler+0x94/0x110
    [  521.666287]  el0_svc+0x8/0xc
    [  521.669160] Code: aa1e03e0 9102c295 d503201f f9404eb3 (b9401660)
    
    Fixes: 4863dea3 ("net: Adding support for Cavium ThunderX network controller")
    Signed-off-by: 's avatarLorenzo Bianconi <lorenzo.bianconi@redhat.com>
    Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    f05ca3e4
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...