diff mbox series

net: fddi: fix UAF in fza_probe

Message ID 20210713105853.8979-1-paskripkin@gmail.com (mailing list archive)
State Accepted
Commit deb7178eb940e2c5caca1b1db084a69b2e59b4c9
Delegated to: Netdev Maintainers
Headers show
Series net: fddi: fix UAF in fza_probe | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Guessed tree name to be net-next
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cc_maintainers warning 1 maintainers not CCed: kuba@kernel.org
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes fail Link
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 10 lines checked
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/header_inline success Link

Commit Message

Pavel Skripkin July 13, 2021, 10:58 a.m. UTC
fp is netdev private data and it cannot be
used after free_netdev() call. Using fp after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() after error message.

Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700
TURBOchannel adapter")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
---
 drivers/net/fddi/defza.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org July 13, 2021, 4:50 p.m. UTC | #1
Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Tue, 13 Jul 2021 13:58:53 +0300 you wrote:
> fp is netdev private data and it cannot be
> used after free_netdev() call. Using fp after free_netdev()
> can cause UAF bug. Fix it by moving free_netdev() after error message.
> 
> Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700
> TURBOchannel adapter")
> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> 
> [...]

Here is the summary with links:
  - net: fddi: fix UAF in fza_probe
    https://git.kernel.org/netdev/net/c/deb7178eb940

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Maciej W. Rozycki July 13, 2021, 4:59 p.m. UTC | #2
On Tue, 13 Jul 2021, Pavel Skripkin wrote:

> fp is netdev private data and it cannot be
> used after free_netdev() call. Using fp after free_netdev()
> can cause UAF bug. Fix it by moving free_netdev() after error message.

 Can you justify the lines for a better layout?  The paragraph looks odd 
to me in its current form.

> Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700
> TURBOchannel adapter")
> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>

 Otherwise LGTM.  And a good catch, thank you!

Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk>

  Maciej
diff mbox series

Patch

diff --git a/drivers/net/fddi/defza.c b/drivers/net/fddi/defza.c
index 14f07050b6b1..0de2c4552f5e 100644
--- a/drivers/net/fddi/defza.c
+++ b/drivers/net/fddi/defza.c
@@ -1504,9 +1504,8 @@  static int fza_probe(struct device *bdev)
 	release_mem_region(start, len);
 
 err_out_kfree:
-	free_netdev(dev);
-
 	pr_err("%s: initialization failure, aborting!\n", fp->name);
+	free_netdev(dev);
 	return ret;
 }