Re: [PATCH 4.4 10/43] net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata

From: Ben Hutchings
Date: Wed May 10 2017 - 11:30:52 EST

Next message: Marc Zyngier: "Re: [PATCH] irqchip/bcm2836: Move SMP startup code to arch/arm"
Previous message: Dmitry Monakhov: "Re: [PATCH 0/9] block: T10/DIF Fixes and cleanups v3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2017-05-01 at 14:27 -0700, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Florian Fainelli <f.fainelli@xxxxxxxxx>
>
> commit 8e6ce7ebeb34f0992f56de078c3744fb383657fa upstream.
>
> The label lio_xmit_failed is used 3 times through liquidio_xmit() but it
> always makes a call to dma_unmap_single() using potentially
> uninitialized variables from "ndata" variable. Out of the 3 gotos, 2 run
> after ndata has been initialized, and had a prior dma_map_single() call.
>
> Fix this by adding a new error label: lio_xmit_dma_failed which does
> this dma_unmap_single() and then processed with the lio_xmit_failed
> fallthrough.
>
> Fixes: f21fb3ed364bb ("Add support of Cavium Liquidio ethernet adapters")
> Reported-by: coverity (CID 1309740)
> Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> Cc: Julia Lawall <julia.lawall@xxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

This is not a complete fix:

> ---
> drivers/net/ethernet/cavium/liquidio/lio_main.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> --- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
> +++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
> @@ -2823,7 +2823,7 @@ static int liquidio_xmit(struct sk_buff
> if (!g) {
> netif_info(lio, tx_err, lio->netdev,
> "Transmit scatter gather: glist null!\n");
> - goto lio_xmit_failed;
> + goto lio_xmit_dma_failed;
> }
>
> cmdsetup.s.gather = 1;
[...]

This goto should not have been changed, as no DMA mapping has been
attempted at this point in the function.

This seems to have been fixed upstream by commit 6a885b60dad2 "liquidio:
Introduce new octeon2/3 header". I leave it to you to work out how it
should be fixed in 4.4-stable.

Ben.

--
Ben Hutchings
Software Developer, Codethink Ltd.

Next message: Marc Zyngier: "Re: [PATCH] irqchip/bcm2836: Move SMP startup code to arch/arm"
Previous message: Dmitry Monakhov: "Re: [PATCH 0/9] block: T10/DIF Fixes and cleanups v3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]