Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure

Next message: Xilin Wu: "[PATCH 3/3] arm64: dts: qcom: sc8280xp: Add reg and clocks for QoS configuration"
Previous message: Kaustabh Chakraborty: "Re: [PATCH v3 0/2] Configuring DMA threshold value for DW-MMC controllers"
In reply to: Jakub Kicinski: "Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure"
Next in thread: Bobby Eshleman: "Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Thu May 07 2026 - 10:32:12 EST

On Thu, 7 May 2026 07:24:53 -0700 Jakub Kicinski wrote:
> On Thu, 7 May 2026 12:34:24 +0200 Paolo Abeni wrote:
> > > Clearing fbd->netdev to NULL avoids UAF in init_failure_mode where
> > > callers guard by checking !fbd->netdev, such as fbnic_mdio_read_pmd().
> > > These callers remain active even after a failed probe, so fdb->netdev
> > > still needs to be cleared.
> > >
> > > Fixes: d0fe7104c795 ("fbnic: Replace use of internal PCS w/ Designware XPCS")
> > > Signed-off-by: Bobby Eshleman <bobbyeshleman@xxxxxxxx>
> >
> > Note that sashiko-gemini spotted a pre-existing issue:
> >
> > https://sashiko.dev/#/patchset/20260504-fbnic-pcs-fix-v2-1-de45192821d9%40meta.com
> >
> > does not block this patch but could deserve a follow-up.
>
> fbd is a devlink priv, not netdev priv, touching it after free_netdev()
> is perfectly fine. I wish Gemini tried a *little* harder instead of
> guessing :| Sorry for not commenting earlier.

Ugh, not enough coffee. It's complaining about MDIO reads, I think
that's valid.