[PATCH 5.10 218/252] gve: Add NULL pointer checks when freeing irqs.

From: Greg Kroah-Hartman
Date: Mon May 31 2021 - 11:05:45 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 193/252] ASoC: cs42l42: Regmap must use_single_read/write"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 226/252] staging: emxx_udc: fix loop in _nbu2ss_nuke()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 226/252] staging: emxx_udc: fix loop in _nbu2ss_nuke()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 193/252] ASoC: cs42l42: Regmap must use_single_read/write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Awogbemila <awogbemila@xxxxxxxxxx>

[ Upstream commit 5218e919c8d06279884aa0baf76778a6817d5b93 ]

When freeing notification blocks, we index priv->msix_vectors.
If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors)
this could lead to a NULL pointer dereference if the driver is unloaded.

Fixes: 893ce44df565 ("gve: Add basic driver framework for Compute Engine Virtual NIC")
Signed-off-by: David Awogbemila <awogbemila@xxxxxxxxxx>
Acked-by: Willem de Brujin <willemb@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/net/ethernet/google/gve/gve_main.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c
index a8fcf1227391..839102ea6aa1 100644
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -301,20 +301,22 @@ static void gve_free_notify_blocks(struct gve_priv *priv)
{
int i;

- /* Free the irqs */
- for (i = 0; i < priv->num_ntfy_blks; i++) {
- struct gve_notify_block *block = &priv->ntfy_blocks[i];
- int msix_idx = i;
-
- irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector,
- NULL);
- free_irq(priv->msix_vectors[msix_idx].vector, block);
+ if (priv->msix_vectors) {
+ /* Free the irqs */
+ for (i = 0; i < priv->num_ntfy_blks; i++) {
+ struct gve_notify_block *block = &priv->ntfy_blocks[i];
+ int msix_idx = i;
+
+ irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector,
+ NULL);
+ free_irq(priv->msix_vectors[msix_idx].vector, block);
+ }
+ free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv);
}
dma_free_coherent(&priv->pdev->dev,
priv->num_ntfy_blks * sizeof(*priv->ntfy_blocks),
priv->ntfy_blocks, priv->ntfy_block_bus);
priv->ntfy_blocks = NULL;
- free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv);
pci_disable_msix(priv->pdev);
kvfree(priv->msix_vectors);
priv->msix_vectors = NULL;
--
2.30.2

Next message: Greg Kroah-Hartman: "[PATCH 5.10 193/252] ASoC: cs42l42: Regmap must use_single_read/write"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 226/252] staging: emxx_udc: fix loop in _nbu2ss_nuke()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 226/252] staging: emxx_udc: fix loop in _nbu2ss_nuke()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 193/252] ASoC: cs42l42: Regmap must use_single_read/write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]