Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure

Next message: Naveen N Rao: "Re: [PATCH v2 2/5] KVM: SVM: Always intercept RDMSR for TMCCT (current APIC timer count)"
Previous message: Borislav Petkov: "Re: [PATCH v7 1/7] fs/resctrl: Tidy up the error path in resctrl_mkdir_event_configs()"
In reply to: Paolo Abeni: "Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure"
Next in thread: Jakub Kicinski: "Re: [PATCH net v2] eth: fbnic: fix double-free of PCS on phylink creation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Thu May 07 2026 - 10:28:13 EST

On Thu, 7 May 2026 12:34:24 +0200 Paolo Abeni wrote:
> > Clearing fbd->netdev to NULL avoids UAF in init_failure_mode where
> > callers guard by checking !fbd->netdev, such as fbnic_mdio_read_pmd().
> > These callers remain active even after a failed probe, so fdb->netdev
> > still needs to be cleared.
> >
> > Fixes: d0fe7104c795 ("fbnic: Replace use of internal PCS w/ Designware XPCS")
> > Signed-off-by: Bobby Eshleman <bobbyeshleman@xxxxxxxx>
>
> Note that sashiko-gemini spotted a pre-existing issue:
>
> https://sashiko.dev/#/patchset/20260504-fbnic-pcs-fix-v2-1-de45192821d9%40meta.com
>
> does not block this patch but could deserve a follow-up.

fbd is a devlink priv, not netdev priv, touching it after free_netdev()
is perfectly fine. I wish Gemini tried a *little* harder instead of
guessing :| Sorry for not commenting earlier.