1. Patchew
  2. linux
  3. [PATCH 0/3] Fix prestera driver fail to probe twice
  4. View patch

[PATCH 2/3] net: marvell: prestera: fix memory use after free

Elad Nachman posted 3 patches 1 year, 11 months ago
There is a newer version of this series
[PATCH 2/3] net: marvell: prestera: fix memory use after free
Posted by Elad Nachman 1 year, 11 months ago 
From: Elad Nachman <enachman@marvell.com>

Prestera driver routing module cleanup process would
release memory and then reference it again, and eventually
free it again.
Remove the redundant first memory free call.
All such double free calls were detected using KASAN.

Signed-off-by: Elad Nachman <enachman@marvell.com>
---
 drivers/net/ethernet/marvell/prestera/prestera_router.c    | 1 -
 drivers/net/ethernet/marvell/prestera/prestera_router_hw.c | 1 -
 2 files changed, 2 deletions(-)

diff --git a/drivers/net/ethernet/marvell/prestera/prestera_router.c b/drivers/net/ethernet/marvell/prestera/prestera_router.c
index de317179a7dc..2da04a17efad 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_router.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_router.c
@@ -1638,7 +1638,6 @@ void prestera_router_fini(struct prestera_switch *sw)
 	prestera_k_arb_abort(sw);
 
 	kfree(sw->router->nhgrp_hw_state_cache);
-	rhashtable_destroy(&sw->router->kern_fib_cache_ht);
 	prestera_router_hw_fini(sw);
 	kfree(sw->router);
 	sw->router = NULL;
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_router_hw.c b/drivers/net/ethernet/marvell/prestera/prestera_router_hw.c
index 02faaea2aefa..254107f664b4 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_router_hw.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_router_hw.c
@@ -102,7 +102,6 @@ void prestera_router_hw_fini(struct prestera_switch *sw)
 				    prestera_fib_node_destroy_ht_cb, sw);
 	WARN_ON(!list_empty(&sw->router->vr_list));
 	WARN_ON(!list_empty(&sw->router->rif_entry_list));
-	rhashtable_destroy(&sw->router->fib_ht);
 	rhashtable_destroy(&sw->router->nexthop_group_ht);
 	rhashtable_destroy(&sw->router->nh_neigh_ht);
 }
-- 
2.25.1
Re: [PATCH 2/3] net: marvell: prestera: fix memory use after free
Posted by Kory Maincent 1 year, 11 months ago 
On Mon, 11 Mar 2024 15:51:11 +0200
Elad Nachman <enachman@marvell.com> wrote:

> From: Elad Nachman <enachman@marvell.com>
> 
> Prestera driver routing module cleanup process would
> release memory and then reference it again, and eventually
> free it again.
> Remove the redundant first memory free call.
> All such double free calls were detected using KASAN.
 
Not directly related to this patch but I am wondering if
the call to prestera_port_sfp_unbind(port) is not missing in
prestera_destroy_ports() function?

Regards,
-- 
Köry Maincent, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.