1. Patchew
  2. linux
  3. View series

[PATCH 6.1] net: enetc: fix PF !of_device_is_available() teardown path

Vladimir Oltean posted 1 patch 2 days, 20 hours ago 
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH 6.1] net: enetc: fix PF !of_device_is_available() teardown path
Posted by Vladimir Oltean 2 days, 20 hours ago 
Upstream commit e15c5506dd39 ("net: enetc: allocate vf_state during PF
probes") was backported incorrectly to kernels where enetc_pf_probe()
still has to manually check whether the OF node of the PCI device is
enabled.

In kernels which contain commit bfce089ddd0e ("net: enetc: remove
of_device_is_available() handling") and its dependent change, commit
6fffbc7ae137 ("PCI: Honor firmware's device disabled status"), the
"err_device_disabled" label has disappeared. Yet, linux-6.1.y and
earlier still contains it.

The trouble is that upstream commit e15c5506dd39 ("net: enetc: allocate
vf_state during PF probes"), backported as 35668e29e979 in linux-6.1.y,
introduces new code for the err_setup_mac_addresses and err_alloc_netdev
labels which calls kfree(pf->vf_state). This code must not execute for
the err_device_disabled label, because at that stage, the pf structure
has not yet been allocated, and is an uninitialized pointer.

By moving the err_device_disabled label to undo just the previous
operation, i.e. a successful enetc_psi_create() call with
enetc_psi_destroy(), the dereference of uninitialized pf->vf_state is
avoided.

Fixes: 35668e29e979 ("net: enetc: allocate vf_state during PF probes")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Closes: https://lore.kernel.org/linux-patches/20260330073356.GA1017537@ax162/
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
---
 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.c b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
index 99422c0b4a26..8cb4c759b165 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pf.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
@@ -1393,10 +1393,10 @@ static int enetc_pf_probe(struct pci_dev *pdev,
 	si->ndev = NULL;
 	free_netdev(ndev);
 err_alloc_netdev:
-err_device_disabled:
 err_setup_mac_addresses:
 	kfree(pf->vf_state);
 err_alloc_vf_state:
+err_device_disabled:
 	enetc_psi_destroy(pdev);
 err_psi_create:
 	return err;
-- 
2.43.0
Re: [PATCH 6.1] net: enetc: fix PF !of_device_is_available() teardown path
Posted by Nathan Chancellor 1 day, 12 hours ago 
On Mon, Mar 30, 2026 at 11:19:44AM +0300, Vladimir Oltean wrote:
> Upstream commit e15c5506dd39 ("net: enetc: allocate vf_state during PF
> probes") was backported incorrectly to kernels where enetc_pf_probe()
> still has to manually check whether the OF node of the PCI device is
> enabled.
> 
> In kernels which contain commit bfce089ddd0e ("net: enetc: remove
> of_device_is_available() handling") and its dependent change, commit
> 6fffbc7ae137 ("PCI: Honor firmware's device disabled status"), the
> "err_device_disabled" label has disappeared. Yet, linux-6.1.y and
> earlier still contains it.
> 
> The trouble is that upstream commit e15c5506dd39 ("net: enetc: allocate
> vf_state during PF probes"), backported as 35668e29e979 in linux-6.1.y,
> introduces new code for the err_setup_mac_addresses and err_alloc_netdev
> labels which calls kfree(pf->vf_state). This code must not execute for
> the err_device_disabled label, because at that stage, the pf structure
> has not yet been allocated, and is an uninitialized pointer.
> 
> By moving the err_device_disabled label to undo just the previous
> operation, i.e. a successful enetc_psi_create() call with
> enetc_psi_destroy(), the dereference of uninitialized pf->vf_state is
> avoided.
> 
> Fixes: 35668e29e979 ("net: enetc: allocate vf_state during PF probes")
> Reported-by: Nathan Chancellor <nathan@kernel.org>
> Closes: https://lore.kernel.org/linux-patches/20260330073356.GA1017537@ax162/
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org> # build

> ---
>  drivers/net/ethernet/freescale/enetc/enetc_pf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.c b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
> index 99422c0b4a26..8cb4c759b165 100644
> --- a/drivers/net/ethernet/freescale/enetc/enetc_pf.c
> +++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
> @@ -1393,10 +1393,10 @@ static int enetc_pf_probe(struct pci_dev *pdev,
>  	si->ndev = NULL;
>  	free_netdev(ndev);
>  err_alloc_netdev:
> -err_device_disabled:
>  err_setup_mac_addresses:
>  	kfree(pf->vf_state);
>  err_alloc_vf_state:
> +err_device_disabled:
>  	enetc_psi_destroy(pdev);
>  err_psi_create:
>  	return err;
> -- 
> 2.43.0
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.