[Intel-wired-lan] [PATCH net-queue v1 2/2] igb: Fix user-after-free error during reset

Brelinski, TonyX tonyx.brelinski at intel.com
Fri Jun 25 22:37:30 UTC 2021


> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces at osuosl.org> On Behalf Of
> Vinicius Costa Gomes
> Sent: Thursday, May 13, 2021 5:31 PM
> To: intel-wired-lan at lists.osuosl.org
> Cc: erez.geva.ext at siemens.com
> Subject: [Intel-wired-lan] [PATCH net-queue v1 2/2] igb: Fix user-after-free
> error during reset
> 
> Cleans the next descriptor to watch (next_to_watch) when cleaning the TX
> ring.
> 
> Failure to do so can cause invalid memory accesses. If igc_poll() runs while
> the controller is reset this can lead to the driver try to free a skb that was
> already freed.
> 
> (The crash is harder to reproduce with the igb driver, but the same potential
> problem exists as the code is identical to igc)
> 
> Fixes: 7cc6fd4c60f2 ("igb: Don't bother clearing Tx buffer_info in
> igb_clean_tx_ring")
> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes at intel.com>
> Reported-by: Erez Geva <erez.geva.ext at siemens.com>
> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 2 ++
>  1 file changed, 2 insertions(+)

Tested-by: Tony Brelinski <tonyx.brelinski at intel.com> (A Contingent Worker at Intel)




More information about the Intel-wired-lan mailing list