Skip to content

Commit 4b31bcb

Browse files
committed
eth: fbnic: unlink NAPIs from queues on error to open
CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF is in the __sk_mark_napi_id_once() call in xsk_bind(), NAPI has been freed. Looks like the device failed to open earlier, and we lack clearing the NAPI pointer from the queue. Fixes: 557d022 ("eth: fbnic: centralize the queue count and NAPI<>queue setting") Reviewed-by: Alexander Duyck <alexanderduyck@fb.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250728163129.117360-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1 parent 1dbf1d5 commit 4b31bcb

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

drivers/net/ethernet/meta/fbnic/fbnic_netdev.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ int __fbnic_open(struct fbnic_net *fbn)
3333
dev_warn(fbd->dev,
3434
"Error %d sending host ownership message to the firmware\n",
3535
err);
36-
goto free_resources;
36+
goto err_reset_queues;
3737
}
3838

3939
err = fbnic_time_start(fbn);
@@ -57,6 +57,8 @@ int __fbnic_open(struct fbnic_net *fbn)
5757
fbnic_time_stop(fbn);
5858
release_ownership:
5959
fbnic_fw_xmit_ownership_msg(fbn->fbd, false);
60+
err_reset_queues:
61+
fbnic_reset_netif_queues(fbn);
6062
free_resources:
6163
fbnic_free_resources(fbn);
6264
free_napi_vectors:

0 commit comments

Comments
 (0)