projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e96b491)
gve: Add NULL pointer checks when freeing irqs.
authorDavid Awogbemila <awogbemila@google.com>
Mon, 17 May 2021 21:08:13 +0000 (14:08 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 17 May 2021 22:38:40 +0000 (15:38 -0700)
When freeing notification blocks, we index priv->msix_vectors.
If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors)
this could lead to a NULL pointer dereference if the driver is unloaded.

Fixes: 893ce44df565 ("gve: Add basic driver framework for Compute Engine Virtual NIC")
Signed-off-by: David Awogbemila <awogbemila@google.com>
Acked-by: Willem de Brujin <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/google/gve/gve_main.c patch | blob | history

diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c
index 6419294..21a5d05 100644 (file)
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -301,20 +301,22 @@ static void gve_free_notify_blocks(struct gve_priv *priv)
 {
        int i;
 
-       /* Free the irqs */
-       for (i = 0; i < priv->num_ntfy_blks; i++) {
-               struct gve_notify_block *block = &priv->ntfy_blocks[i];
-               int msix_idx = i;
-
-               irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector,
-                                     NULL);
-               free_irq(priv->msix_vectors[msix_idx].vector, block);
+       if (priv->msix_vectors) {
+               /* Free the irqs */
+               for (i = 0; i < priv->num_ntfy_blks; i++) {
+                       struct gve_notify_block *block = &priv->ntfy_blocks[i];
+                       int msix_idx = i;
+
+                       irq_set_affinity_hint(priv->msix_vectors[msix_idx].vector,
+                                             NULL);
+                       free_irq(priv->msix_vectors[msix_idx].vector, block);
+               }
+               free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv);
        }
        dma_free_coherent(&priv->pdev->dev,
                          priv->num_ntfy_blks * sizeof(*priv->ntfy_blocks),
                          priv->ntfy_blocks, priv->ntfy_block_bus);
        priv->ntfy_blocks = NULL;
-       free_irq(priv->msix_vectors[priv->mgmt_msix_idx].vector, priv);
        pci_disable_msix(priv->pdev);
        kvfree(priv->msix_vectors);
        priv->msix_vectors = NULL;
MicroBlaze GIT Repository