Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

eth: fbnic: unlink NAPIs from queues on error to open

CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test.
The UaF is in the __sk_mark_napi_id_once() call in xsk_bind(),
NAPI has been freed. Looks like the device failed to open earlier,
and we lack clearing the NAPI pointer from the queue.

Fixes: 557d02238e05 ("eth: fbnic: centralize the queue count and NAPI<>queue setting")
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250728163129.117360-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

+3 -1
+3 -1
drivers/net/ethernet/meta/fbnic/fbnic_netdev.c
··· 33 33 dev_warn(fbd->dev, 34 34 "Error %d sending host ownership message to the firmware\n", 35 35 err); 36 - goto free_resources; 36 + goto err_reset_queues; 37 37 } 38 38 39 39 err = fbnic_time_start(fbn); ··· 57 57 fbnic_time_stop(fbn); 58 58 release_ownership: 59 59 fbnic_fw_xmit_ownership_msg(fbn->fbd, false); 60 + err_reset_queues: 61 + fbnic_reset_netif_queues(fbn); 60 62 free_resources: 61 63 fbnic_free_resources(fbn); 62 64 free_napi_vectors: