Merge: CVE-2025-38417: ice: fix eswitch code memory leak in reset scenario

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7223

JIRA: https://issues.redhat.com/browse/RHEL-108151
CVE: CVE-2025-38417

commit 48c8b21
Author: Grzegorz Nitka <grzegorz.nitka@intel.com>
Date:   Fri May 16 15:09:07 2025 +0200

    ice: fix eswitch code memory leak in reset scenario

    Add simple eswitch mode checker in attaching VF procedure and allocate
    required port representor memory structures only in switchdev mode.
    The reset flows triggers VF (if present) detach/attach procedure.
    It might involve VF port representor(s) re-creation if the device is
    configured is switchdev mode (not legacy one).
    The memory was blindly allocated in current implementation,
    regardless of the mode and not freed if in legacy mode.

    Kmemeleak trace:
    unreferenced object (percpu) 0x7e3bce5b888458 (size 40):
      comm "bash", pid 1784, jiffies 4295743894
      hex dump (first 32 bytes on cpu 45):
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace (crc 0):
        pcpu_alloc_noprof+0x4c4/0x7c0
        ice_repr_create+0x66/0x130 [ice]
        ice_repr_create_vf+0x22/0x70 [ice]
        ice_eswitch_attach_vf+0x1b/0xa0 [ice]
        ice_reset_all_vfs+0x1dd/0x2f0 [ice]
        ice_pci_err_resume+0x3b/0xb0 [ice]
        pci_reset_function+0x8f/0x120
        reset_store+0x56/0xa0
        kernfs_fop_write_iter+0x120/0x1b0
        vfs_write+0x31c/0x430
        ksys_write+0x61/0xd0
        do_syscall_64+0x5b/0x180
        entry_SYSCALL_64_after_hwframe+0x76/0x7e

    Testing hints (ethX is PF netdev):
    - create at least one VF
        echo 1 > /sys/class/net/ethX/device/sriov_numvfs
    - trigger the reset
        echo 1 > /sys/class/net/ethX/device/reset

    Fixes: 415db83 ("ice: make representor code generic")
    Signed-off-by: Grzegorz Nitka <grzegorz.nitka@intel.com>
    Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
    Reviewed-by: Simon Horman <horms@kernel.org>
    Tested-by: Rinitha S <sx.rinitha@intel.com> (A Contingent worker at Intel)
    Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>

Approved-by: Michal Schmidt <mschmidt@redhat.com>
Approved-by: José Ignacio Tornos Martínez <jtornosm@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Jarod Wilson <jarod@redhat.com>

Author: jarodwilson

drivers/net/ethernet/intel/ice/ice_eswitch.c

@@ -502,10 +502,14 @@ ice_eswitch_attach(struct ice_pf *pf, struct ice_repr *repr, unsigned long *id)
  */
 int ice_eswitch_attach_vf(struct ice_pf *pf, struct ice_vf *vf)
 {
-	struct ice_repr *repr = ice_repr_create_vf(vf);
 	struct devlink *devlink = priv_to_devlink(pf);
+	struct ice_repr *repr;
 	int err;
 
+	if (!ice_is_eswitch_mode_switchdev(pf))
+		return 0;
+
+	repr = ice_repr_create_vf(vf);
 	if (IS_ERR(repr))
 		return PTR_ERR(repr);