From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Arthur Kiyanovski <akiyano@amazon.com>,
Sameeh Jubran <sameehj@amazon.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 17/21] net: ena: ena-com.c: prevent NULL pointer dereference
Date: Sat, 22 Feb 2020 21:24:07 -0500 [thread overview]
Message-ID: <20200223022411.2159-17-sashal@kernel.org> (raw)
In-Reply-To: <20200223022411.2159-1-sashal@kernel.org>
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit c207979f5ae10ed70aff1bb13f39f0736973de99 ]
comp_ctx can be NULL in a very rare case when an admin command is executed
during the execution of ena_remove().
The bug scenario is as follows:
* ena_destroy_device() sets the comp_ctx to be NULL
* An admin command is executed before executing unregister_netdev(),
this can still happen because our device can still receive callbacks
from the netdev infrastructure such as ethtool commands.
* When attempting to access the comp_ctx, the bug occurs since it's set
to NULL
Fix:
Added a check that comp_ctx is not NULL
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_com.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 552db5399503f..31e0cf1442012 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -199,6 +199,11 @@ static inline void comp_ctxt_release(struct ena_com_admin_queue *queue,
static struct ena_comp_ctx *get_comp_ctxt(struct ena_com_admin_queue *queue,
u16 command_id, bool capture)
{
+ if (unlikely(!queue->comp_ctx)) {
+ pr_err("Completion context is NULL\n");
+ return NULL;
+ }
+
if (unlikely(command_id >= queue->q_depth)) {
pr_err("command id is larger than the queue size. cmd_id: %u queue size %d\n",
command_id, queue->q_depth);
--
2.20.1
next prev parent reply other threads:[~2020-02-23 2:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-23 2:23 [PATCH AUTOSEL 4.14 01/21] ipmi:ssif: Handle a possible NULL pointer reference Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 02/21] drm/msm: Set dma maximum segment size for mdss Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 03/21] dax: pass NOWAIT flag to iomap_apply Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 04/21] mac80211: consider more elements in parsing CRC Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 05/21] cfg80211: check wiphy driver existence for drvinfo report Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 06/21] qmi_wwan: re-add DW5821e pre-production variant Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 07/21] qmi_wwan: unconditionally reject 2 ep interfaces Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 08/21] arm/ftrace: Fix BE text poking Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 09/21] net: ena: fix potential crash when rxfh key is NULL Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 10/21] net: ena: fix uses of round_jiffies() Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 11/21] net: ena: add missing ethtool TX timestamping indication Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 12/21] net: ena: fix incorrect default RSS key Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 13/21] net: ena: rss: fix failure to get indirection table Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 14/21] net: ena: rss: store hash function as values and not bits Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 15/21] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 16/21] net: ena: ethtool: use correct value for crc32 hash Sasha Levin
2020-02-23 2:24 ` Sasha Levin [this message]
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 18/21] enic: prevent waking up stopped tx queues over watchdog reset Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 19/21] cifs: Fix mode output in debugging statements Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 20/21] bcache: ignore pending signals when creating gc and allocator thread Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 21/21] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200223022411.2159-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akiyano@amazon.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sameehj@amazon.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.