[net 3/8] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saeed Mahameed <saeed@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Eric Dumazet <edumazet@google.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
	netdev@vger.kernel.org, Tariq Toukan <tariqt@nvidia.com>,
	Gal Pressman <gal@nvidia.com>,
	Leon Romanovsky <leonro@nvidia.com>,
	Elena Salomatkina <esalomatkina@ispras.ru>,
	Simon Horman <horms@kernel.org>,
	Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Subject: [net 3/8] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
Date: Wed, 25 Sep 2024 13:20:08 -0700	[thread overview]
Message-ID: <20240925202013.45374-4-saeed@kernel.org> (raw)
In-Reply-To: <20240925202013.45374-1-saeed@kernel.org>

From: Elena Salomatkina <esalomatkina@ispras.ru>

In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..11f724ad90db 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,9 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
 	struct mlx5e_tir_builder *builder;
 
 	builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+	if (!builder)
+		return NULL;
+
 	builder->modify = modify;
 
 	return builder;
-- 
2.46.1

next prev parent reply	other threads:[~2024-09-25 20:20 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-25 20:20 [pull request][net 0/8] mlx5 fixes 2024-09-25 Saeed Mahameed
2024-09-25 20:20 ` [net 1/8] net/mlx5: Fix error path in multi-packet WQE transmit Saeed Mahameed
2024-10-03  0:30   ` patchwork-bot+netdevbpf
2024-09-25 20:20 ` [net 2/8] net/mlx5: Added cond_resched() to crdump collection Saeed Mahameed
2024-09-25 20:20 ` Saeed Mahameed [this message]
2024-09-25 20:20 ` [net 4/8] net/mlx5: Fix wrong reserved field in hca_cap_2 in mlx5_ifc Saeed Mahameed
2024-09-25 20:20 ` [net 5/8] net/mlx5: HWS, fixed double-free in error flow of creating SQ Saeed Mahameed
2024-09-25 20:20 ` [net 6/8] net/mlx5: HWS, changed E2BIG error to a negative return code Saeed Mahameed
2024-09-25 20:20 ` [net 7/8] net/mlx5e: SHAMPO, Fix overflow of hd_per_wq Saeed Mahameed
2024-09-25 20:20 ` [net 8/8] net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Saeed Mahameed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d4239e3b3c8 dfblob:11f724ad90d )
 OR (
bs:"[net 3/8] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240925202013.45374-4-saeed@kernel.org \
    --to=saeed@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=esalomatkina@ispras.ru \
    --cc=gal@nvidia.com \
    --cc=horms@kernel.org \
    --cc=kalesh-anakkur.purayil@broadcom.com \
    --cc=kuba@kernel.org \
    --cc=leonro@nvidia.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=saeedm@nvidia.com \
    --cc=tariqt@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.