[PATCH] net-sysfs: fix NULL pointer dereference

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Qasim Ijaz <qasdev00@gmail.com>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
	pabeni@redhat.com, horms@kernel.org, atenart@kernel.org,
	jdamato@fastly.com, aleksander.lobakin@intel.com
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] net-sysfs: fix NULL pointer dereference
Date: Wed,  5 Mar 2025 23:53:07 +0000	[thread overview]
Message-ID: <20250305235307.14829-1-qasdev00@gmail.com> (raw)

Commit <79c61899b5ee> introduces a potential NULL pointer dereference 
in the sysfs_rtnl_lock() function when initialising kn:

	kn = sysfs_break_active_protection(kobj, attr);

The commit overlooks the fact that sysfs_break_active_protection can 
return NULL if kernfs_find_and_get() fails to find and get the kernfs_node 
with the given name. 

Later on the code calls sysfs_unbreak_active_protection(kn) 
unconditionally, which could lead to a NULL pointer dereference.

Resolve this bug by introducing a NULL check before using kn
in the sysfs_unbreak_active_protection() call.

Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Fixes: 79c61899b5ee ("net-sysfs: remove rtnl_trylock from device attributes")
---
 net/core/net-sysfs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 8d9dc048a548..c5085588e536 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -117,7 +117,8 @@ static int sysfs_rtnl_lock(struct kobject *kobj, struct attribute *attr,
 	 * the rtnl lock.
 	 */
 unbreak:
-	sysfs_unbreak_active_protection(kn);
+	if (kn)
+		sysfs_unbreak_active_protection(kn);
 	dev_put(ndev);

 	return ret;
-- 
2.39.5

next             reply	other threads:[~2025-03-05 23:53 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-05 23:53 Qasim Ijaz [this message]
2025-03-06  8:12 ` [PATCH] net-sysfs: fix NULL pointer dereference Antoine Tenart
  -- strict thread matches above, loose matches on Subject: below --
2025-03-08 12:43 Qasim Ijaz
2025-03-10 16:29 ` Antoine Tenart

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8d9dc048a54 dfblob:c5085588e53 )
 OR (
bs:"[PATCH] net-sysfs: fix NULL pointer dereference" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250305235307.14829-1-qasdev00@gmail.com \
    --to=qasdev00@gmail.com \
    --cc=aleksander.lobakin@intel.com \
    --cc=atenart@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=jdamato@fastly.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.