* [PATCH] lag_conf: Added pointer check
@ 2022-11-15 8:56 Denis Arefev
2022-11-15 9:22 ` Simon Horman
2022-11-16 1:55 ` [PATCH] lag_conf: Added pointer Yinjun Zhang
0 siblings, 2 replies; 3+ messages in thread
From: Denis Arefev @ 2022-11-15 8:56 UTC (permalink / raw)
To: Simon Horman
Cc: Jakub Kicinski, David S. Miller, oss-drivers, netdev,
linux-kernel, ldv-project, trufanov, vfh
Return value of a function 'kmalloc_array' is dereferenced at lag_conf.c:347
without checking for null, but it is usually checked for this function.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
drivers/net/ethernet/netronome/nfp/flower/lag_conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
index 63907aeb3884..95ba6e92197d 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
@@ -276,7 +276,7 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
mutex_lock(&lag->lock);
list_for_each_entry_safe(entry, storage, &lag->group_list, list) {
- struct net_device *iter_netdev, **acti_netdevs;
+ struct net_device *iter_netdev, **acti_netdevs = NULL;
struct nfp_flower_repr_priv *repr_priv;
int active_count = 0, slaves = 0;
struct nfp_repr *repr;
@@ -308,6 +308,8 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
acti_netdevs = kmalloc_array(entry->slave_cnt,
sizeof(*acti_netdevs), GFP_KERNEL);
+ if (!acti_netdevs)
+ break;
/* Include sanity check in the loop. It may be that a bond has
* changed between processing the last notification and the
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] lag_conf: Added pointer check
2022-11-15 8:56 [PATCH] lag_conf: Added pointer check Denis Arefev
@ 2022-11-15 9:22 ` Simon Horman
2022-11-16 1:55 ` [PATCH] lag_conf: Added pointer Yinjun Zhang
1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2022-11-15 9:22 UTC (permalink / raw)
To: Denis Arefev
Cc: Simon Horman, Jakub Kicinski, David S. Miller, oss-drivers,
netdev, linux-kernel, ldv-project, trufanov, vfh
On Tue, Nov 15, 2022 at 11:56:37AM +0300, Denis Arefev wrote:
> [You don't often get email from arefev@swemel.ru. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Return value of a function 'kmalloc_array' is dereferenced at lag_conf.c:347
> without checking for null, but it is usually checked for this function.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Denis Arefev <arefev@swemel.ru>
Hi Denis,
thanks for highlighting this problem.
> ---
> drivers/net/ethernet/netronome/nfp/flower/lag_conf.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> index 63907aeb3884..95ba6e92197d 100644
> --- a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> +++ b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> @@ -276,7 +276,7 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
>
> mutex_lock(&lag->lock);
> list_for_each_entry_safe(entry, storage, &lag->group_list, list) {
> - struct net_device *iter_netdev, **acti_netdevs;
> + struct net_device *iter_netdev, **acti_netdevs = NULL;
I don't think it's necessary to set acti_netdevs here as
it is always set before use by the call to kmalloc_array().
> struct nfp_flower_repr_priv *repr_priv;
> int active_count = 0, slaves = 0;
> struct nfp_repr *repr;
> @@ -308,6 +308,8 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
>
> acti_netdevs = kmalloc_array(entry->slave_cnt,
> sizeof(*acti_netdevs), GFP_KERNEL);
> + if (!acti_netdevs)
> + break;
The indentation here doesn't look right.
Regarding the problem at hand, yes, I agree that it seems
that kmalloc_array() should be checked. But I am concerned that
simply break'ing here may lead to a bad state. And I'd like to ask
for some time to examine this more closely.
> /* Include sanity check in the loop. It may be that a bond has
> * changed between processing the last notification and the
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] lag_conf: Added pointer
2022-11-15 8:56 [PATCH] lag_conf: Added pointer check Denis Arefev
2022-11-15 9:22 ` Simon Horman
@ 2022-11-16 1:55 ` Yinjun Zhang
1 sibling, 0 replies; 3+ messages in thread
From: Yinjun Zhang @ 2022-11-16 1:55 UTC (permalink / raw)
To: arefev
Cc: davem, kuba, ldv-project, linux-kernel, netdev, oss-drivers,
simon.horman, trufanov, vfh
On Tue, 15 Nov 2022 11:56:37 +0300, Denis Arefev wrote:
> <...>
> @@ -308,6 +308,8 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
>
> acti_netdevs = kmalloc_array(entry->slave_cnt,
> sizeof(*acti_netdevs), GFP_KERNEL);
> + if (!acti_netdevs)
> + break;
I think we need give other entries and this entry itself one more chance by:
```
if (!acti_netdevs) {
schedule_delayed_work(&lag->work, NFP_FL_LAG_DELAY);
continue:
}
```
>
> /* Include sanity check in the loop. It may be that a bond has
> * changed between processing the last notification and the
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-16 1:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-15 8:56 [PATCH] lag_conf: Added pointer check Denis Arefev
2022-11-15 9:22 ` Simon Horman
2022-11-16 1:55 ` [PATCH] lag_conf: Added pointer Yinjun Zhang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.