From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Erez Shitrit <erezsh@dev.mellanox.co.il>
Cc: Honggang Li <honli@redhat.com>, Roland Dreier <roland@kernel.org>,
sean.hefty@intel.com, hal.rosenstock@gmail.com, kaber@trash.net,
davem@davemloft.net, Alex Estrin <alex.estrin@intel.com>,
Doug Ledford <dledford@redhat.com>,
edumazet@google.com, Erez Shitrit <erezsh@mellanox.com>,
nicolas.dichtel@6wind.com, maheshb@google.com, jbenc@redhat.com,
ebiederm@xmission.com, elfring@users.sourceforge.net,
f.fainelli@gmail.com, linux@roeck-us.net, andrew@lunn.ch,
sfeldma@gmail.com, alexander.h.duyck@intel.com,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink
Date: Wed, 15 Apr 2015 10:06:23 -0600 [thread overview]
Message-ID: <20150415160623.GA4653@obsidianresearch.com> (raw)
In-Reply-To: <552E026A.4020200@dev.mellanox.co.il>
On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote:
> >>+ /* parent interface */
> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags))
> >>+ return dev->ifindex;
> >>+
> >>+ /* child/vlan interface */
> >>+ if (!priv->parent)
> >>+ return -1;
> >Like was said for other drivers, I can't see how parent can be null
> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if.
> It can, at least for ipoib child interface (AKA "vlan"), you can't
> control the call for that ndo and it can be called before the parent
> was set.
If the ndo can be called before the netdev private structures are fully
prepared then we have another bug, and returning -1 or 0 is not the right
answer anyhow.
For safety, fold this into your patch.
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9fad7b5ac8b9..e62b007adf5d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
/* MTU will be reset when mcast join happens */
priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu);
priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu;
+ priv->parent = ppriv->dev;
set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
result = ipoib_set_dev_features(priv, ppriv->ca);
@@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
goto register_failed;
}
- priv->parent = ppriv->dev;
-
ipoib_create_debug_files(priv->dev);
/* RTNL childs don't need proprietary sysfs entries */
next prev parent reply other threads:[~2015-04-15 16:07 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-14 15:20 [PATCH linux-next 0/4] fix possile NULL pointer dereference in ndo_get_iflink callback functions Honggang Li
2015-04-14 15:20 ` [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li
2015-04-14 15:34 ` Eric Dumazet
2015-04-14 15:44 ` Honggang LI
2015-04-14 15:49 ` Nicolas Dichtel
2015-04-14 15:53 ` Honggang LI
2015-04-14 16:14 ` Eric Dumazet
2015-04-14 16:01 ` Yann Droneaud
2015-04-14 16:44 ` Nicolas Dichtel
2015-04-14 16:30 ` Erez Shitrit
2015-04-14 16:46 ` Nicolas Dichtel
2015-04-14 20:41 ` Jason Gunthorpe
2015-04-15 5:24 ` Or Gerlitz
2015-04-15 6:17 ` Erez Shitrit
2015-04-15 16:06 ` Jason Gunthorpe [this message]
2015-04-16 11:27 ` Erez Shitrit
2015-04-15 5:16 ` Honggang LI
2015-04-15 6:57 ` Honggang LI
2015-04-14 15:20 ` [PATCH linux-next 2/4] ipvlan: fix possible NULL pointer dereference in ipvlan_get_iflink Honggang Li
2015-04-14 15:20 ` [PATCH linux-next 3/4] macvlan: fix possible NULL pointer dereference in macvlan_dev_get_iflink Honggang Li
2015-04-14 15:26 ` Patrick McHardy
2015-04-14 15:32 ` Honggang LI
2015-04-14 15:35 ` Patrick McHardy
2015-04-14 17:47 ` David Miller
2015-04-14 15:35 ` Nicolas Dichtel
2015-04-14 15:37 ` Andrew Lunn
2015-04-14 15:46 ` Honggang LI
2015-04-14 15:20 ` [PATCH linux-next 4/4] net/dsa: fix possible NULL pointer dereference in dsa_slave_get_iflink Honggang Li
2015-04-14 15:55 ` Guenter Roeck
2015-04-14 16:26 ` [PATCH linux-next v2] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li
2015-04-14 16:26 ` [PATCH] " Honggang Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150415160623.GA4653@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=alex.estrin@intel.com \
--cc=alexander.h.duyck@intel.com \
--cc=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=dledford@redhat.com \
--cc=ebiederm@xmission.com \
--cc=edumazet@google.com \
--cc=elfring@users.sourceforge.net \
--cc=erezsh@dev.mellanox.co.il \
--cc=erezsh@mellanox.com \
--cc=f.fainelli@gmail.com \
--cc=hal.rosenstock@gmail.com \
--cc=honli@redhat.com \
--cc=jbenc@redhat.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=maheshb@google.com \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=roland@kernel.org \
--cc=sean.hefty@intel.com \
--cc=sfeldma@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox