[PATCH net v2] be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

[PATCH net v2] be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

[Ваторопин Андрей]

From: Andrey Vatoropin <a.vatoropin@crpt.ru>

When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is
set to false, the driver may request the PMAC_ID from the firmware of the
network card, and this function will store that PMAC_ID at the provided
address pmac_id. This is the contract of this function.

However, there is a location within the driver where both
pmac_id_valid == false and pmac_id == NULL are being passed. This could
result in dereferencing a NULL pointer.

To resolve this issue, it is necessary to pass the address of a stub
variable to the function.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
       
Fixes: 95046b927a54 ("be2net: refactor MAC-addr setup code")
Cc: stable@vger.kernel.org
Signed-off-by: Andrey Vatoropin <a.vatoropin@crpt.ru>
---
v1->v2: fix the problem by passing an address of a stub variable.

Link to v1: https://lore.kernel.org/netdev/20250416105542.118371-1-a.vatoropin@crpt.ru/

 drivers/net/ethernet/emulex/benet/be_cmds.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/emulex/benet/be_cmds.c b/drivers/net/ethernet/emulex/benet/be_cmds.c
index bb5d2fa15736..8ed45bceb537 100644
--- a/drivers/net/ethernet/emulex/benet/be_cmds.c
+++ b/drivers/net/ethernet/emulex/benet/be_cmds.c
@@ -3801,6 +3801,7 @@ int be_cmd_get_perm_mac(struct be_adapter *adapter, u8 *mac)
 {
 	int status;
 	bool pmac_valid = false;
+	u32 pmac_id;
 
 	eth_zero_addr(mac);
 
@@ -3813,7 +3814,7 @@ int be_cmd_get_perm_mac(struct be_adapter *adapter, u8 *mac)
 						       adapter->if_handle, 0);
 	} else {
 		status = be_cmd_get_mac_from_list(adapter, mac, &pmac_valid,
-						  NULL, adapter->if_handle, 0);
+						  &pmac_id, adapter->if_handle, 0);
 	}
 
 	return status;
-- 
2.43.0

Re: [PATCH net v2] be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 20 Jan 2026 11:37:47 +0000 you wrote:
> From: Andrey Vatoropin <a.vatoropin@crpt.ru>
> 
> When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is
> set to false, the driver may request the PMAC_ID from the firmware of the
> network card, and this function will store that PMAC_ID at the provided
> address pmac_id. This is the contract of this function.
> 
> [...]

Here is the summary with links:
  - [net,v2] be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
    https://git.kernel.org/netdev/net/c/8215794403d2

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html