[PATCH] net: fix NULL-deref in WARN() in skb_gso

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment()
@ 2012-01-17 20:00 Michał Mirosław
  2012-01-17 20:23 ` Ben Hutchings
  2012-01-17 20:51 ` David Miller
  0 siblings, 2 replies; 4+ messages in thread
From: Michał Mirosław @ 2012-01-17 20:00 UTC (permalink / raw)
  To: netdev; +Cc: David Miller, Joe Perches

Bug was introduced in commit c8f44affb7244f2ac3e703cab13d55ede27621bb.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
---
 net/core/dev.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

[against net tree]

diff --git a/net/core/dev.c b/net/core/dev.c
index f494675..634a70a 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1961,6 +1961,7 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb,
 	__skb_pull(skb, skb->mac_len);
 
 	if (unlikely(skb->ip_summed != CHECKSUM_PARTIAL)) {
+		static const netdev_features_t null_features = 0;
 		struct net_device *dev = skb->dev;
 		struct ethtool_drvinfo info = {};
 
@@ -1968,8 +1969,8 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb,
 			dev->ethtool_ops->get_drvinfo(dev, &info);
 
 		WARN(1, "%s: caps=(%pNF, %pNF) len=%d data_len=%d ip_summed=%d\n",
-		     info.driver, dev ? &dev->features : NULL,
-		     skb->sk ? &skb->sk->sk_route_caps : NULL,
+		     info.driver, dev ? &dev->features : &null_features,
+		     skb->sk ? &skb->sk->sk_route_caps : &null_features,
 		     skb->len, skb->data_len, skb->ip_summed);
 
 		if (skb_header_cloned(skb) &&
-- 
1.7.8.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment()
  2012-01-17 20:00 [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment() Michał Mirosław
@ 2012-01-17 20:23 ` Ben Hutchings
  2012-01-17 20:48   ` David Miller
  2012-01-17 20:51 ` David Miller
  1 sibling, 1 reply; 4+ messages in thread
From: Ben Hutchings @ 2012-01-17 20:23 UTC (permalink / raw)
  To: Michał Mirosław; +Cc: netdev, David Miller, Joe Perches

On Tue, 2012-01-17 at 21:00 +0100, Michał Mirosław wrote:
> Bug was introduced in commit c8f44affb7244f2ac3e703cab13d55ede27621bb.

Sorry, this conflicts with changes I've just submitted, the first of
which has already been applied.

Ben.

> Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
> ---
>  net/core/dev.c |    5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
> 
> [against net tree]
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index f494675..634a70a 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -1961,6 +1961,7 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb,
>  	__skb_pull(skb, skb->mac_len);
>  
>  	if (unlikely(skb->ip_summed != CHECKSUM_PARTIAL)) {
> +		static const netdev_features_t null_features = 0;
>  		struct net_device *dev = skb->dev;
>  		struct ethtool_drvinfo info = {};
>  
> @@ -1968,8 +1969,8 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb,
>  			dev->ethtool_ops->get_drvinfo(dev, &info);
>  
>  		WARN(1, "%s: caps=(%pNF, %pNF) len=%d data_len=%d ip_summed=%d\n",
> -		     info.driver, dev ? &dev->features : NULL,
> -		     skb->sk ? &skb->sk->sk_route_caps : NULL,
> +		     info.driver, dev ? &dev->features : &null_features,
> +		     skb->sk ? &skb->sk->sk_route_caps : &null_features,
>  		     skb->len, skb->data_len, skb->ip_summed);
>  
>  		if (skb_header_cloned(skb) &&

-- 
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment()
  2012-01-17 20:23 ` Ben Hutchings
@ 2012-01-17 20:48   ` David Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2012-01-17 20:48 UTC (permalink / raw)
  To: bhutchings; +Cc: mirq-linux, netdev, joe

From: Ben Hutchings <bhutchings@solarflare.com>
Date: Tue, 17 Jan 2012 20:23:05 +0000

> On Tue, 2012-01-17 at 21:00 +0100, Michał Mirosław wrote:
>> Bug was introduced in commit c8f44affb7244f2ac3e703cab13d55ede27621bb.
> 
> Sorry, this conflicts with changes I've just submitted, the first of
> which has already been applied.

I'll sort this out.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment()
  2012-01-17 20:00 [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment() Michał Mirosław
  2012-01-17 20:23 ` Ben Hutchings
@ 2012-01-17 20:51 ` David Miller
  1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2012-01-17 20:51 UTC (permalink / raw)
  To: mirq-linux; +Cc: netdev, joe

From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Date: Tue, 17 Jan 2012 21:00:40 +0100 (CET)

> Bug was introduced in commit c8f44affb7244f2ac3e703cab13d55ede27621bb.
> 
> Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>

Applied.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2012-01-17 20:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-17 20:00 [PATCH] net: fix NULL-deref in WARN() in skb_gso_segment() Michał Mirosław
2012-01-17 20:23 ` Ben Hutchings
2012-01-17 20:48   ` David Miller
2012-01-17 20:51 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).