From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Erez Shitrit <erezsh-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
Cc: Honggang Li <honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org,
davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org,
Alex Estrin <alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
Erez Shitrit <erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org,
maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org,
andrew-g2DYL2Zd6BY@public.gmane.org,
sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink
Date: Wed, 15 Apr 2015 10:06:23 -0600 [thread overview]
Message-ID: <20150415160623.GA4653@obsidianresearch.com> (raw)
In-Reply-To: <552E026A.4020200-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote:
> >>+ /* parent interface */
> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags))
> >>+ return dev->ifindex;
> >>+
> >>+ /* child/vlan interface */
> >>+ if (!priv->parent)
> >>+ return -1;
> >Like was said for other drivers, I can't see how parent can be null
> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if.
> It can, at least for ipoib child interface (AKA "vlan"), you can't
> control the call for that ndo and it can be called before the parent
> was set.
If the ndo can be called before the netdev private structures are fully
prepared then we have another bug, and returning -1 or 0 is not the right
answer anyhow.
For safety, fold this into your patch.
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9fad7b5ac8b9..e62b007adf5d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
/* MTU will be reset when mcast join happens */
priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu);
priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu;
+ priv->parent = ppriv->dev;
set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
result = ipoib_set_dev_features(priv, ppriv->ca);
@@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
goto register_failed;
}
- priv->parent = ppriv->dev;
-
ipoib_create_debug_files(priv->dev);
/* RTNL childs don't need proprietary sysfs entries */
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-04-15 16:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-14 15:20 [PATCH linux-next 0/4] fix possile NULL pointer dereference in ndo_get_iflink callback functions Honggang Li
2015-04-14 15:20 ` [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li
[not found] ` <1429024817-21561-2-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:34 ` Eric Dumazet
[not found] ` <1429025673.7346.37.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-04-14 15:44 ` Honggang LI
[not found] ` <20150414154422.GB21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-14 15:49 ` Nicolas Dichtel
[not found] ` <552D3723.9050706-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2015-04-14 15:53 ` Honggang LI
[not found] ` <20150414155307.GD21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-14 16:14 ` Eric Dumazet
2015-04-14 16:01 ` Yann Droneaud
[not found] ` <1429027293.4333.5.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-04-14 16:44 ` Nicolas Dichtel
2015-04-14 16:30 ` Erez Shitrit
[not found] ` <CAAk-MO-O9sjHQvDfCEuzJJPvUMXJTuRaCzrCkB0xc1DUfK8Aew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-04-14 16:46 ` Nicolas Dichtel
2015-04-14 20:41 ` Jason Gunthorpe
[not found] ` <20150414204133.GJ7682-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-04-15 5:24 ` Or Gerlitz
2015-04-15 6:17 ` Erez Shitrit
[not found] ` <552E026A.4020200-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2015-04-15 16:06 ` Jason Gunthorpe [this message]
[not found] ` <20150415160623.GA4653-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-04-16 11:27 ` Erez Shitrit
2015-04-15 5:16 ` Honggang LI
[not found] ` <20150415051640.GB4881-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-15 6:57 ` Honggang LI
2015-04-14 15:20 ` [PATCH linux-next 2/4] ipvlan: fix possible NULL pointer dereference in ipvlan_get_iflink Honggang Li
[not found] ` <1429024817-21561-1-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:20 ` [PATCH linux-next 3/4] macvlan: fix possible NULL pointer dereference in macvlan_dev_get_iflink Honggang Li
2015-04-14 15:26 ` Patrick McHardy
2015-04-14 15:32 ` Honggang LI
2015-04-14 15:35 ` Patrick McHardy
2015-04-14 17:47 ` David Miller
2015-04-14 15:35 ` Nicolas Dichtel
[not found] ` <552D33B0.6040808-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2015-04-14 15:37 ` Andrew Lunn
2015-04-14 15:46 ` Honggang LI
2015-04-14 15:20 ` [PATCH linux-next 4/4] net/dsa: fix possible NULL pointer dereference in dsa_slave_get_iflink Honggang Li
[not found] ` <1429024817-21561-5-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:55 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150415160623.GA4653@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=andrew-g2DYL2Zd6BY@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=erezsh-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org \
--cc=erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org \
--cc=linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).