[PATCH] netvsc: fix dereference before null check errors

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] netvsc: fix dereference before null check errors
@ 2017-03-25 14:26 Colin King
  2017-03-27  0:50 ` Haiyang Zhang
  0 siblings, 1 reply; 3+ messages in thread
From: Colin King @ 2017-03-25 14:26 UTC (permalink / raw)
  To: K . Y . Srinivasan, Haiyang Zhang, Stephen Hemminger, devel,
	netdev
  Cc: kernel-janitors, linux-kernel

From: Colin Ian King <colin.king@canonical.com>

ndev is being checked to see if it is a null pointer however before
the null check ndev is being dereferenced; hence there is a potential
null pointer dereference bug that needs fixing. Fix this by only
dereferencing ndev after the null check.

Detected by CoverityScan, CID#1420760, CID#140761 ("Dereference
before null check")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/hyperv/netvsc_drv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
index f830bbbd8ad4..f24c2891dd0c 100644
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -1135,7 +1135,7 @@ static int netvsc_get_rxfh(struct net_device *dev, u32 *indir, u8 *key,
 {
 	struct net_device_context *ndc = netdev_priv(dev);
 	struct netvsc_device *ndev = rcu_dereference(ndc->nvdev);
-	struct rndis_device *rndis_dev = ndev->extension;
+	struct rndis_device *rndis_dev;
 	int i;
 
 	if (!ndev)
@@ -1144,6 +1144,7 @@ static int netvsc_get_rxfh(struct net_device *dev, u32 *indir, u8 *key,
 	if (hfunc)
 		*hfunc = ETH_RSS_HASH_TOP;	/* Toeplitz */
 
+	rndis_dev = ndev->extension;
 	if (indir) {
 		for (i = 0; i < ITAB_NUM; i++)
 			indir[i] = rndis_dev->ind_table[i];
@@ -1160,7 +1161,7 @@ static int netvsc_set_rxfh(struct net_device *dev, const u32 *indir,
 {
 	struct net_device_context *ndc = netdev_priv(dev);
 	struct netvsc_device *ndev = rtnl_dereference(ndc->nvdev);
-	struct rndis_device *rndis_dev = ndev->extension;
+	struct rndis_device *rndis_dev;
 	int i;
 
 	if (!ndev)
@@ -1169,6 +1170,7 @@ static int netvsc_set_rxfh(struct net_device *dev, const u32 *indir,
 	if (hfunc != ETH_RSS_HASH_NO_CHANGE && hfunc != ETH_RSS_HASH_TOP)
 		return -EOPNOTSUPP;
 
+	rndis_dev = ndev->extension;
 	if (indir) {
 		for (i = 0; i < ITAB_NUM; i++)
 			if (indir[i] >= dev->num_rx_queues)
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [PATCH] netvsc: fix dereference before null check errors
  2017-03-25 14:26 [PATCH] netvsc: fix dereference before null check errors Colin King
@ 2017-03-27  0:50 ` Haiyang Zhang
  2017-03-27 23:01   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Haiyang Zhang @ 2017-03-27  0:50 UTC (permalink / raw)
  To: Colin King, KY Srinivasan, Stephen Hemminger,
	devel@linuxdriverproject.org, netdev@vger.kernel.org
  Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org



> -----Original Message-----
> From: Colin King [mailto:colin.king@canonical.com]
> Sent: Saturday, March 25, 2017 10:27 AM
> To: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang
> <haiyangz@microsoft.com>; Stephen Hemminger <sthemmin@microsoft.com>;
> devel@linuxdriverproject.org; netdev@vger.kernel.org
> Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: [PATCH] netvsc: fix dereference before null check errors
> 
> From: Colin Ian King <colin.king@canonical.com>
> 
> ndev is being checked to see if it is a null pointer however before
> the null check ndev is being dereferenced; hence there is a potential
> null pointer dereference bug that needs fixing. Fix this by only
> dereferencing ndev after the null check.
> 
> Detected by CoverityScan, CID#1420760, CID#140761 ("Dereference
> before null check")
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>

Thank you!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] netvsc: fix dereference before null check errors
  2017-03-27  0:50 ` Haiyang Zhang
@ 2017-03-27 23:01   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2017-03-27 23:01 UTC (permalink / raw)
  To: haiyangz; +Cc: sthemmin, netdev, kernel-janitors, linux-kernel, devel,
	colin.king

From: Haiyang Zhang <haiyangz@microsoft.com>
Date: Mon, 27 Mar 2017 00:50:27 +0000

> 
> 
>> -----Original Message-----
>> From: Colin King [mailto:colin.king@canonical.com]
>> Sent: Saturday, March 25, 2017 10:27 AM
>> To: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang
>> <haiyangz@microsoft.com>; Stephen Hemminger <sthemmin@microsoft.com>;
>> devel@linuxdriverproject.org; netdev@vger.kernel.org
>> Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
>> Subject: [PATCH] netvsc: fix dereference before null check errors
>> 
>> From: Colin Ian King <colin.king@canonical.com>
>> 
>> ndev is being checked to see if it is a null pointer however before
>> the null check ndev is being dereferenced; hence there is a potential
>> null pointer dereference bug that needs fixing. Fix this by only
>> dereferencing ndev after the null check.
>> 
>> Detected by CoverityScan, CID#1420760, CID#140761 ("Dereference
>> before null check")
>> 
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> 
> Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>

Applied.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-03-27 23:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-25 14:26 [PATCH] netvsc: fix dereference before null check errors Colin King
2017-03-27  0:50 ` Haiyang Zhang
2017-03-27 23:01   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).