[net-next 13/15] net/mlx5: Fix dereference on pointer attr after null check

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: saeed@kernel.org
To: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, Ariel Levkovich <lariel@nvidia.com>,
	Dan Carpenter <dan.carpenter@oracle.com>,
	Saeed Mahameed <saeedm@nvidia.com>
Subject: [net-next 13/15] net/mlx5: Fix dereference on pointer attr after null check
Date: Wed, 30 Sep 2020 21:33:00 -0700	[thread overview]
Message-ID: <20201001043302.48113-14-saeed@kernel.org> (raw)
In-Reply-To: <20201001043302.48113-1-saeed@kernel.org>

From: Ariel Levkovich <lariel@nvidia.com>

When removing a flow from the slow path fdb, a flow attr struct is
allocated for the rule removal process. If the allocation fails the
code prints a warning message but continues with the removal flow
which include dereferencing a pointer which could be null.
Fix this by exiting the function in case the attr allocation failed.

Fixes: c620b772152b ("net/mlx5: Refactor tc flow attributes structure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index f815b0c60a6c..186dc2961000 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -1238,8 +1238,10 @@ mlx5e_tc_unoffload_from_slow_path(struct mlx5_eswitch *esw,
 	struct mlx5_flow_attr *slow_attr;
 
 	slow_attr = mlx5_alloc_flow_attr(MLX5_FLOW_NAMESPACE_FDB);
-	if (!slow_attr)
-		mlx5_core_warn(flow->priv->mdev, "Unable to unoffload slow path rule\n");
+	if (!slow_attr) {
+		mlx5_core_warn(flow->priv->mdev, "Unable to alloc attr to unoffload slow path rule\n");
+		return;
+	}
 
 	memcpy(slow_attr, flow->attr, ESW_FLOW_ATTR_SZ);
 	slow_attr->action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
-- 
2.26.2

next prev parent reply	other threads:[~2020-10-01  4:33 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-01  4:32 [pull request][net-next 00/15] mlx5 updates 2020-09-30 saeed
2020-10-01  4:32 ` [net-next 01/15] net/mlx5: DR, Replace the check for valid STE entry saeed
2020-10-01  4:32 ` [net-next 02/15] net/mlx5: DR, Remove unneeded check from source port builder saeed
2020-10-01  4:32 ` [net-next 03/15] net/mlx5: DR, Remove unneeded vlan check from L2 builder saeed
2020-10-01  4:32 ` [net-next 04/15] net/mlx5: DR, Remove unneeded local variable saeed
2020-10-01  4:32 ` [net-next 05/15] net/mlx5: DR, Call ste_builder directly with tag pointer saeed
2020-10-01  4:32 ` [net-next 06/15] net/mlx5: DR, Add support for rule creation with flow source hint saeed
2020-10-01  4:32 ` [net-next 07/15] net/mlx5: E-switch, Use PF num in metadata reg c0 saeed
2020-10-01  4:32 ` [net-next 08/15] net/mlx5: E-switch, Add helper to check egress ACL need saeed
2020-10-01  4:32 ` [net-next 09/15] net/mlx5: E-switch, Use helper function to load unload representor saeed
2020-10-01  4:32 ` [net-next 10/15] net/mlx5: E-switch, Move devlink eswitch ports closer to eswitch saeed
2020-10-01  4:32 ` [net-next 11/15] net/mlx5: E-Switch, Support flow source for local vport saeed
2020-10-01  4:32 ` [net-next 12/15] net/mlx5: Use dma device access helper saeed
2020-10-01  4:33 ` saeed [this message]
2020-10-01  4:33 ` [net-next 14/15] net/mlx5e: Fix a use after free on error in mlx5_tc_ct_shared_counter_get() saeed
2020-10-01  4:33 ` [net-next 15/15] net/mlx5e: Fix potential null pointer dereference saeed
2020-10-01 19:26 ` [pull request][net-next 00/15] mlx5 updates 2020-09-30 David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f815b0c60a6 dfblob:186dc296100 )
 OR (
bs:"[net-next 13/15] net/mlx5: Fix dereference on pointer attr after null check" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201001043302.48113-14-saeed@kernel.org \
    --to=saeed@kernel.org \
    --cc=dan.carpenter@oracle.com \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=lariel@nvidia.com \
    --cc=netdev@vger.kernel.org \
    --cc=saeedm@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).