* [PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
@ 2024-09-23 11:34 Elena Salomatkina
2024-09-23 18:35 ` Simon Horman
0 siblings, 1 reply; 2+ messages in thread
From: Elena Salomatkina @ 2024-09-23 11:34 UTC (permalink / raw)
To: Saeed Mahameed
Cc: Elena Salomatkina, Leon Romanovsky, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan,
Maor Dickman, netdev, linux-rdma, linux-kernel
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
---
drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..72310452fce5 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,8 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
struct mlx5e_tir_builder *builder;
builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+ if (!builder)
+ return NULL;
builder->modify = modify;
return builder;
--
2.33.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
2024-09-23 11:34 [PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
@ 2024-09-23 18:35 ` Simon Horman
0 siblings, 0 replies; 2+ messages in thread
From: Simon Horman @ 2024-09-23 18:35 UTC (permalink / raw)
To: Elena Salomatkina
Cc: Saeed Mahameed, Leon Romanovsky, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan,
Maor Dickman, netdev, linux-rdma, linux-kernel
On Mon, Sep 23, 2024 at 02:34:55PM +0300, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
Hi Elena,
Unfortunately your patch doesn't apply. This appears to be because
it has been white-space mangled, somehow: tabs have turned into 4 spaces.
I would suggest using b4, or git format-patch + git send-email.
To send patches.
Also, as a fix, this patch should be targeted at net, like this:
Subject [PATCH net v2] ...
This and more information about sending Networking patches can be
found here: https://docs.kernel.org/process/maintainer-netdev.html
> ---
> drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> index d4239e3b3c88..72310452fce5 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> @@ -23,6 +23,8 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
> struct mlx5e_tir_builder *builder;
>
> builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
> + if (!builder)
> + return NULL;
nit: blank line here please
> builder->modify = modify;
>
> return builder;
--
pw-bot: changes-requested
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-09-23 18:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-23 11:34 [PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
2024-09-23 18:35 ` Simon Horman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).