[PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
@ 2024-09-24 16:00 Elena Salomatkina
  2024-09-24 18:11 ` Simon Horman
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Elena Salomatkina @ 2024-09-24 16:00 UTC (permalink / raw)
  To: lvc-project, Saeed Mahameed
  Cc: Elena Salomatkina, Leon Romanovsky, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan,
	Maor Dickman, netdev, linux-rdma, linux-kernel

In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
---
v2: Fix tab, add blank line

 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..11f724ad90db 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,9 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
 	struct mlx5e_tir_builder *builder;
 
 	builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+	if (!builder)
+		return NULL;
+
 	builder->modify = modify;
 
 	return builder;
-- 
2.33.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
  2024-09-24 16:00 [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
@ 2024-09-24 18:11 ` Simon Horman
  2024-09-25  2:01 ` Kalesh Anakkur Purayil
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Simon Horman @ 2024-09-24 18:11 UTC (permalink / raw)
  To: Elena Salomatkina
  Cc: Saeed Mahameed, Leon Romanovsky, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan,
	Maor Dickman, netdev, linux-rdma, linux-kernel

On Tue, Sep 24, 2024 at 07:00:18PM +0300, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
> ---
> v2: Fix tab, add blank line

Thanks for the update, this version looks good to me.

Reviewed-by: Simon Horman <horms@kernel.org>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
  2024-09-24 16:00 [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
  2024-09-24 18:11 ` Simon Horman
@ 2024-09-25  2:01 ` Kalesh Anakkur Purayil
  2024-09-25  5:49 ` Tariq Toukan
  2024-09-25  6:17 ` Gal Pressman
  3 siblings, 0 replies; 5+ messages in thread
From: Kalesh Anakkur Purayil @ 2024-09-25  2:01 UTC (permalink / raw)
  To: Elena Salomatkina
  Cc: Saeed Mahameed, Leon Romanovsky, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan,
	Maor Dickman, netdev, linux-rdma, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 536 bytes --]

On Tue, Sep 24, 2024 at 9:31 PM Elena Salomatkina
<esalomatkina@ispras.ru> wrote:
>
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
LGTM
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>


-- 
Regards,
Kalesh A P

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4239 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
  2024-09-24 16:00 [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
  2024-09-24 18:11 ` Simon Horman
  2024-09-25  2:01 ` Kalesh Anakkur Purayil
@ 2024-09-25  5:49 ` Tariq Toukan
  2024-09-25  6:17 ` Gal Pressman
  3 siblings, 0 replies; 5+ messages in thread
From: Tariq Toukan @ 2024-09-25  5:49 UTC (permalink / raw)
  To: Elena Salomatkina, Saeed Mahameed
  Cc: Leon Romanovsky, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan, Maor Dickman,
	netdev, linux-rdma, linux-kernel



On 24/09/2024 19:00, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
> ---
> v2: Fix tab, add blank line
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> index d4239e3b3c88..11f724ad90db 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> @@ -23,6 +23,9 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
>   	struct mlx5e_tir_builder *builder;
>   
>   	builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
> +	if (!builder)
> +		return NULL;
> +
>   	builder->modify = modify;
>   
>   	return builder;

Thanks for your patch.

Reviewed-by: Tariq Toukan <tariqt@nvidia.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
  2024-09-24 16:00 [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
                   ` (2 preceding siblings ...)
  2024-09-25  5:49 ` Tariq Toukan
@ 2024-09-25  6:17 ` Gal Pressman
  3 siblings, 0 replies; 5+ messages in thread
From: Gal Pressman @ 2024-09-25  6:17 UTC (permalink / raw)
  To: Elena Salomatkina, lvc-project, Saeed Mahameed
  Cc: Leon Romanovsky, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Maxim Mikityanskiy, Tariq Toukan, Maor Dickman,
	netdev, linux-rdma, linux-kernel

On 24/09/2024 19:00, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>

Thanks!
Reviewed-by: Gal Pressman <gal@nvidia.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-09-25  6:17 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-24 16:00 [PATCH net v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Elena Salomatkina
2024-09-24 18:11 ` Simon Horman
2024-09-25  2:01 ` Kalesh Anakkur Purayil
2024-09-25  5:49 ` Tariq Toukan
2024-09-25  6:17 ` Gal Pressman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).