* Re: [2.6 patch] net/llc/llc_conn.c: fix possible NULL dereference [not found] <464E8763.3010609@redhat.com> @ 2007-05-19 5:43 ` Herbert Xu [not found] ` <20070518223005.91236c38.randy.dunlap@oracle.com> 1 sibling, 0 replies; 3+ messages in thread From: Herbert Xu @ 2007-05-19 5:43 UTC (permalink / raw) To: Eugene Teo; +Cc: linux-kernel, acme, netdev Eugene Teo <eteo@redhat.com> wrote: > > diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c > index 3b8cfbe..28a3994 100644 > --- a/net/llc/llc_conn.c > +++ b/net/llc/llc_conn.c > @@ -323,7 +323,8 @@ int llc_conn_remove_acked_pdus(struct sock *sk, u8 nr, u16 > *how_many_unacked) > > if (!q_len) > goto out; > - skb = skb_peek(&llc->pdu_unack_q); > + if (! (skb = skb_peek(&llc->pdu_unack_q))) > + goto out; Actually we just checked that the queue length is non-zero so there must be a packet there unless someone's just removed it. If it were possible for someone else to remove it in parallel, then we've got bigger problems to worry about :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <20070518223005.91236c38.randy.dunlap@oracle.com>]
* Re: [2.6 patch] net/llc/llc_conn.c: fix possible NULL dereference [not found] ` <20070518223005.91236c38.randy.dunlap@oracle.com> @ 2007-05-19 5:49 ` Eugene Teo 2007-05-19 6:03 ` David Miller 0 siblings, 1 reply; 3+ messages in thread From: Eugene Teo @ 2007-05-19 5:49 UTC (permalink / raw) To: netdev; +Cc: Arnaldo Carvalho de Melo, Randy Dunlap, Eugene Teo [-- Attachment #1: Type: text/plain, Size: 696 bytes --] Randy Dunlap wrote: > On Sat, 19 May 2007 13:13:07 +0800 Eugene Teo wrote: > >> skb_peek() might return an empty list. skb should be checked before calling >> llc_pdu_sn_hdr() with it. >> >> Spotted by the Coverity checker. >> >> Signed-off-by: Eugene Teo <eteo@redhat.com> [...] > > Oh, and your patch has spaces instead of tabs. It's a hassle to > get thunderbird to send a patch that preserves tabs. See if this: > http://mbligh.org/linuxdocs/Email/Clients/Thunderbird > helps you any. Here's a resend: skb_peek() might return an empty list. skb should be checked before calling llc_pdu_sn_hdr() with it. Spotted by the Coverity checker. Signed-off-by: Eugene Teo <eteo@redhat.com> [-- Attachment #2: 2.6-llc_conn.patch --] [-- Type: text/x-patch, Size: 403 bytes --] diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c index 3b8cfbe..6d3a07e 100644 --- a/net/llc/llc_conn.c +++ b/net/llc/llc_conn.c @@ -324,6 +324,8 @@ int llc_conn_remove_acked_pdus(struct sock *sk, u8 nr, u16 *how_many_unacked) if (!q_len) goto out; skb = skb_peek(&llc->pdu_unack_q); + if (!skb) + goto out; pdu = llc_pdu_sn_hdr(skb); /* finding position of last acked pdu in queue */ ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [2.6 patch] net/llc/llc_conn.c: fix possible NULL dereference 2007-05-19 5:49 ` Eugene Teo @ 2007-05-19 6:03 ` David Miller 0 siblings, 0 replies; 3+ messages in thread From: David Miller @ 2007-05-19 6:03 UTC (permalink / raw) To: eteo; +Cc: netdev, acme, randy.dunlap From: Eugene Teo <eteo@redhat.com> Date: Sat, 19 May 2007 13:49:11 +0800 > Spotted by the Coverity checker. Why am I not surprised :-( There is no bug here, if Coverity warns every single time skb_peek() is used and not tested against NULL, that's a very serious shortcoming of Coverity or what it has been taught about SKB queues. It needs to learn that skb_queue_len() != 0 implies skb_peek() will not return NULL sans locking errors. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-05-19 6:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <464E8763.3010609@redhat.com>
2007-05-19 5:43 ` [2.6 patch] net/llc/llc_conn.c: fix possible NULL dereference Herbert Xu
[not found] ` <20070518223005.91236c38.randy.dunlap@oracle.com>
2007-05-19 5:49 ` Eugene Teo
2007-05-19 6:03 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).