From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
To: "Ваторопин Андрей" <a.vatoropin@crpt.ru>
Cc: Ajit Khaparde <ajit.khaparde@broadcom.com>,
Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>,
Somnath Kotur <somnath.kotur@broadcom.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Padmanabh Ratnakar <padmanabh.ratnakar@emulex.com>,
Mammatha Edhala <mammatha.edhala@emulex.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"lvc-project@linuxtesting.org" <lvc-project@linuxtesting.org>
Subject: Re: [PATCH] be2net: Remove potential access to the zero address
Date: Wed, 16 Apr 2025 13:32:29 +0200 [thread overview]
Message-ID: <Z/+VTcHpQMJ3ioCM@mev-dev.igk.intel.com> (raw)
In-Reply-To: <20250416105542.118371-1-a.vatoropin@crpt.ru>
On Wed, Apr 16, 2025 at 10:55:47AM +0000, Ваторопин Андрей wrote:
> From: Andrey Vatoropin <a.vatoropin@crpt.ru>
>
> At the moment of calling the function be_cmd_get_mac_from_list() with the
> following parameters:
> be_cmd_get_mac_from_list(adapter, mac, &pmac_valid, NULL,
> adapter->if_handle, 0);
Looks like pmac_valid needs to be false to reach *pmac_id assign.
>
> The parameter "pmac_id" equals NULL.
>
> Then, if "mac_addr_size" equals four bytes, there is a possibility of
> accessing the zero address via the pointer "pmac_id".
>
> Add an extra check for the pointer "pmac_id" to avoid accessing the zero
> address.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: e5e1ee894615 ("be2net: Use new implementation of get mac list command")
> Signed-off-by: Andrey Vatoropin <a.vatoropin@crpt.ru>
> ---
> drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/emulex/benet/be_cmds.c b/drivers/net/ethernet/emulex/benet/be_cmds.c
> index 51b8377edd1d..be5bbf6881b8 100644
> --- a/drivers/net/ethernet/emulex/benet/be_cmds.c
> +++ b/drivers/net/ethernet/emulex/benet/be_cmds.c
> @@ -3757,7 +3757,7 @@ int be_cmd_get_mac_from_list(struct be_adapter *adapter, u8 *mac,
> /* mac_id is a 32 bit value and mac_addr size
> * is 6 bytes
> */
> - if (mac_addr_size == sizeof(u32)) {
> + if (pmac_id && mac_addr_size == sizeof(u32)) {
> *pmac_id_valid = true;
> mac_id = mac_entry->mac_addr_id.s_mac_id.mac_id;
> *pmac_id = le32_to_cpu(mac_id);
Thanks for fixing.
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
> --
> 2.43.0
next prev parent reply other threads:[~2025-04-16 11:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-16 10:55 [PATCH] be2net: Remove potential access to the zero address Ваторопин Андрей
2025-04-16 11:32 ` Michal Swiatkowski [this message]
2025-04-18 2:54 ` Jakub Kicinski
2025-04-18 7:50 ` Fedor Pchelkin
2025-04-19 0:15 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z/+VTcHpQMJ3ioCM@mev-dev.igk.intel.com \
--to=michal.swiatkowski@linux.intel.com \
--cc=a.vatoropin@crpt.ru \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=mammatha.edhala@emulex.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=padmanabh.ratnakar@emulex.com \
--cc=somnath.kotur@broadcom.com \
--cc=sriharsha.basavapatna@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).