[v2] hw/net: prevent potential NULL dereference

[PATCH v2] hw/net: prevent potential NULL dereference

Oleg Sviridov posted 1 patch 5 months, 3 weeks ago

Diff against v1
Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20240531073636.3779559-1-oleg.sviridov@red-soft.ru

Maintainers: Nicholas Piggin <npiggin@gmail.com>, Daniel Henrique Barboza <danielhb413@gmail.com>, David Gibson <david@gibson.dropbear.id.au>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Jason Wang <jasowang@redhat.com>

hw/net/spapr_llan.c | 6 ++++++
1 file changed, 6 insertions(+)

Expand all Fold all

[PATCH v2] hw/net: prevent potential NULL dereference

Posted by Oleg Sviridov 5 months, 3 weeks ago

Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is dereferenced immediately after.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
---
v2: Debug message added
 hw/net/spapr_llan.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index ecb30b7c76..8af33d91b6 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -770,6 +770,12 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU *cpu,
     SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
     int i;
 
+    if (!dev) {
+        hcall_dprintf("H_CHANGE_LOGICAL_LAN_MAC called when "
+                      "no NIC is present\n");
+        return H_PARAMETER;
+    }
+
     for (i = 0; i < ETH_ALEN; i++) {
         dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
         macaddr >>= 8;
-- 
2.44.0

Re: [PATCH v2] hw/net: prevent potential NULL dereference

Posted by Philippe Mathieu-Daudé 4 months, 3 weeks ago

On 31/5/24 09:36, Oleg Sviridov wrote:
> Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is dereferenced immediately after.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
> ---
> v2: Debug message added
>   hw/net/spapr_llan.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
> index ecb30b7c76..8af33d91b6 100644
> --- a/hw/net/spapr_llan.c
> +++ b/hw/net/spapr_llan.c
> @@ -770,6 +770,12 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU *cpu,
>       SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
>       int i;
>   
> +    if (!dev) {
> +        hcall_dprintf("H_CHANGE_LOGICAL_LAN_MAC called when "
> +                      "no NIC is present\n");
> +        return H_PARAMETER;
> +    }
> +
>       for (i = 0; i < ETH_ALEN; i++) {
>           dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
>           macaddr >>= 8;

Thanks, patch queued.