1. Patchew
  2. linux
  3. View series

[PATCH] net: sched: fix potential null pointer deref

Jianhao Xu posted 1 patch 3 years, 10 months ago 
net/sched/sch_mq.c | 6 ++++++
1 file changed, 6 insertions(+)
[PATCH] net: sched: fix potential null pointer deref
Posted by Jianhao Xu 3 years, 10 months ago 
mq_queue_get() may return NULL, a check is needed to avoid using
the NULL pointer.

Signed-off-by: Jianhao Xu <jianhao_xu@smail.nju.edu.cn>
---
 net/sched/sch_mq.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c
index 83d2e54bf303..9aca4ca82947 100644
--- a/net/sched/sch_mq.c
+++ b/net/sched/sch_mq.c
@@ -201,6 +201,8 @@ static int mq_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new,
 static struct Qdisc *mq_leaf(struct Qdisc *sch, unsigned long cl)
 {
 	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
+	if (!dev_queue)
+		return NULL;
 
 	return dev_queue->qdisc_sleeping;
 }
@@ -218,6 +220,8 @@ static int mq_dump_class(struct Qdisc *sch, unsigned long cl,
 			 struct sk_buff *skb, struct tcmsg *tcm)
 {
 	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
+	if (!dev_queue)
+		return -1;
 
 	tcm->tcm_parent = TC_H_ROOT;
 	tcm->tcm_handle |= TC_H_MIN(cl);
@@ -229,6 +233,8 @@ static int mq_dump_class_stats(struct Qdisc *sch, unsigned long cl,
 			       struct gnet_dump *d)
 {
 	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
+	if (!dev_queue)
+		return -1;
 
 	sch = dev_queue->qdisc_sleeping;
 	if (gnet_stats_copy_basic(d, sch->cpu_bstats, &sch->bstats, true) < 0 ||
-- 
2.25.1
Re: [PATCH] net: sched: fix potential null pointer deref
Posted by Daniel Borkmann 3 years, 10 months ago 
Hi Jianhao,

On 6/10/22 4:14 AM, Jianhao Xu wrote:
> mq_queue_get() may return NULL, a check is needed to avoid using
> the NULL pointer.
> 
> Signed-off-by: Jianhao Xu <jianhao_xu@smail.nju.edu.cn>

Do you have a reproducer where this is triggered?

> ---
>   net/sched/sch_mq.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c
> index 83d2e54bf303..9aca4ca82947 100644
> --- a/net/sched/sch_mq.c
> +++ b/net/sched/sch_mq.c
> @@ -201,6 +201,8 @@ static int mq_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new,
>   static struct Qdisc *mq_leaf(struct Qdisc *sch, unsigned long cl)
>   {
>   	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
> +	if (!dev_queue)
> +		return NULL;
>   
>   	return dev_queue->qdisc_sleeping;
>   }
> @@ -218,6 +220,8 @@ static int mq_dump_class(struct Qdisc *sch, unsigned long cl,
>   			 struct sk_buff *skb, struct tcmsg *tcm)
>   {
>   	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
> +	if (!dev_queue)
> +		return -1;
>   
>   	tcm->tcm_parent = TC_H_ROOT;
>   	tcm->tcm_handle |= TC_H_MIN(cl);
> @@ -229,6 +233,8 @@ static int mq_dump_class_stats(struct Qdisc *sch, unsigned long cl,
>   			       struct gnet_dump *d)
>   {
>   	struct netdev_queue *dev_queue = mq_queue_get(sch, cl);
> +	if (!dev_queue)
> +		return -1;
>   
>   	sch = dev_queue->qdisc_sleeping;
>   	if (gnet_stats_copy_basic(d, sch->cpu_bstats, &sch->bstats, true) < 0 ||
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.