1. Patchew
  2. linux
  3. View series

[PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

Elena Salomatkina posted 1 patch 2 months ago 
drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
Posted by Elena Salomatkina 2 months ago 
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..72310452fce5 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,8 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
    struct mlx5e_tir_builder *builder;
 
    builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+   if (!builder)
+       return NULL;
    builder->modify = modify;
 
    return builder;
-- 
2.33.0
Re: [PATCH] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
Posted by Simon Horman 2 months ago 
On Mon, Sep 23, 2024 at 02:34:55PM +0300, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>

Hi Elena,

Unfortunately your patch doesn't apply. This appears to be because
it has been white-space mangled, somehow: tabs have turned into 4 spaces.

I would suggest using b4, or git format-patch + git send-email.
To send patches.

Also, as a fix, this patch should be targeted at net, like this:

	Subject [PATCH net v2] ...

This and more information about sending Networking patches can be
found here: https://docs.kernel.org/process/maintainer-netdev.html

> ---
>  drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> index d4239e3b3c88..72310452fce5 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> @@ -23,6 +23,8 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
>     struct mlx5e_tir_builder *builder;
>  
>     builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
> +   if (!builder)
> +       return NULL;

nit: blank line here please

>     builder->modify = modify;
>  
>     return builder;

-- 
pw-bot: changes-requested

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.