1. Patchew
  2. linux
  3. View series

[PATCH v2] net: ethernet: fix NULL dereference in nixge_recv()

Ma Ke posted 1 patch 12 months ago 
drivers/net/ethernet/ni/nixge.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH v2] net: ethernet: fix NULL dereference in nixge_recv()
Posted by Ma Ke 12 months ago 
Due to the failure of allocating the variable 'priv' in
netdev_priv(ndev), this could result in 'priv->rx_bd_v' not being set
during the allocation process of netdev_priv(ndev), which could lead
to a null pointer dereference.

Move while() loop with 'priv->rx_bd_v' dereference after the check 
for its validity.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: 492caffa8a1a ("net: ethernet: nixge: Add support for National Instruments XGE netdev")
Signed-off-by: Ma Ke <make_ruc2021@163.com>
---
Changes in v2:
- modified the bug description as suggestions;
- modified the patch as the code style suggested.
---
 drivers/net/ethernet/ni/nixge.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/ni/nixge.c b/drivers/net/ethernet/ni/nixge.c
index 230d5ff99dd7..41acce878af0 100644
--- a/drivers/net/ethernet/ni/nixge.c
+++ b/drivers/net/ethernet/ni/nixge.c
@@ -604,6 +604,9 @@ static int nixge_recv(struct net_device *ndev, int budget)
 
 	cur_p = &priv->rx_bd_v[priv->rx_bd_ci];
 
+	if (!priv->rx_bd_v)
+		return 0;
+
 	while ((cur_p->status & XAXIDMA_BD_STS_COMPLETE_MASK &&
 		budget > packets)) {
 		tail_p = priv->rx_bd_p + sizeof(*priv->rx_bd_v) *
-- 
2.25.1
Re: [PATCH v2] net: ethernet: fix NULL dereference in nixge_recv()
Posted by Eric Dumazet 12 months ago 
On Tue, Dec 17, 2024 at 12:25 PM Ma Ke <make_ruc2021@163.com> wrote:
>
> Due to the failure of allocating the variable 'priv' in
> netdev_priv(ndev), this could result in 'priv->rx_bd_v' not being set
> during the allocation process of netdev_priv(ndev), which could lead
> to a null pointer dereference.
>
> Move while() loop with 'priv->rx_bd_v' dereference after the check
> for its validity.
>
> Found by code review.
>
> Cc: stable@vger.kernel.org
> Fixes: 492caffa8a1a ("net: ethernet: nixge: Add support for National Instruments XGE netdev")
> Signed-off-by: Ma Ke <make_ruc2021@163.com>
> ---
> Changes in v2:
> - modified the bug description as suggestions;
> - modified the patch as the code style suggested.

I really do not understand this patch.

if priv->rx_bd_v allocation failed, surely the device is not
operational, because nixge_hw_dma_bd_init() returns -ENOMEM

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.