Add check for the return value of nfp_app_ctrl_msg_alloc() in
nfp_bpf_cmsg_alloc() to prevent null pointer dereference.

Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
---
Changes in v2:
- remove the bracket for one single-statement. Thanks, Guru!
---
 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
index 2ec62c8d86e1..b02d5fbb8c8c 100644
--- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
+++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
@@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size)
 	struct sk_buff *skb;
 
 	skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL);
+	if (!skp)
+		return NULL;
 	skb_put(skb, size);
 
 	return skb;
-- 
2.25.1

On Tue, Feb 18, 2025 at 6:49 AM Haoxiang Li <haoxiang_li2024@163.com> wrote:
>
> Add check for the return value of nfp_app_ctrl_msg_alloc() in
> nfp_bpf_cmsg_alloc() to prevent null pointer dereference.
>
> Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops")
> Cc: stable@vger.kernel.org
> Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
> ---
> Changes in v2:
> - remove the bracket for one single-statement. Thanks, Guru!
> ---
>  drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> index 2ec62c8d86e1..b02d5fbb8c8c 100644
> --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size)
>         struct sk_buff *skb;
>
>         skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL);
> +       if (!skp)
> +               return NULL;
It looks like you did not compile this change.

Also, next time you push a new version, please modify the subject as:
"[PATCH net v3] xxxx"
>         skb_put(skb, size);
>
>         return skb;
> --
> 2.25.1
>
>


-- 
Regards,
Kalesh AP

On Tue, Feb 18, 2025 at 08:14:49AM +0530, Kalesh Anakkur Purayil wrote:
> On Tue, Feb 18, 2025 at 6:49 AM Haoxiang Li <haoxiang_li2024@163.com> wrote:
> >
> > Add check for the return value of nfp_app_ctrl_msg_alloc() in
> > nfp_bpf_cmsg_alloc() to prevent null pointer dereference.
> >
> > Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
> > ---
> > Changes in v2:
> > - remove the bracket for one single-statement. Thanks, Guru!
> > ---
> >  drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> > index 2ec62c8d86e1..b02d5fbb8c8c 100644
> > --- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> > +++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
> > @@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *bpf, unsigned int size)
> >         struct sk_buff *skb;
> >
> >         skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL);
> > +       if (!skp)
> > +               return NULL;
> It looks like you did not compile this change.
> 
> Also, next time you push a new version, please modify the subject as:
> "[PATCH net v3] xxxx"

Yeah, you need to send v3 (skp -> skb). Fix looks fine, other call to
nfp_app_ctrl_msg_alloc() is checking returned value as here.

Feel free to add my RB tag in v3.
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>

> >         skb_put(skb, size);
> >
> >         return skb;
> > --
> > 2.25.1
> >
> >
> 
> 
> -- 
> Regards,
> Kalesh AP