diff mbox series

[RESEND,net-next] net: ethtool: Fix the panic caused by dev being null when dumping coalesce

Message ID 20240628044018.73885-1-hengqi@linux.alibaba.com (mailing list archive)
State Accepted
Commit 74d6529b78f7a440a10aa7f4904ca9f27d1d2f3c
Delegated to: Netdev Maintainers
Headers show
Series [RESEND,net-next] net: ethtool: Fix the panic caused by dev being null when dumping coalesce | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 839 this patch: 839
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 846 this patch: 846
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 846 this patch: 846
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 21 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-06-28--09-00 (tests: 665)

Commit Message

Heng Qi June 28, 2024, 4:40 a.m. UTC 
syzbot reported a general protection fault caused by a null pointer
dereference in coalesce_fill_reply(). The issue occurs when req_base->dev
is null, leading to an invalid memory access.

This panic occurs if dumping coalesce when no device name is specified.

Fixes: f750dfe825b9 ("ethtool: provide customized dim profile management")
Reported-by: syzbot+e77327e34cdc8c36b7d3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=e77327e34cdc8c36b7d3
Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
---
This fix patch is re-sent to next branch instead of net branch
because the target commit is in the next branch.

 net/ethtool/coalesce.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Simon Horman June 28, 2024, 7:54 p.m. UTC | #1 
On Fri, Jun 28, 2024 at 12:40:18PM +0800, Heng Qi wrote:
> syzbot reported a general protection fault caused by a null pointer
> dereference in coalesce_fill_reply(). The issue occurs when req_base->dev
> is null, leading to an invalid memory access.
> 
> This panic occurs if dumping coalesce when no device name is specified.
> 
> Fixes: f750dfe825b9 ("ethtool: provide customized dim profile management")
> Reported-by: syzbot+e77327e34cdc8c36b7d3@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=e77327e34cdc8c36b7d3
> Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
> ---
> This fix patch is re-sent to next branch instead of net branch
> because the target commit is in the next branch.

Reviewed-by: Simon Horman <horms@kernel.org>
patchwork-bot+netdevbpf@kernel.org July 1, 2024, 12:50 p.m. UTC | #2 
Hello:

This patch was applied to netdev/net-next.git (main)
by David S. Miller <davem@davemloft.net>:

On Fri, 28 Jun 2024 12:40:18 +0800 you wrote:
> syzbot reported a general protection fault caused by a null pointer
> dereference in coalesce_fill_reply(). The issue occurs when req_base->dev
> is null, leading to an invalid memory access.
> 
> This panic occurs if dumping coalesce when no device name is specified.
> 
> Fixes: f750dfe825b9 ("ethtool: provide customized dim profile management")
> Reported-by: syzbot+e77327e34cdc8c36b7d3@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=e77327e34cdc8c36b7d3
> Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
> 
> [...]

Here is the summary with links:
  - [RESEND,net-next] net: ethtool: Fix the panic caused by dev being null when dumping coalesce
    https://git.kernel.org/netdev/net-next/c/74d6529b78f7

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/ethtool/coalesce.c b/net/ethtool/coalesce.c
index 759b16e3d134..3e18ca1ccc5e 100644
--- a/net/ethtool/coalesce.c
+++ b/net/ethtool/coalesce.c
@@ -211,9 +211,9 @@  static int coalesce_fill_reply(struct sk_buff *skb,
 {
 	const struct coalesce_reply_data *data = COALESCE_REPDATA(reply_base);
 	const struct kernel_ethtool_coalesce *kcoal = &data->kernel_coalesce;
-	struct dim_irq_moder *moder = req_base->dev->irq_moder;
 	const struct ethtool_coalesce *coal = &data->coalesce;
 	u32 supported = data->supported_params;
+	struct dim_irq_moder *moder;
 	int ret = 0;
 
 	if (coalesce_put_u32(skb, ETHTOOL_A_COALESCE_RX_USECS,
@@ -272,9 +272,10 @@  static int coalesce_fill_reply(struct sk_buff *skb,
 			     kcoal->tx_aggr_time_usecs, supported))
 		return -EMSGSIZE;
 
-	if (!moder)
+	if (!req_base->dev || !req_base->dev->irq_moder)
 		return 0;
 
+	moder = req_base->dev->irq_moder;
 	rcu_read_lock();
 	if (moder->profile_flags & DIM_PROFILE_RX) {
 		ret = coalesce_put_profile(skb, ETHTOOL_A_COALESCE_RX_PROFILE,