diff mbox series

[v2] Bluetooth: 6LoWPAN: Add missing check for skb_clone

Message ID 20230315070621.447-1-jiasheng@iscas.ac.cn (mailing list archive)
State New, archived
Headers show
Series [v2] Bluetooth: 6LoWPAN: Add missing check for skb_clone | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/SubjectPrefix success Gitlint PASS
tedd_an/BuildKernel success BuildKernel PASS
tedd_an/CheckAllWarning success CheckAllWarning PASS
tedd_an/CheckSparse success CheckSparse PASS
tedd_an/CheckSmatch success CheckSparse PASS
tedd_an/BuildKernel32 success BuildKernel32 PASS
tedd_an/TestRunnerSetup success TestRunnerSetup PASS
tedd_an/TestRunner_l2cap-tester success TestRunner PASS
tedd_an/TestRunner_iso-tester success TestRunner PASS
tedd_an/TestRunner_bnep-tester success TestRunner PASS
tedd_an/TestRunner_mgmt-tester success TestRunner PASS
tedd_an/TestRunner_rfcomm-tester success TestRunner PASS
tedd_an/TestRunner_sco-tester success TestRunner PASS
tedd_an/TestRunner_ioctl-tester success TestRunner PASS
tedd_an/TestRunner_mesh-tester success TestRunner PASS
tedd_an/TestRunner_smp-tester success TestRunner PASS
tedd_an/TestRunner_userchan-tester success TestRunner PASS
tedd_an/IncrementalBuild success Incremental Build PASS

Commit Message

Jiasheng Jiang March 15, 2023, 7:06 a.m. UTC 
Add the check for the return value of skb_clone since it may return NULL
pointer and cause NULL pointer dereference in send_pkt.

Fixes: 18722c247023 ("Bluetooth: Enable 6LoWPAN support for BT LE devices")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
Changelog:

v1 -> v2:

1. Modify the error handling in the loop.
---
 net/bluetooth/6lowpan.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

Comments

bluez.test.bot@gmail.com March 15, 2023, 7:32 a.m. UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=730201

---Test result---

Test Summary:
CheckPatch                    PASS      0.59 seconds
GitLint                       PASS      0.29 seconds
SubjectPrefix                 PASS      0.10 seconds
BuildKernel                   PASS      31.44 seconds
CheckAllWarning               PASS      34.16 seconds
CheckSparse                   PASS      38.67 seconds
CheckSmatch                   PASS      107.42 seconds
BuildKernel32                 PASS      30.11 seconds
TestRunnerSetup               PASS      434.79 seconds
TestRunner_l2cap-tester       PASS      16.46 seconds
TestRunner_iso-tester         PASS      16.46 seconds
TestRunner_bnep-tester        PASS      5.35 seconds
TestRunner_mgmt-tester        PASS      107.71 seconds
TestRunner_rfcomm-tester      PASS      8.61 seconds
TestRunner_sco-tester         PASS      7.87 seconds
TestRunner_ioctl-tester       PASS      9.34 seconds
TestRunner_mesh-tester        PASS      6.74 seconds
TestRunner_smp-tester         PASS      7.82 seconds
TestRunner_userchan-tester    PASS      5.62 seconds
IncrementalBuild              PASS      28.71 seconds



---
Regards,
Linux Bluetooth
Simon Horman March 17, 2023, 9:03 p.m. UTC | #2 
On Wed, Mar 15, 2023 at 03:06:21PM +0800, Jiasheng Jiang wrote:
> Add the check for the return value of skb_clone since it may return NULL
> pointer and cause NULL pointer dereference in send_pkt.
> 
> Fixes: 18722c247023 ("Bluetooth: Enable 6LoWPAN support for BT LE devices")
> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> ---
> Changelog:
> 
> v1 -> v2:
> 
> 1. Modify the error handling in the loop.

I think that at a minimum this needs to be included in the patch description.
Or better, in it's own patch with it's own fixes tag.
It seems like a fundamental change to the error handling to me.

> ---
>  net/bluetooth/6lowpan.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
> index 4eb1b3ced0d2..55ae2ff40efb 100644
> --- a/net/bluetooth/6lowpan.c
> +++ b/net/bluetooth/6lowpan.c
> @@ -477,19 +477,25 @@ static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
>  			int ret;
>  
>  			local_skb = skb_clone(skb, GFP_ATOMIC);
> +			if (!local_skb) {
> +				err = -ENOMEM;
> +				goto out;
> +			}
>  
>  			BT_DBG("xmit %s to %pMR type %u IP %pI6c chan %p",
>  			       netdev->name,
>  			       &pentry->chan->dst, pentry->chan->dst_type,
>  			       &pentry->peer_addr, pentry->chan);
>  			ret = send_pkt(pentry->chan, local_skb, netdev);
> -			if (ret < 0)
> -				err = ret;
> -
>  			kfree_skb(local_skb);
> +			if (ret < 0) {
> +				err = ret;
> +				goto out;
> +			}
>  		}
>  	}
>  
> +out:
>  	rcu_read_unlock();
>  
>  	return err;
> -- 
> 2.25.1
>
diff mbox series

Patch

diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
index 4eb1b3ced0d2..55ae2ff40efb 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -477,19 +477,25 @@  static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
 			int ret;
 
 			local_skb = skb_clone(skb, GFP_ATOMIC);
+			if (!local_skb) {
+				err = -ENOMEM;
+				goto out;
+			}
 
 			BT_DBG("xmit %s to %pMR type %u IP %pI6c chan %p",
 			       netdev->name,
 			       &pentry->chan->dst, pentry->chan->dst_type,
 			       &pentry->peer_addr, pentry->chan);
 			ret = send_pkt(pentry->chan, local_skb, netdev);
-			if (ret < 0)
-				err = ret;
-
 			kfree_skb(local_skb);
+			if (ret < 0) {
+				err = ret;
+				goto out;
+			}
 		}
 	}
 
+out:
 	rcu_read_unlock();
 
 	return err;