diff mbox series

net/mlx5: fix potential null dereference when enable shared FDB

Message ID 20250402094342.3559-1-hanchunchao@inspur.com (mailing list archive)
State Not Applicable
Headers show
Series net/mlx5: fix potential null dereference when enable shared FDB | expand

Commit Message

Charles Han April 2, 2025, 9:43 a.m. UTC 
mlx5_get_flow_namespace() may return a NULL pointer, dereferencing it
without NULL check may lead to NULL dereference.
Add a NULL check for ns.

Fixes: db202995f503 ("net/mlx5: E-Switch, add logic to enable shared FDB")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
---
 .../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 10 ++++++++++
 drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c       |  5 +++++
 2 files changed, 15 insertions(+)

Comments

Przemek Kitszel April 2, 2025, 11:01 a.m. UTC | #1 
On 4/2/25 11:43, Charles Han wrote:
> mlx5_get_flow_namespace() may return a NULL pointer, dereferencing it
> without NULL check may lead to NULL dereference.
> Add a NULL check for ns.
> 
> Fixes: db202995f503 ("net/mlx5: E-Switch, add logic to enable shared FDB")
> Signed-off-by: Charles Han <hanchunchao@inspur.com>
> ---
>   .../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 10 ++++++++++
>   drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c       |  5 +++++
>   2 files changed, 15 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> index a6a8eea5980c..dc58e4c2d786 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> @@ -2667,6 +2667,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master,
>   	if (master) {
>   		ns = mlx5_get_flow_namespace(master,
>   					     MLX5_FLOW_NAMESPACE_FDB);
> +		if (!ns) {
> +			mlx5_core_warn(master, "Failed to get flow namespace\n");
> +			return -EOPNOTSUPP;

I would return -ENXIO in such cases, you were searching and not found
that.

IOW it is obvious that dereferencing a null ptr is not supported.

If you agree, please apply the same comment for your other patch:
https://lore.kernel.org/netdev/20250402093221.3253-1-hanchunchao@inspur.com/T/#u

> +		}
> +
>   		root = find_root(&ns->node);
>   		mutex_lock(&root->chain_lock);
>   		MLX5_SET(set_flow_table_root_in, in,
> @@ -2679,6 +2684,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master,
>   	} else {
>   		ns = mlx5_get_flow_namespace(slave,
>   					     MLX5_FLOW_NAMESPACE_FDB);
> +		if (!ns) {
> +			mlx5_core_warn(slave, "Failed to get flow namespace\n");
> +			return -EOPNOTSUPP;
> +		}
> +
>   		root = find_root(&ns->node);
>   		mutex_lock(&root->chain_lock);
>   		MLX5_SET(set_flow_table_root_in, in, table_id,
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
> index a47c29571f64..18e59f6a0f2d 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
> @@ -186,6 +186,11 @@ static int mlx5_cmd_set_slave_root_fdb(struct mlx5_core_dev *master,
>   	} else {
>   		ns = mlx5_get_flow_namespace(slave,
>   					     MLX5_FLOW_NAMESPACE_FDB);
> +		if (!ns) {
> +			mlx5_core_warn(slave, "Failed to get flow namespace\n");
> +			return -EOPNOTSUPP;
> +		}
> +
>   		root = find_root(&ns->node);
>   		MLX5_SET(set_flow_table_root_in, in, table_id,
>   			 root->root_ft->id);
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
index a6a8eea5980c..dc58e4c2d786 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
@@ -2667,6 +2667,11 @@  static int esw_set_slave_root_fdb(struct mlx5_core_dev *master,
 	if (master) {
 		ns = mlx5_get_flow_namespace(master,
 					     MLX5_FLOW_NAMESPACE_FDB);
+		if (!ns) {
+			mlx5_core_warn(master, "Failed to get flow namespace\n");
+			return -EOPNOTSUPP;
+		}
+
 		root = find_root(&ns->node);
 		mutex_lock(&root->chain_lock);
 		MLX5_SET(set_flow_table_root_in, in,
@@ -2679,6 +2684,11 @@  static int esw_set_slave_root_fdb(struct mlx5_core_dev *master,
 	} else {
 		ns = mlx5_get_flow_namespace(slave,
 					     MLX5_FLOW_NAMESPACE_FDB);
+		if (!ns) {
+			mlx5_core_warn(slave, "Failed to get flow namespace\n");
+			return -EOPNOTSUPP;
+		}
+
 		root = find_root(&ns->node);
 		mutex_lock(&root->chain_lock);
 		MLX5_SET(set_flow_table_root_in, in, table_id,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
index a47c29571f64..18e59f6a0f2d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
@@ -186,6 +186,11 @@  static int mlx5_cmd_set_slave_root_fdb(struct mlx5_core_dev *master,
 	} else {
 		ns = mlx5_get_flow_namespace(slave,
 					     MLX5_FLOW_NAMESPACE_FDB);
+		if (!ns) {
+			mlx5_core_warn(slave, "Failed to get flow namespace\n");
+			return -EOPNOTSUPP;
+		}
+
 		root = find_root(&ns->node);
 		MLX5_SET(set_flow_table_root_in, in, table_id,
 			 root->root_ft->id);