mbox series

[net,v2,0/2] bonding: fix NULL deref in bond_rr_gen_slave_id

Message ID cover.1663694476.git.jtoppins@redhat.com (mailing list archive)
Headers show
Series bonding: fix NULL deref in bond_rr_gen_slave_id | expand

Message

Jonathan Toppins Sept. 20, 2022, 5:45 p.m. UTC 
Fix a NULL dereference of the struct bonding.rr_tx_counter member because
if a bond is initially created with an initial mode != zero (Round Robin)
the memory required for the counter is never created and when the mode is
changed there is never any attempt to verify the memory is allocated upon
switching modes.

The first patch provides a selftest to demonstrate the issue and the
second patch fixes the issue.

Jonathan Toppins (2):
  selftests: bonding: cause oops in bond_rr_gen_slave_id
  bonding: fix NULL deref in bond_rr_gen_slave_id

 drivers/net/bonding/bond_main.c               | 15 +++---
 .../selftests/drivers/net/bonding/Makefile    |  3 +-
 .../bonding/bond-arp-interval-causes-panic.sh | 49 +++++++++++++++++++
 3 files changed, 57 insertions(+), 10 deletions(-)
 create mode 100755 tools/testing/selftests/drivers/net/bonding/bond-arp-interval-causes-panic.sh

Comments

Jay Vosburgh Sept. 20, 2022, 5:53 p.m. UTC | #1 
Jonathan Toppins <jtoppins@redhat.com> wrote:

>Fix a NULL dereference of the struct bonding.rr_tx_counter member because
>if a bond is initially created with an initial mode != zero (Round Robin)
>the memory required for the counter is never created and when the mode is
>changed there is never any attempt to verify the memory is allocated upon
>switching modes.
>
>The first patch provides a selftest to demonstrate the issue and the
>second patch fixes the issue.
>
>Jonathan Toppins (2):
>  selftests: bonding: cause oops in bond_rr_gen_slave_id
>  bonding: fix NULL deref in bond_rr_gen_slave_id

	For the series:

Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>


> drivers/net/bonding/bond_main.c               | 15 +++---
> .../selftests/drivers/net/bonding/Makefile    |  3 +-
> .../bonding/bond-arp-interval-causes-panic.sh | 49 +++++++++++++++++++
> 3 files changed, 57 insertions(+), 10 deletions(-)
> create mode 100755 tools/testing/selftests/drivers/net/bonding/bond-arp-interval-causes-panic.sh
>
>-- 
>2.31.1
>
patchwork-bot+netdevbpf@kernel.org Sept. 22, 2022, 2:10 p.m. UTC | #2 
Hello:

This series was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 20 Sep 2022 13:45:50 -0400 you wrote:
> Fix a NULL dereference of the struct bonding.rr_tx_counter member because
> if a bond is initially created with an initial mode != zero (Round Robin)
> the memory required for the counter is never created and when the mode is
> changed there is never any attempt to verify the memory is allocated upon
> switching modes.
> 
> The first patch provides a selftest to demonstrate the issue and the
> second patch fixes the issue.
> 
> [...]

Here is the summary with links:
  - [net,v2,1/2] selftests: bonding: cause oops in bond_rr_gen_slave_id
    https://git.kernel.org/netdev/net/c/2ffd57327ff1
  - [net,v2,2/2] bonding: fix NULL deref in bond_rr_gen_slave_id
    https://git.kernel.org/netdev/net/c/0e400d602f46

You are awesome, thank you!