diff mbox series

qed/qed_sriov: avoid null-ptr-deref

Message ID 20241025093135.1053121-1-chenridong@huaweicloud.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series qed/qed_sriov: avoid null-ptr-deref | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 17 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Chen Ridong Oct. 25, 2024, 9:31 a.m. UTC 
From: Chen Ridong <chenridong@huawei.com>

The qed_iov_get_public_vf_info may return NULL, which may lead to
null-ptr-deref. To avoid possible null-ptr-deref, check vf_info
before accessing its member.

Signed-off-by: Chen Ridong <chenridong@huawei.com>
---
 drivers/net/ethernet/qlogic/qed/qed_sriov.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Alexander Lobakin Oct. 25, 2024, 3:28 p.m. UTC | #1 
From: Chen Ridong <chenridong@huaweicloud.com>
Date: Fri, 25 Oct 2024 09:31:35 +0000

> [PATCH] qed/qed_sriov: avoid null-ptr-deref

Use the correct tree prefix, [PATCH net] in your case.

> From: Chen Ridong <chenridong@huawei.com>

Why do you commit from @huawei.com, but send from @huaweicloud.com?

> 
> The qed_iov_get_public_vf_info may return NULL, which may lead to
> null-ptr-deref. To avoid possible null-ptr-deref, check vf_info

Do you have a repro for this or it's purely hypothetical?

> before accessing its member.
> 

Here you should have a "Fixes:" tag if you believe this is a fix.

> Signed-off-by: Chen Ridong <chenridong@huawei.com>
> ---
>  drivers/net/ethernet/qlogic/qed/qed_sriov.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
> index fa167b1aa019..30da9865496d 100644
> --- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
> +++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
> @@ -2997,6 +2997,8 @@ static int qed_iov_pre_update_vport(struct qed_hwfn *hwfn,
>  		return 0;
>  
>  	vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true);
> +	if (!vf_info)
> +		return 0;

0 or error code?

>  
>  	if (flags->update_rx_mode_config) {
>  		vf_info->rx_accept_mode = flags->rx_accept_filter;

Thanks,
Olek
Chen Ridong Oct. 29, 2024, 1:42 a.m. UTC | #2 
On 2024/10/25 23:28, Alexander Lobakin wrote:
> From: Chen Ridong <chenridong@huaweicloud.com>
> Date: Fri, 25 Oct 2024 09:31:35 +0000
> 
>> [PATCH] qed/qed_sriov: avoid null-ptr-deref
> 
> Use the correct tree prefix, [PATCH net] in your case.
> 

Thanks, will update

>> From: Chen Ridong <chenridong@huawei.com>
> 
> Why do you commit from @huawei.com, but send from @huaweicloud.com?
> 
The @huawei.com is the email I am actually using. But if I use it to
send email, my patches may not appear in maintainers's inbox list. This
won't be happened when I use 'huaweicloud.com' to send emails. So I am
using 'huaweicloud.com' to communicate with community. However, I would
like to maintain the same author identity.

>>
>> The qed_iov_get_public_vf_info may return NULL, which may lead to
>> null-ptr-deref. To avoid possible null-ptr-deref, check vf_info
> 
> Do you have a repro for this or it's purely hypothetical?
> 

I read the code and found that calling qed_iov_get_public_vf_info
without checking whether the 'vfid' is valid  may result in a null
pointer, which may lead to a null pointer dereference.

>> before accessing its member.
>>
> 
> Here you should have a "Fixes:" tag if you believe this is a fix.
> 
>> Signed-off-by: Chen Ridong <chenridong@huawei.com>
>> ---
>>  drivers/net/ethernet/qlogic/qed/qed_sriov.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
>> index fa167b1aa019..30da9865496d 100644
>> --- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
>> +++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
>> @@ -2997,6 +2997,8 @@ static int qed_iov_pre_update_vport(struct qed_hwfn *hwfn,
>>  		return 0;
>>  
>>  	vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true);
>> +	if (!vf_info)
>> +		return 0;
> 
> 0 or error code?

It should return error code after I read the code again.
Thank you very much.

> 
>>  
>>  	if (flags->update_rx_mode_config) {
>>  		vf_info->rx_accept_mode = flags->rx_accept_filter;
> 
> Thanks,
> Olek
> 

Best regards,
Ridong
Alexander Lobakin Oct. 29, 2024, 3:15 p.m. UTC | #3 
From: Chen Ridong <chenridong@huaweicloud.com>
Date: Tue, 29 Oct 2024 09:42:11 +0800

> 
> 
> On 2024/10/25 23:28, Alexander Lobakin wrote:
>> From: Chen Ridong <chenridong@huaweicloud.com>
>> Date: Fri, 25 Oct 2024 09:31:35 +0000
>>
>>> [PATCH] qed/qed_sriov: avoid null-ptr-deref
>>
>> Use the correct tree prefix, [PATCH net] in your case.
>>
> 
> Thanks, will update
> 
>>> From: Chen Ridong <chenridong@huawei.com>
>>
>> Why do you commit from @huawei.com, but send from @huaweicloud.com?
>>
> The @huawei.com is the email I am actually using. But if I use it to
> send email, my patches may not appear in maintainers's inbox list. This
> won't be happened when I use 'huaweicloud.com' to send emails. So I am
> using 'huaweicloud.com' to communicate with community. However, I would
> like to maintain the same author identity.
> 
>>>
>>> The qed_iov_get_public_vf_info may return NULL, which may lead to
>>> null-ptr-deref. To avoid possible null-ptr-deref, check vf_info
>>
>> Do you have a repro for this or it's purely hypothetical?
>>
> 
> I read the code and found that calling qed_iov_get_public_vf_info
> without checking whether the 'vfid' is valid  may result in a null
> pointer, which may lead to a null pointer dereference.

If you want to submit a fix, you need to have a step-by-step manual how
to reproduce the bug you're fixing.

> 
>>> before accessing its member.
>>>
>>
>> Here you should have a "Fixes:" tag if you believe this is a fix.

Thanks,
Olek
Chen Ridong Oct. 30, 2024, 1:17 a.m. UTC | #4 
On 2024/10/29 23:15, Alexander Lobakin wrote:
> From: Chen Ridong <chenridong@huaweicloud.com>
> Date: Tue, 29 Oct 2024 09:42:11 +0800
> 
>>
>>
>> On 2024/10/25 23:28, Alexander Lobakin wrote:
>>> From: Chen Ridong <chenridong@huaweicloud.com>
>>> Date: Fri, 25 Oct 2024 09:31:35 +0000
>>>
>>>> [PATCH] qed/qed_sriov: avoid null-ptr-deref
>>>
>>> Use the correct tree prefix, [PATCH net] in your case.
>>>
>>
>> Thanks, will update
>>
>>>> From: Chen Ridong <chenridong@huawei.com>
>>>
>>> Why do you commit from @huawei.com, but send from @huaweicloud.com?
>>>
>> The @huawei.com is the email I am actually using. But if I use it to
>> send email, my patches may not appear in maintainers's inbox list. This
>> won't be happened when I use 'huaweicloud.com' to send emails. So I am
>> using 'huaweicloud.com' to communicate with community. However, I would
>> like to maintain the same author identity.
>>
>>>>
>>>> The qed_iov_get_public_vf_info may return NULL, which may lead to
>>>> null-ptr-deref. To avoid possible null-ptr-deref, check vf_info
>>>
>>> Do you have a repro for this or it's purely hypothetical?
>>>
>>
>> I read the code and found that calling qed_iov_get_public_vf_info
>> without checking whether the 'vfid' is valid  may result in a null
>> pointer, which may lead to a null pointer dereference.
> 
> If you want to submit a fix, you need to have a step-by-step manual how
> to reproduce the bug you're fixing.
> 
>>
>>>> before accessing its member.
>>>>
>>>
>>> Here you should have a "Fixes:" tag if you believe this is a fix.
> 
> Thanks,
> Olek

Thanks,
I will try to reproduce this bug.

Best regards,
Ridong
diff mbox series

Patch

diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
index fa167b1aa019..30da9865496d 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
@@ -2997,6 +2997,8 @@  static int qed_iov_pre_update_vport(struct qed_hwfn *hwfn,
 		return 0;
 
 	vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true);
+	if (!vf_info)
+		return 0;
 
 	if (flags->update_rx_mode_config) {
 		vf_info->rx_accept_mode = flags->rx_accept_filter;
@@ -5145,6 +5147,9 @@  static void qed_iov_handle_trust_change(struct qed_hwfn *hwfn)
 		 * needed.
 		 */
 		vf_info = qed_iov_get_public_vf_info(hwfn, i, true);
+		if (!vf_info)
+			continue;
+
 		if (vf_info->is_trusted_configured ==
 		    vf_info->is_trusted_request)
 			continue;