nfp: flower: Added pointer check and continue.

Message ID	20231117125701.58927-1-arefev@swemel.ru (mailing list archive)
State	Changes Requested
Delegated to:	Netdev Maintainers
Headers	show Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=swemel.ru header.i=@swemel.ru header.b="voctcqkI" From: Denis Arefev <arefev@swemel.ru> To: Louis Peens <louis.peens@corigine.com> Cc: Jakub Kicinski <kuba@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>, oss-drivers@corigine.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH] nfp: flower: Added pointer check and continue. Date: Fri, 17 Nov 2023 15:57:01 +0300 Message-Id: <20231117125701.58927-1-arefev@swemel.ru> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nfp: flower: Added pointer check and continue. \| expand nfp: flower: Added pointer check and continue.

Message ID

20231117125701.58927-1-arefev@swemel.ru (mailing list archive)

State

Changes Requested

Delegated to:

Netdev Maintainers

Headers

From: Denis Arefev <arefev@swemel.ru>
To: Louis Peens <louis.peens@corigine.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	oss-drivers@corigine.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	lvc-project@linuxtesting.org
Subject: [PATCH] nfp: flower: Added pointer check and continue.
Date: Fri, 17 Nov 2023 15:57:01 +0300
Message-Id: <20231117125701.58927-1-arefev@swemel.ru>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nfp: flower: Added pointer check and continue. | expand

Context	Check	Description
netdev/series_format	warning	Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection	success	Guessed tree name to be net-next
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 1127 this patch: 1127
netdev/cc_maintainers	success	CCed 7 of 7 maintainers
netdev/build_clang	success	Errors and warnings before: 1154 this patch: 1154
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 1154 this patch: 1154
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 11 lines checked
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

netdev/series_format

warning

Single patches do not need cover letters; Target tree name not specified in the subject

netdev/tree_selection

success

Guessed tree name to be net-next

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

success

Errors and warnings before: 1127 this patch: 1127

netdev/cc_maintainers

success

CCed 7 of 7 maintainers

netdev/build_clang

success

Errors and warnings before: 1154 this patch: 1154

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/deprecated_api

success

None detected

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

success

Errors and warnings before: 1154 this patch: 1154

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 11 lines checked

netdev/build_clang_rust

success

No Rust files in patch. Skipping build

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/source_inline

success

Was 0 now: 0

Commit Message

Denis Arefev Nov. 17, 2023, 12:57 p.m. UTC

Return value of a function 'kmalloc_array' is dereferenced at
lag_conf.c without checking for null, but it is usually
checked for this function.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
 drivers/net/ethernet/netronome/nfp/flower/lag_conf.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Louis Peens Nov. 17, 2023, 2:27 p.m. UTC | #1

On Fri, Nov 17, 2023 at 03:57:01PM +0300, Denis Arefev wrote:
> 
> Return value of a function 'kmalloc_array' is dereferenced at
> lag_conf.c without checking for null, but it is usually
> checked for this function.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Denis Arefev <arefev@swemel.ru>
> ---
>  drivers/net/ethernet/netronome/nfp/flower/lag_conf.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> index 88d6d992e7d0..8cc6cce73283 100644
> --- a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> +++ b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
> @@ -339,6 +339,11 @@ static void nfp_fl_lag_do_work(struct work_struct *work)
>                 acti_netdevs = kmalloc_array(entry->slave_cnt,
>                                              sizeof(*acti_netdevs), GFP_KERNEL);
> 
> +               if (!acti_netdevs) {
> +                       schedule_delayed_work(&lag->work, NFP_FL_LAG_DELAY);
> +                       continue;
> +               }
> +
Thanks for reporting this Denis, it definitely seems to be an oversight.
Would you mind adding a 'nfp_flower_cmsg_warn' here as well, so that
this case does not go undetected? Maybe something like "cannot
allocate memory for group processing" can work.

>                 /* Include sanity check in the loop. It may be that a bond has
>                  * changed between processing the last notification and the
>                  * work queue triggering. If the number of slaves has changed
> --
> 2.25.1
>

Jakub Kicinski Nov. 19, 2023, 4:22 a.m. UTC | #2

On Fri, 17 Nov 2023 16:27:17 +0200 Louis Peens wrote:
> >                 acti_netdevs = kmalloc_array(entry->slave_cnt,
> >                                              sizeof(*acti_netdevs), GFP_KERNEL);
> > 

Unnecessary new line, please remove it.
There should be no empty lines between call and error check.

> > +               if (!acti_netdevs) {
> > +                       schedule_delayed_work(&lag->work, NFP_FL_LAG_DELAY);
> > +                       continue;
> > +               }
> > +  
> Thanks for reporting this Denis, it definitely seems to be an oversight.
> Would you mind adding a 'nfp_flower_cmsg_warn' here as well, so that
> this case does not go undetected? Maybe something like "cannot
> allocate memory for group processing" can work.

There's a checkpatch check against printing warnings on allocation
failures. Kernel will complain loudly on OOM, anyway, there's no need
for a local print.

Louis Peens Nov. 20, 2023, 7:04 a.m. UTC | #3

On Sat, Nov 18, 2023 at 08:22:07PM -0800, Jakub Kicinski wrote:
> On Fri, 17 Nov 2023 16:27:17 +0200 Louis Peens wrote:
> > >                 acti_netdevs = kmalloc_array(entry->slave_cnt,
> > >                                              sizeof(*acti_netdevs), GFP_KERNEL);
> > > 
> 
> Unnecessary new line, please remove it.
> There should be no empty lines between call and error check.
> 
> > > +               if (!acti_netdevs) {
> > > +                       schedule_delayed_work(&lag->work, NFP_FL_LAG_DELAY);
> > > +                       continue;
> > > +               }
> > > +  
> > Thanks for reporting this Denis, it definitely seems to be an oversight.
> > Would you mind adding a 'nfp_flower_cmsg_warn' here as well, so that
> > this case does not go undetected? Maybe something like "cannot
> > allocate memory for group processing" can work.
> 
> There's a checkpatch check against printing warnings on allocation
> failures. Kernel will complain loudly on OOM, anyway, there's no need
> for a local print.
Ah, thanks Jakub, I did not know that this is frowned upon. But I have
not thought about OOM - it would indeed not be a silent failure.

In that case I would be quite happy to add my Ack to v2 with the newline
comment addressed.
> -- 
> pw-bot: cr

diff --git a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
index 88d6d992e7d0..8cc6cce73283 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/lag_conf.c
@@ -339,6 +339,11 @@  static void nfp_fl_lag_do_work(struct work_struct *work)
 		acti_netdevs = kmalloc_array(entry->slave_cnt,
 					     sizeof(*acti_netdevs), GFP_KERNEL);
 
+		if (!acti_netdevs) {
+			schedule_delayed_work(&lag->work, NFP_FL_LAG_DELAY);
+			continue;
+		}
+
 		/* Include sanity check in the loop. It may be that a bond has
 		 * changed between processing the last notification and the
 		 * work queue triggering. If the number of slaves has changed

nfp: flower: Added pointer check and continue.

Checks

Commit Message

Comments

Patch