| Message ID | 20250407064757.4266-1-hanchunchao@inspur.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [V2] net/mlx5: fix potential null dereference when enable shared FDB | expand |
On 07/04/2025 9:47, Charles Han wrote: > mlx5_get_flow_namespace() may return a NULL pointer, dereferencing it > without NULL check may lead to NULL dereference. > Add a NULL check for ns. > > Fixes: db202995f503 ("net/mlx5: E-Switch, add logic to enable shared FDB") > Signed-off-by: Charles Han <hanchunchao@inspur.com> > --- > .../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 10 ++++++++++ > drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c | 5 +++++ > 2 files changed, 15 insertions(+) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c > index a6a8eea5980c..5405134e74b6 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c > @@ -2667,6 +2667,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master, > if (master) { > ns = mlx5_get_flow_namespace(master, > MLX5_FLOW_NAMESPACE_FDB); > + if (!ns) { > + esw_warn(master, "Failed to get flow namespace\n"); > + return -EOPNOTSUPP; > + } > + > root = find_root(&ns->node); > mutex_lock(&root->chain_lock); > MLX5_SET(set_flow_table_root_in, in, > @@ -2679,6 +2684,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master, > } else { > ns = mlx5_get_flow_namespace(slave, > MLX5_FLOW_NAMESPACE_FDB); > + if (!ns) { > + esw_warn(slave, "Failed to get flow namespace\n"); > + return -EOPNOTSUPP; > + } > + > root = find_root(&ns->node); > mutex_lock(&root->chain_lock); > MLX5_SET(set_flow_table_root_in, in, table_id, > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c > index a47c29571f64..18e59f6a0f2d 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c > @@ -186,6 +186,11 @@ static int mlx5_cmd_set_slave_root_fdb(struct mlx5_core_dev *master, > } else { > ns = mlx5_get_flow_namespace(slave, > MLX5_FLOW_NAMESPACE_FDB); > + if (!ns) { > + mlx5_core_warn(slave, "Failed to get flow namespace\n"); > + return -EOPNOTSUPP; > + } > + > root = find_root(&ns->node); > MLX5_SET(set_flow_table_root_in, in, table_id, > root->root_ft->id); Thanks for your patch. I wonder, did you fail on any of these, or just caught them while reading the code?
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c index a6a8eea5980c..5405134e74b6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c @@ -2667,6 +2667,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master, if (master) { ns = mlx5_get_flow_namespace(master, MLX5_FLOW_NAMESPACE_FDB); + if (!ns) { + esw_warn(master, "Failed to get flow namespace\n"); + return -EOPNOTSUPP; + } + root = find_root(&ns->node); mutex_lock(&root->chain_lock); MLX5_SET(set_flow_table_root_in, in, @@ -2679,6 +2684,11 @@ static int esw_set_slave_root_fdb(struct mlx5_core_dev *master, } else { ns = mlx5_get_flow_namespace(slave, MLX5_FLOW_NAMESPACE_FDB); + if (!ns) { + esw_warn(slave, "Failed to get flow namespace\n"); + return -EOPNOTSUPP; + } + root = find_root(&ns->node); mutex_lock(&root->chain_lock); MLX5_SET(set_flow_table_root_in, in, table_id, diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c index a47c29571f64..18e59f6a0f2d 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c @@ -186,6 +186,11 @@ static int mlx5_cmd_set_slave_root_fdb(struct mlx5_core_dev *master, } else { ns = mlx5_get_flow_namespace(slave, MLX5_FLOW_NAMESPACE_FDB); + if (!ns) { + mlx5_core_warn(slave, "Failed to get flow namespace\n"); + return -EOPNOTSUPP; + } + root = find_root(&ns->node); MLX5_SET(set_flow_table_root_in, in, table_id, root->root_ft->id);
mlx5_get_flow_namespace() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for ns. Fixes: db202995f503 ("net/mlx5: E-Switch, add logic to enable shared FDB") Signed-off-by: Charles Han <hanchunchao@inspur.com> --- .../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 10 ++++++++++ drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c | 5 +++++ 2 files changed, 15 insertions(+)