| Message ID | 20250411131431.46537-2-bsdhenrymartin@gmail.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | net/mlx5: Fix null-ptr-deref in TTC table creation | expand |
> Add NULL check for mlx5_get_flow_namespace() returns in > mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent > NULL pointer dereference. Can any other summary phrase variants become more desirable accordingly? … > --- > V3 -> V4: Fix potential memory leak. * Do you propose to complete the error handling for more function implementations? * Please avoid duplicate source code. * Can an other enumeration style become nicer for version numbers? > V2 -> V3: No functional changes, just gathering the patches in a series. Would you usually expect more than one update step then? Regards, Markus
On Fri, Apr 11, 2025 at 09:14:31PM +0800, Henry Martin wrote: > Add NULL check for mlx5_get_flow_namespace() returns in > mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent > NULL pointer dereference. > > Fixes: 137f3d50ad2a ("net/mlx5: Support matching on l4_type for ttc_table") > Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> > --- > V3 -> V4: Fix potential memory leak. > V2 -> V3: No functional changes, just gathering the patches in a series. > V1 -> V2: Add a empty line after the return statement. > > drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > index eb3bd9c7f66e..077fe908bf86 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > @@ -651,10 +651,16 @@ struct mlx5_ttc_table *mlx5_create_inner_ttc_table(struct mlx5_core_dev *dev, > MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, inner_l4_type); > break; > default: > + kvfree(ttc); > return ERR_PTR(-EINVAL); > } > > ns = mlx5_get_flow_namespace(dev, params->ns_type); > + if (!ns) { > + kvfree(ttc); > + return ERR_PTR(-EOPNOTSUPP); > + } > + > groups = use_l4_type ? &inner_ttc_groups[TTC_GROUPS_USE_L4_TYPE] : > &inner_ttc_groups[TTC_GROUPS_DEFAULT]; > > @@ -724,10 +730,16 @@ struct mlx5_ttc_table *mlx5_create_ttc_table(struct mlx5_core_dev *dev, > MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, outer_l4_type); > break; > default: > + kvfree(ttc); > return ERR_PTR(-EINVAL); > } > > ns = mlx5_get_flow_namespace(dev, params->ns_type); > + if (!ns){ > + kvfree(ttc); > + return ERR_PTR(-EOPNOTSUPP); > + } > + > groups = use_l4_type ? &ttc_groups[TTC_GROUPS_USE_L4_TYPE] : > &ttc_groups[TTC_GROUPS_DEFAULT]; Thanks for addressing leak Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com> > > -- > 2.34.1
On 11/04/2025 16:14, Henry Martin wrote: > Add NULL check for mlx5_get_flow_namespace() returns in > mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent > NULL pointer dereference. > > Fixes: 137f3d50ad2a ("net/mlx5: Support matching on l4_type for ttc_table") > Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> > --- > V3 -> V4: Fix potential memory leak. > V2 -> V3: No functional changes, just gathering the patches in a series. > V1 -> V2: Add a empty line after the return statement. > > drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > index eb3bd9c7f66e..077fe908bf86 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c > @@ -651,10 +651,16 @@ struct mlx5_ttc_table *mlx5_create_inner_ttc_table(struct mlx5_core_dev *dev, > MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, inner_l4_type); > break; > default: > + kvfree(ttc); Unrelated change. Not described in patch subject or commit message. Please introduce in a separate patch. > return ERR_PTR(-EINVAL); > } > > ns = mlx5_get_flow_namespace(dev, params->ns_type); > + if (!ns) { > + kvfree(ttc); > + return ERR_PTR(-EOPNOTSUPP); > + } > + > groups = use_l4_type ? &inner_ttc_groups[TTC_GROUPS_USE_L4_TYPE] : > &inner_ttc_groups[TTC_GROUPS_DEFAULT]; > > @@ -724,10 +730,16 @@ struct mlx5_ttc_table *mlx5_create_ttc_table(struct mlx5_core_dev *dev, > MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, outer_l4_type); > break; > default: > + kvfree(ttc); Same. > return ERR_PTR(-EINVAL); > } > > ns = mlx5_get_flow_namespace(dev, params->ns_type); > + if (!ns){ > + kvfree(ttc); > + return ERR_PTR(-EOPNOTSUPP); > + } > + > groups = use_l4_type ? &ttc_groups[TTC_GROUPS_USE_L4_TYPE] : > &ttc_groups[TTC_GROUPS_DEFAULT]; >
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c index eb3bd9c7f66e..077fe908bf86 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c @@ -651,10 +651,16 @@ struct mlx5_ttc_table *mlx5_create_inner_ttc_table(struct mlx5_core_dev *dev, MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, inner_l4_type); break; default: + kvfree(ttc); return ERR_PTR(-EINVAL); } ns = mlx5_get_flow_namespace(dev, params->ns_type); + if (!ns) { + kvfree(ttc); + return ERR_PTR(-EOPNOTSUPP); + } + groups = use_l4_type ? &inner_ttc_groups[TTC_GROUPS_USE_L4_TYPE] : &inner_ttc_groups[TTC_GROUPS_DEFAULT]; @@ -724,10 +730,16 @@ struct mlx5_ttc_table *mlx5_create_ttc_table(struct mlx5_core_dev *dev, MLX5_CAP_NIC_RX_FT_FIELD_SUPPORT_2(dev, outer_l4_type); break; default: + kvfree(ttc); return ERR_PTR(-EINVAL); } ns = mlx5_get_flow_namespace(dev, params->ns_type); + if (!ns){ + kvfree(ttc); + return ERR_PTR(-EOPNOTSUPP); + } + groups = use_l4_type ? &ttc_groups[TTC_GROUPS_USE_L4_TYPE] : &ttc_groups[TTC_GROUPS_DEFAULT];
Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent NULL pointer dereference. Fixes: 137f3d50ad2a ("net/mlx5: Support matching on l4_type for ttc_table") Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com> --- V3 -> V4: Fix potential memory leak. V2 -> V3: No functional changes, just gathering the patches in a series. V1 -> V2: Add a empty line after the return statement. drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)