diff mbox series

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

Message ID 20240923113455.24541-1-esalomatkina@ispras.ru (mailing list archive)
State Superseded
Headers show
Series net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() | expand

Commit Message

Elena Salomatkina Sept. 23, 2024, 11:34 a.m. UTC 
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Simon Horman Sept. 23, 2024, 6:35 p.m. UTC | #1 
On Mon, Sep 23, 2024 at 02:34:55PM +0300, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>

Hi Elena,

Unfortunately your patch doesn't apply. This appears to be because
it has been white-space mangled, somehow: tabs have turned into 4 spaces.

I would suggest using b4, or git format-patch + git send-email.
To send patches.

Also, as a fix, this patch should be targeted at net, like this:

	Subject [PATCH net v2] ...

This and more information about sending Networking patches can be
found here: https://docs.kernel.org/process/maintainer-netdev.html

> ---
>  drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> index d4239e3b3c88..72310452fce5 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> @@ -23,6 +23,8 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
>     struct mlx5e_tir_builder *builder;
>  
>     builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
> +   if (!builder)
> +       return NULL;

nit: blank line here please

>     builder->modify = modify;
>  
>     return builder;
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..72310452fce5 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,8 @@  struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
    struct mlx5e_tir_builder *builder;
 
    builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+   if (!builder)
+       return NULL;
    builder->modify = modify;
 
    return builder;