diff mbox series

[net,v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

Message ID 20240924160018.29049-1-esalomatkina@ispras.ru (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series [net,v2] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers fail 1 blamed authors not CCed: saeedm@nvidia.com; 1 maintainers not CCed: saeedm@nvidia.com
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-09-26--21-00 (tests: 768)

Commit Message

Elena Salomatkina Sept. 24, 2024, 4 p.m. UTC 
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
---
v2: Fix tab, add blank line

 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Simon Horman Sept. 24, 2024, 6:11 p.m. UTC | #1 
On Tue, Sep 24, 2024 at 07:00:18PM +0300, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
> ---
> v2: Fix tab, add blank line

Thanks for the update, this version looks good to me.

Reviewed-by: Simon Horman <horms@kernel.org>
Kalesh Anakkur Purayil Sept. 25, 2024, 2:01 a.m. UTC | #2 
On Tue, Sep 24, 2024 at 9:31 PM Elena Salomatkina
<esalomatkina@ispras.ru> wrote:
>
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
LGTM
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Tariq Toukan Sept. 25, 2024, 5:49 a.m. UTC | #3 
On 24/09/2024 19:00, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
> ---
> v2: Fix tab, add blank line
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> index d4239e3b3c88..11f724ad90db 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
> @@ -23,6 +23,9 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
>   	struct mlx5e_tir_builder *builder;
>   
>   	builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
> +	if (!builder)
> +		return NULL;
> +
>   	builder->modify = modify;
>   
>   	return builder;

Thanks for your patch.

Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Gal Pressman Sept. 25, 2024, 6:17 a.m. UTC | #4 
On 24/09/2024 19:00, Elena Salomatkina wrote:
> In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
> which is dereferenced on the next line in a reference
> to the modify field.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
> Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>

Thanks!
Reviewed-by: Gal Pressman <gal@nvidia.com>
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..11f724ad90db 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,9 @@  struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
 	struct mlx5e_tir_builder *builder;
 
 	builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+	if (!builder)
+		return NULL;
+
 	builder->modify = modify;
 
 	return builder;