diff mbox series

net: microchip: sparx5: Fix potential NULL pointer dereference in debugfs

Message ID 20250212091846.1166-1-vulab@iscas.ac.cn (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series net: microchip: sparx5: Fix potential NULL pointer dereference in debugfs | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers fail 1 blamed authors not CCed: horatiu.vultur@microchip.com; 1 maintainers not CCed: horatiu.vultur@microchip.com
netdev/build_clang success Errors and warnings before: 2 this patch: 2
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Wentao Liang Feb. 12, 2025, 9:18 a.m. UTC 
In vcap_debugfs_show_rule_keyset(), the function vcap_keyfields()
returns a NULL pointer upon allocation failure. This can lead to
a NULL pointer dereference in vcap_debugfs_show_rule_keyfield().
To prevent this, add a check for a NULL return value from
vcap_keyfields() and continue the loop if it is NULL.

Fixes: 610c32b2ce66 ("net: microchip: vcap: Add vcap_get_rule")
Cc: stable@vger.kernel.org # 6.2+
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Andrew Lunn Feb. 12, 2025, 1:49 p.m. UTC | #1 
On Wed, Feb 12, 2025 at 05:18:46PM +0800, Wentao Liang wrote:
> In vcap_debugfs_show_rule_keyset(), the function vcap_keyfields()
> returns a NULL pointer upon allocation failure.

/* Return the list of keyfields for the keyset */
const struct vcap_field *vcap_keyfields(struct vcap_control *vctrl,
					enum vcap_type vt,
					enum vcap_keyfield_set keyset)
{
	/* Check that the keyset exists in the vcap keyset list */
	if (keyset >= vctrl->vcaps[vt].keyfield_set_size)
		return NULL;
	return vctrl->vcaps[vt].keyfield_set_map[keyset];
}

I don't see any allocations here which can fail. I do agree it can
return NULL thought. So you code change looks correct, but you commit
message is broken.


    Andrew

---
pw-bot: cr
diff mbox series

Patch

diff --git a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c
index 59bfbda29bb3..e9e2f7af9be3 100644
--- a/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c
+++ b/drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c
@@ -202,6 +202,8 @@  static int vcap_debugfs_show_rule_keyset(struct vcap_rule_internal *ri,
 
 	list_for_each_entry(ckf, &ri->data.keyfields, ctrl.list) {
 		keyfield = vcap_keyfields(vctrl, admin->vtype, ri->data.keyset);
+		if (!keyfield)
+			continue;
 		vcap_debugfs_show_rule_keyfield(vctrl, out, ckf->ctrl.key,
 						keyfield, &ckf->data);
 	}