Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/net
History
Aleksandr Mishin a04fd7acfb liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet 
[ Upstream commit c44711b78608c98a3e6b49ce91678cd0917d5349 ]

In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value,
but then it is unconditionally passed to skb_add_rx_frag() which looks
strange and could lead to null pointer dereference.

lio_vf_rep_copy_packet() call trace looks like:
	octeon_droq_process_packets
	 octeon_droq_fast_process_packets
	  octeon_droq_dispatch_pkt
	   octeon_create_recv_info
	    ...search in the dispatch_list...
	     ->disp_fn(rdisp->rinfo, ...)
	      lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...)
In this path there is no code which sets pg_info->page to NULL.
So this check looks unneeded and doesn't solve potential problem.
But I guess the author had reason to add a check and I have no such card
and can't do real test.
In addition, the code in the function liquidio_push_packet() in
liquidio/lio_core.c does exactly the same.

Based on this, I consider the most acceptable compromise solution to
adjust this issue by moving skb_add_rx_frag() into conditional scope.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 1f233f327913 ("liquidio: switchdev support for LiquidIO NIC")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-19 14:19:03 +01:00
..
appletalk
arcnet
bonding bonding: remove print in bond_verify_device_path 2024-11-18 12:13:23 +01:00
caif
can
dropdump
dsa net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 2024-11-19 11:32:43 +01:00
ethernet liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet 2024-11-19 14:19:03 +01:00
fddi
fjes fjes: fix memleaks in fjes_hw_setup 2024-11-18 12:13:01 +01:00
hamradio
hippi
hyperv hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed 2024-11-18 23:19:52 +01:00
ieee802154
ipa
ipvlan ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound 2024-11-19 12:27:11 +01:00
mdio
netdevsim
pcs
phy net: sfp: Always call sfp_sm_mod_remove() on remove 2024-11-19 14:19:03 +01:00
plip
ppp ppp_async: limit MRU to 64K 2024-11-18 12:13:25 +01:00
slip
team
usb net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM 2024-11-19 12:27:10 +01:00
vmxnet3
vxlan vxlan: Fix regression when dropping packets due to invalid src addresses 2024-11-19 14:19:00 +01:00
wan
wimax
wireguard wireguard: netlink: access device through ctx instead of peer 2024-11-19 09:22:37 +01:00
wireless wifi: iwlwifi: mvm: don't read past the mfuart notifcation 2024-11-19 14:19:00 +01:00
xen-netback xen-netback: properly sync TX responses 2024-11-18 12:13:30 +01:00
bareudp.c
dummy.c
eql.c
geneve.c geneve: fix header validation in geneve[6]_xmit_skb 2024-11-19 11:32:19 +01:00
gtp.c net: gtp: Fix Use-After-Free in gtp_dellink 2024-11-19 11:32:37 +01:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c
macsec.c
macvlan.c
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c tun: limit printing rate when illegal packet received by tun dev 2024-11-19 11:32:21 +01:00
veth.c
virtio_net.c virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings 2024-11-18 12:13:20 +01:00
vrf.c
vsockmon.c
xen-netfront.c