lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 24 Mar 2014 13:49:30 -0700
From:	Jeff Kirsher <jeffrey.t.kirsher@...el.com>
To:	Christoph Paasch <christoph.paasch@...ouvain.be>
Cc:	"davem@...emloft.net" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"gospo@...hat.com" <gospo@...hat.com>,
	"sassmann@...hat.com" <sassmann@...hat.com>,
	Carolyn Wyborny <carolyn.wyborny@...el.com>
Subject: Re: [net-next 15/16] igb: Fix Null-pointer dereference in
 igb_reset_q_vector

On Sun, 2014-03-23 at 15:31 +0100, Christoph Paasch wrote:
> On 21/03/14 - 12:10:05, Jeff Kirsher wrote:
> > From: Christoph Paasch <christoph.paasch@...ouvain.be>
> > 
> > When igb_set_interrupt_capability() calls
> > igb_reset_interrupt_capability() (e.g., because CONFIG_PCI_MSI is
> unset),
> > num_q_vectors has been set but no vector has yet been allocated.
> > 
> > igb_reset_interrupt_capability() will then call igb_reset_q_vector,
> > which assumes that the vector is allocated. As this is not the case,
> we
> > are accessing a NULL-pointer.
> > 
> > This patch fixes it by checking that q_vector is indeed different
> from
> > NULL.
> > 
> > Fixes: 02ef6e1d0b0023 (igb: Fix queue allocation method to
> accommodate changing during runtime)
> > Cc: Carolyn Wyborny <carolyn.wyborny@...el.com>
> > Signed-off-by: Christoph Paasch <christoph.paasch@...ouvain.be>
> > Tested-by: Jeff Pieper <jeffrey.e.pieper@...el.com>
> > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com>
> 
> Hello Jeff,
> 
> shouldn't this one rather be for 'net' instead of 'net-next'? Because
> 02ef6e1d0b0023 is part of 3.14-rc1.

Yes, but being that it is late in the -rcX cycle and 3.14 is expected to
be released anytime now, it was not prudent to try and push this in
right before the window closes.  It is better to have -stable pick this
up once Linus releases 3.14.  Same goes for your other patch.

So once Linus releases 3.14 and Linus merges in Dave's net-next tree for
3.15, I will notify the stable maintainers that your 2 patches need to
be picked up for 3.14.x stable trees.

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ