lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2017 12:42:52 -0500 From: "Gustavo A. R. Silva" <garsilva@...eddedor.com> To: Yuval Mintz <Yuval.Mintz@...ium.com>, Ariel Elior <Ariel.Elior@...ium.com>, everest-linux-l2@...ium.com Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [net-qed] question about potential null pointer dereference Hello everybody, While looking into Coverity ID 1362293 I ran into the following piece of code at drivers/net/ethernet/qlogic/qed/qed_sriov.c:3863: 3863static int 3864qed_iov_configure_min_tx_rate(struct qed_dev *cdev, int vfid, u32 rate) 3865{ 3866 struct qed_vf_info *vf; 3867 u8 vport_id; 3868 int i; 3869 3870 for_each_hwfn(cdev, i) { 3871 struct qed_hwfn *p_hwfn = &cdev->hwfns[i]; 3872 3873 if (!qed_iov_pf_sanity_check(p_hwfn, vfid)) { 3874 DP_NOTICE(p_hwfn, 3875 "SR-IOV sanity check failed, can't set min rate\n"); 3876 return -EINVAL; 3877 } 3878 } 3879 3880 vf = qed_iov_get_vf_info(QED_LEADING_HWFN(cdev), (u16)vfid, true); 3881 vport_id = vf->vport_id; 3882 3883 return qed_configure_vport_wfq(cdev, vport_id, rate); 3884} The issue here is that in case function qed_iov_get_vf_info() at line 3880, returns NULL, a NULL pointer dereference will take place at line 3881. Maybe a patch like the following could be applied in order to avoid any potential NULL pointer dereference: index 71e392f..6bf1f0e2 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c +++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c @@ -3878,6 +3878,9 @@ qed_iov_configure_min_tx_rate(struct qed_dev *cdev, int vfid, u32 rate) } vf = qed_iov_get_vf_info(QED_LEADING_HWFN(cdev), (u16)vfid, true); + if (!vf) + return -EINVAL; + vport_id = vf->vport_id; return qed_configure_vport_wfq(cdev, vport_id, rate); What do you think? I'd really appreciate any comment on this. Thank you! -- Gustavo A. R. Silva
Powered by blists - more mailing lists