| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aCrVQOqV68u4AQkR@mev-dev.igk.intel.com>
Date: Mon, 19 May 2025 08:52:57 +0200
From: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
To: Wentao Liang <vulab@...as.ac.cn>
Cc: saeedm@...dia.com, leon@...nel.org, tariqt@...dia.com,
andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] net: mlx5: vport: Add error handling in
mlx5_query_nic_vport_qkey_viol_cntr()
On Mon, May 19, 2025 at 11:40:43AM +0800, Wentao Liang wrote:
> The function mlx5_query_nic_vport_qkey_viol_cntr() calls the functuion
> mlx5_query_nic_vport_context() but does not check its return value. This
> could lead to undefined behavior if the query fails. A proper
> implementation can be found in mlx5_nic_vport_query_local_lb().
>
> Add error handling for mlx5_query_nic_vport_context(). If it fails, free
> the out buffer via kvfree() and return error code.
>
> Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields")
> Cc: stable@...r.kernel.org # v4.5
> Signed-off-by: Wentao Liang <vulab@...as.ac.cn>
> ---
> drivers/net/ethernet/mellanox/mlx5/core/vport.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> index 0d5f750faa45..276b162ccf18 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> @@ -518,20 +518,23 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev,
> u16 *qkey_viol_cntr)
> {
> u32 *out;
> - int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
> + int ret, outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
You can fix RCT here.
>
> out = kvzalloc(outlen, GFP_KERNEL);
> if (!out)
> return -ENOMEM;
>
> - mlx5_query_nic_vport_context(mdev, 0, out);
> + ret = mlx5_query_nic_vport_context(mdev, 0, out);
> + if (ret)
> + goto out;
>
> *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out,
> nic_vport_context.qkey_violation_counter);
> -
> + ret = 0;
ret is already 0 here, no need to reassign it.
> +out:
> kvfree(out);
>
> - return 0;
> + return ret;
> }
> EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);
>
> --
> 2.42.0.windows.2
Powered by blists - more mailing lists