| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d96b30a-8da4-4bca-a366-bbc4bec257a0@gmail.com>
Date: Tue, 20 May 2025 14:26:45 +0300
From: Tariq Toukan <ttoukan.linux@...il.com>
To: Wentao Liang <vulab@...as.ac.cn>, saeedm@...dia.com, leon@...nel.org,
tariqt@...dia.com, andrew+netdev@...n.ch, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com
Cc: netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v2] net: mlx5: vport: Add error handling in
mlx5_query_nic_vport_qkey_viol_cntr()
On 19/05/2025 12:01, Wentao Liang wrote:
> The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function
> mlx5_query_nic_vport_context() but does not check its return value. This
> could lead to undefined behavior if the query fails. A proper
> implementation can be found in mlx5_nic_vport_query_local_lb().
>
> Add error handling for mlx5_query_nic_vport_context(). If it fails, free
> the out buffer via kvfree() and return error code.
>
> Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields")
> Cc: stable@...r.kernel.org # v4.5
> Signed-off-by: Wentao Liang <vulab@...as.ac.cn>
> ---
> v2: Remove redundant reassignment. Fix RCT.
>
> drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> index 0d5f750faa45..ded086ffe8ac 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
> @@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev,
> {
> u32 *out;
> int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out);
> + int ret;
>
> out = kvzalloc(outlen, GFP_KERNEL);
> if (!out)
> return -ENOMEM;
>
> - mlx5_query_nic_vport_context(mdev, 0, out);
> + ret = mlx5_query_nic_vport_context(mdev, 0, out);
> + if (ret)
> + goto out;
>
> *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out,
> nic_vport_context.qkey_violation_counter);
> -
> +out:
> kvfree(out);
>
> - return 0;
> + return ret;
> }
> EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);
>
Same comments on similar patch apply here:
https://patchwork.kernel.org/project/netdevbpf/patch/20250519090934.1956-1-vulab@iscas.ac.cn/
Powered by blists - more mailing lists