lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 23 Mar 2014 15:31:25 +0100
From:	Christoph Paasch <christoph.paasch@...ouvain.be>
To:	Jeff Kirsher <jeffrey.t.kirsher@...el.com>
Cc:	"davem@...emloft.net" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"gospo@...hat.com" <gospo@...hat.com>,
	"sassmann@...hat.com" <sassmann@...hat.com>,
	Carolyn Wyborny <carolyn.wyborny@...el.com>
Subject: Re: [net-next 15/16] igb: Fix Null-pointer dereference in
 igb_reset_q_vector

On 21/03/14 - 12:10:05, Jeff Kirsher wrote:
> From: Christoph Paasch <christoph.paasch@...ouvain.be>
> 
> When igb_set_interrupt_capability() calls
> igb_reset_interrupt_capability() (e.g., because CONFIG_PCI_MSI is unset),
> num_q_vectors has been set but no vector has yet been allocated.
> 
> igb_reset_interrupt_capability() will then call igb_reset_q_vector,
> which assumes that the vector is allocated. As this is not the case, we
> are accessing a NULL-pointer.
> 
> This patch fixes it by checking that q_vector is indeed different from
> NULL.
> 
> Fixes: 02ef6e1d0b0023 (igb: Fix queue allocation method to accommodate changing during runtime)
> Cc: Carolyn Wyborny <carolyn.wyborny@...el.com>
> Signed-off-by: Christoph Paasch <christoph.paasch@...ouvain.be>
> Tested-by: Jeff Pieper <jeffrey.e.pieper@...el.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com>

Hello Jeff,

shouldn't this one rather be for 'net' instead of 'net-next'? Because
02ef6e1d0b0023 is part of 3.14-rc1.


Cheers,
Christoph


> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> index e8b4f7b..6acf787 100644
> --- a/drivers/net/ethernet/intel/igb/igb_main.c
> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> @@ -1035,6 +1035,12 @@ static void igb_reset_q_vector(struct igb_adapter *adapter, int v_idx)
>  {
>  	struct igb_q_vector *q_vector = adapter->q_vector[v_idx];
>  
> +	/* Coming from igb_set_interrupt_capability, the vectors are not yet
> +	 * allocated. So, q_vector is NULL so we should stop here.
> +	 */
> +	if (!q_vector)
> +		return;
> +
>  	if (q_vector->tx.ring)
>  		adapter->tx_ring[q_vector->tx.ring->queue_index] = NULL;
>  
> -- 
> 1.8.3.1
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists