| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Mar 2014 15:31:25 +0100
From: Christoph Paasch <christoph.paasch@...ouvain.be>
To: Jeff Kirsher <jeffrey.t.kirsher@...el.com>
Cc: "davem@...emloft.net" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"gospo@...hat.com" <gospo@...hat.com>,
"sassmann@...hat.com" <sassmann@...hat.com>,
Carolyn Wyborny <carolyn.wyborny@...el.com>
Subject: Re: [net-next 15/16] igb: Fix Null-pointer dereference in
igb_reset_q_vector
On 21/03/14 - 12:10:05, Jeff Kirsher wrote:
> From: Christoph Paasch <christoph.paasch@...ouvain.be>
>
> When igb_set_interrupt_capability() calls
> igb_reset_interrupt_capability() (e.g., because CONFIG_PCI_MSI is unset),
> num_q_vectors has been set but no vector has yet been allocated.
>
> igb_reset_interrupt_capability() will then call igb_reset_q_vector,
> which assumes that the vector is allocated. As this is not the case, we
> are accessing a NULL-pointer.
>
> This patch fixes it by checking that q_vector is indeed different from
> NULL.
>
> Fixes: 02ef6e1d0b0023 (igb: Fix queue allocation method to accommodate changing during runtime)
> Cc: Carolyn Wyborny <carolyn.wyborny@...el.com>
> Signed-off-by: Christoph Paasch <christoph.paasch@...ouvain.be>
> Tested-by: Jeff Pieper <jeffrey.e.pieper@...el.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com>
Hello Jeff,
shouldn't this one rather be for 'net' instead of 'net-next'? Because
02ef6e1d0b0023 is part of 3.14-rc1.
Cheers,
Christoph
> ---
> drivers/net/ethernet/intel/igb/igb_main.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> index e8b4f7b..6acf787 100644
> --- a/drivers/net/ethernet/intel/igb/igb_main.c
> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> @@ -1035,6 +1035,12 @@ static void igb_reset_q_vector(struct igb_adapter *adapter, int v_idx)
> {
> struct igb_q_vector *q_vector = adapter->q_vector[v_idx];
>
> + /* Coming from igb_set_interrupt_capability, the vectors are not yet
> + * allocated. So, q_vector is NULL so we should stop here.
> + */
> + if (!q_vector)
> + return;
> +
> if (q_vector->tx.ring)
> adapter->tx_ring[q_vector->tx.ring->queue_index] = NULL;
>
> --
> 1.8.3.1
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists