| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 May 2020 12:29:08 +0300
From: Maxim Petrov <mmrmaximuzz@...il.com>
To: Giuseppe Cavallaro <peppe.cavallaro@...com>,
Alexandre Torgue <alexandre.torgue@...com>,
Jose Abreu <joabreu@...opsys.com>,
"David S. Miller" <davem@...emloft.net>,
Maxime Coquelin <mcoquelin.stm32@...il.com>
Cc: mmrmaximuzz@...il.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] stmmac: fix pointer check after utilization in
stmmac_interrupt
The paranoidal pointer check in IRQ handler looks very strange - it
really protects us only against bogus drivers which request IRQ line
with null pointer dev_id. However, the code fragment is incorrect
because the dev pointer is used before the actual check. That leads
to undefined behavior thus compilers are free to remove the pointer
check at all.
Signed-off-by: Maxim Petrov <mmrmaximuzz@...il.com>
---
.../net/ethernet/stmicro/stmmac/stmmac_main.c | 20 +++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 565da6498c84..ca08699f5565 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -4070,24 +4070,28 @@ static int stmmac_set_features(struct net_device *netdev,
*/
static irqreturn_t stmmac_interrupt(int irq, void *dev_id)
{
- struct net_device *dev = (struct net_device *)dev_id;
- struct stmmac_priv *priv = netdev_priv(dev);
- u32 rx_cnt = priv->plat->rx_queues_to_use;
- u32 tx_cnt = priv->plat->tx_queues_to_use;
+ u32 rx_cnt;
+ u32 tx_cnt;
u32 queues_count;
u32 queue;
bool xmac;
+ struct stmmac_priv *priv;
+ struct net_device *dev = (struct net_device *)dev_id;
+ if (unlikely(!dev)) {
+ netdev_err(NULL, "%s: invalid dev pointer\n", __func__);
+ return IRQ_NONE;
+ }
+
+ priv = netdev_priv(dev);
+ rx_cnt = priv->plat->rx_queues_to_use;
+ tx_cnt = priv->plat->tx_queues_to_use;
xmac = priv->plat->has_gmac4 || priv->plat->has_xgmac;
queues_count = (rx_cnt > tx_cnt) ? rx_cnt : tx_cnt;
if (priv->irq_wake)
pm_wakeup_event(priv->device, 0);
- if (unlikely(!dev)) {
- netdev_err(priv->dev, "%s: invalid dev pointer\n", __func__);
- return IRQ_NONE;
- }
/* Check if adapter is up */
if (test_bit(STMMAC_DOWN, &priv->state))
base-commit: 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c
--
2.17.1
Powered by blists - more mailing lists