| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CO1PR11MB5089C7298CC46861FF41D3E3D61D9@CO1PR11MB5089.namprd11.prod.outlook.com>
Date: Mon, 28 Mar 2022 17:59:35 +0000
From: "Keller, Jacob E" <jacob.e.keller@...el.com>
To: Xiaomeng Tong <xiam0nd.tong@...il.com>,
"Brandeburg, Jesse" <jesse.brandeburg@...el.com>
CC: "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"Raj, Victor" <victor.raj@...el.com>,
"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: RE: [PATCH] ice: ice_sched: fix an incorrect NULL check on list
iterator
> -----Original Message-----
> From: Xiaomeng Tong <xiam0nd.tong@...il.com>
> Sent: Saturday, March 26, 2022 11:44 PM
> To: Brandeburg, Jesse <jesse.brandeburg@...el.com>
> Cc: Nguyen, Anthony L <anthony.l.nguyen@...el.com>; davem@...emloft.net;
> kuba@...nel.org; pabeni@...hat.com; Raj, Victor <victor.raj@...el.com>; intel-
> wired-lan@...ts.osuosl.org; netdev@...r.kernel.org; linux-
> kernel@...r.kernel.org; Xiaomeng Tong <xiam0nd.tong@...il.com>;
> stable@...r.kernel.org
> Subject: [PATCH] ice: ice_sched: fix an incorrect NULL check on list iterator
>
> The bugs are here:
> if (old_agg_vsi_info)
> if (old_agg_vsi_info && !old_agg_vsi_info->tc_bitmap[0]) {
>
> The list iterator value 'old_agg_vsi_info' will *always* be set
> and non-NULL by list_for_each_entry_safe(), so it is incorrect
> to assume that the iterator value will be NULL if the list is
> empty or no element found (in this case, the check
> 'if (old_agg_vsi_info)' will always be true unexpectly).
>
> To fix the bug, use a new variable 'iter' as the list iterator,
> while use the original variable 'old_agg_vsi_info' as a dedicated
> pointer to point to the found element.
>
Yep. This looks correct to me.
Reviewed-by: Jacob Keller <jacob.e.keller@...el.com>
Thanks,
Jake
> Cc: stable@...r.kernel.org
> Fixes: 37c592062b16d ("ice: remove the VSI info from previous agg")
> Signed-off-by: Xiaomeng Tong <xiam0nd.tong@...il.com>
> ---
> drivers/net/ethernet/intel/ice/ice_sched.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/ice/ice_sched.c
> b/drivers/net/ethernet/intel/ice/ice_sched.c
> index 7947223536e3..fba524148a09 100644
> --- a/drivers/net/ethernet/intel/ice/ice_sched.c
> +++ b/drivers/net/ethernet/intel/ice/ice_sched.c
> @@ -2757,6 +2757,7 @@ ice_sched_assoc_vsi_to_agg(struct ice_port_info *pi,
> u32 agg_id,
> u16 vsi_handle, unsigned long *tc_bitmap)
> {
> struct ice_sched_agg_vsi_info *agg_vsi_info, *old_agg_vsi_info = NULL;
> + struct ice_sched_agg_vsi_info *iter;
> struct ice_sched_agg_info *agg_info, *old_agg_info;
> struct ice_hw *hw = pi->hw;
> int status = 0;
> @@ -2774,11 +2775,13 @@ ice_sched_assoc_vsi_to_agg(struct ice_port_info
> *pi, u32 agg_id,
> if (old_agg_info && old_agg_info != agg_info) {
> struct ice_sched_agg_vsi_info *vtmp;
>
> - list_for_each_entry_safe(old_agg_vsi_info, vtmp,
> + list_for_each_entry_safe(iter, vtmp,
> &old_agg_info->agg_vsi_list,
> list_entry)
> - if (old_agg_vsi_info->vsi_handle == vsi_handle)
> + if (iter->vsi_handle == vsi_handle) {
> + old_agg_vsi_info = iter;
> break;
> + }
> }
>
> /* check if entry already exist */
> --
> 2.17.1
Powered by blists - more mailing lists