lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Dec 2022 07:42:37 -0800
From:   Alexander Duyck <alexander.duyck@...il.com>
To:     wei.fang@....com
Cc:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, xiaoning.wang@....com, shenwei.wang@....com,
        linux-imx@....com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2 net] net: fec: Coverity issue: Dereference null return value

On Sun, Dec 18, 2022 at 6:31 PM <wei.fang@....com> wrote:
>
> From: Wei Fang <wei.fang@....com>
>
> The build_skb might return a null pointer but there is no check on the
> return value in the fec_enet_rx_queue(). So a null pointer dereference
> might occur. To avoid this, we check the return value of build_skb. If
> the return value is a null pointer, the driver will recycle the page and
> update the statistic of ndev. Then jump to rx_processing_done to clear
> the status flags of the BD so that the hardware can recycle the BD.
>
> Signed-off-by: Wei Fang <wei.fang@....com>
> Reviewed-by: Shenwei Wang <Shenwei.wang@....com>
> ---
> V2 changes:
> 1. Remove rx_packets and rx_bytes counters.
> 2. Use netdev_err_once instead of netdev_err.
> ---
>  drivers/net/ethernet/freescale/fec_main.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
> index 5528b0af82ae..644f3c963730 100644
> --- a/drivers/net/ethernet/freescale/fec_main.c
> +++ b/drivers/net/ethernet/freescale/fec_main.c
> @@ -1674,6 +1674,14 @@ fec_enet_rx_queue(struct net_device *ndev, int budget, u16 queue_id)
>                  * bridging applications.
>                  */
>                 skb = build_skb(page_address(page), PAGE_SIZE);
> +               if (unlikely(!skb)) {
> +                       page_pool_recycle_direct(rxq->page_pool, page);
> +                       ndev->stats.rx_dropped++;
> +
> +                       netdev_err_once(ndev, "build_skb failed!\n");
> +                       goto rx_processing_done;
> +               }
> +
>                 skb_reserve(skb, data_start);
>                 skb_put(skb, pkt_len - sub_len);
>                 skb_mark_for_recycle(skb);


Looks good to me.

Reviewed-by: Alexander Duyck <alexanderduyck@...com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ