| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jul 2023 17:21:49 +0000
From: "Ertman, David M" <david.m.ertman@...el.com>
To: Simon Horman <simon.horman@...igine.com>, "Nguyen, Anthony L"
<anthony.l.nguyen@...el.com>
CC: "davem@...emloft.net" <davem@...emloft.net>, "kuba@...nel.org"
<kuba@...nel.org>, "pabeni@...hat.com" <pabeni@...hat.com>,
"edumazet@...gle.com" <edumazet@...gle.com>, "netdev@...r.kernel.org"
<netdev@...r.kernel.org>, "daniel.machon@...rochip.com"
<daniel.machon@...rochip.com>, "Buvaneswaran, Sujai"
<sujai.buvaneswaran@...el.com>
Subject: RE: [PATCH net-next 06/10] ice: Flesh out implementation of support
for SRIOV on bonded interface
> -----Original Message-----
> From: Simon Horman <simon.horman@...igine.com>
> Subject: Re: [PATCH net-next 06/10] ice: Flesh out implementation of
> support for SRIOV on bonded interface
>
...
> > +ice_lag_qbuf_recfg(struct ice_hw *hw, struct ice_aqc_cfg_txqs_buf
> *qbuf,
> > + u16 vsi_num, u16 numq, u8 tc)
> > +{
> > + struct ice_q_ctx *q_ctx;
> > + u16 qid, count = 0;
> > + struct ice_pf *pf;
> > + int i;
> > +
> > + pf = hw->back;
> > + for (i = 0; i < numq; i++) {
> > + q_ctx = ice_get_lan_q_ctx(hw, vsi_num, tc, i);
> > + if (q_ctx->q_teid == ICE_INVAL_TEID) {
>
> Hi Tony and Dave,
>
> sorry for not noticing this earlier.
>
> Here q_ctx is dereferenced...
>
> > + dev_dbg(ice_hw_to_dev(hw), "%s queue %d INVAL
> TEID\n",
> > + __func__, i);
> > + continue;
> > + }
> > +
> > + if (!q_ctx || q_ctx->q_handle == ICE_INVAL_Q_HANDLE) {
>
> ...but here it is assumed that q_ctx may be NULL.
>
> Flagged by Smatch.
>
Nice catch Simon!! Thanks for the review!
Fix incoming in V2.
DaveE
> > + dev_dbg(ice_hw_to_dev(hw), "%s queue %d %s\n",
> __func__,
> > + i, q_ctx ? "INVAL Q HANDLE" : "NO Q
> CONTEXT");
> > + continue;
> > + }
> > +
> > + qid = pf->vsi[vsi_num]->txq_map[q_ctx->q_handle];
> > + qbuf->queue_info[count].q_handle = cpu_to_le16(qid);
> > + qbuf->queue_info[count].tc = tc;
> > + qbuf->queue_info[count].q_teid = cpu_to_le32(q_ctx-
> >q_teid);
> > + count++;
> > + }
> > +
> > + return count;
> > +}
>
> ...
Powered by blists - more mailing lists