Message-ID: <25d3b356-f44e-4b20-a6d8-9c2a3f839182@infradead.org>
Date: Thu, 22 Feb 2024 15:46:34 +0900
From: Geoff Levand <geoff@...radead.org>
To: Dan Carpenter <dan.carpenter@...aro.org>, Simon Horman <horms@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Michael Ellerman <mpe@...erman.id.au>,
 Nicholas Piggin <npiggin@...il.com>,
 Christophe Leroy <christophe.leroy@...roup.eu>,
 "Aneesh Kumar K.V" <aneesh.kumar@...nel.org>,
 "Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>, Jeff Garzik <jeff@...zik.org>,
 netdev@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC net] ps3/gelic: Fix possible NULL pointer dereference

On 2/22/24 03:32, Dan Carpenter wrote:
> This driver is PPC so I have never looked at the code before.  I noticed
> another issue that was introduced last December in commit 3ce4f9c3fbb3
> ("net/ps3_gelic_net: Add gelic_descr structures").
> 
> net/ethernet/toshiba/ps3_gelic_net.c
...
>    375  static int gelic_descr_prepare_rx(struct gelic_card *card,
>    376                                    struct gelic_descr *descr)
>    398          descr->skb = NULL;
>                 ^^^^^^^^^^^^^^^^^^
> NULL
> 
>    399  
>    400          offset = ((unsigned long)descr->skb->data) &
>                                          ^^^^^^^^^^^^
> Dereferenced here.

There is a fix, see '[PATCH v6 net] ps3/gelic: Fix SKB allocation':

  https://lore.kernel.org/netdev/20240221172824.GD722610@kernel.org/T/

-Geoff

Powered by blists - more mailing lists