| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2f44710b-5f4d-4edb-8b1e-ced6636e2957@gmail.com>
Date: Fri, 21 Feb 2025 20:45:51 +0900
From: Kyungwook Boo <bookyungwook@...il.com>
To: Edward Cree <ecree.xilinx@...il.com>,
Martin Habets <habetsm.xilinx@...il.com>
Cc: netdev@...r.kernel.org, linux-net-drivers@....com,
linux-kernel@...r.kernel.org
Subject: Re: Null-pointer-dereference in ef100_process_design_param()
Hello, Edward,
Thank you for your reply.
On 25. 2. 21. 00:35, Edward Cree wrote:
> On 19/02/2025 10:04, Kyungwook Boo wrote:
> > It seems that a null pointer dereference issue in ef100_process_design_param()
> > can occur due to an uninitialized pointer efx->net_dev.
>
> Yes, your diagnosis looks correct to me.
> Moreover, besides the calls you identify, the function also has calls to
> netif_err() using the same efx->net_dev pointer.
I agree with your finding--I missed that one.
> My preferred solution is to keep ef100_check_design_params() where it is,
> but move the netif_set_tso_max_{size,segs}() calls into
> ef100_probe_netdev(), after the netdevice is allocated, and using the
> values stashed in nic_data; also to replace the netif_err() calls with
> pci_err(). I will develop a patch accordingly.
I was wondering whether the calling condition will be properly maintained when
relocating netif_set_tso_max_{size,segs}().
I’m not entirely sure, but if maintaining this condition is unnecessary or has
already been considered, then your suggestion seems to be the better approach.
Best regards,
Kyungwook Boo
Powered by blists - more mailing lists