lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z9K37URcF_hkCTBM@lore-desk>
Date: Thu, 13 Mar 2025 11:48:13 +0100
From: Lorenzo Bianconi <lorenzo@...nel.org>
To: Michal Kubiak <michal.kubiak@...el.com>
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	linux-arm-kernel@...ts.infradead.org,
	linux-mediatek@...ts.infradead.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net: airoha: Validate egress gdm port in
 airoha_ppe_foe_entry_prepare()

> On Wed, Mar 12, 2025 at 05:22:47PM +0100, Lorenzo Bianconi wrote:
> > > On Wed, Mar 12, 2025 at 03:54:21PM +0100, Lorenzo Bianconi wrote:
> > > > > On Wed, Mar 12, 2025 at 12:31:46PM +0100, Lorenzo Bianconi wrote:
> > > > > > The system occasionally crashes dereferencing a NULL pointer when it is
> > > > > > forwarding constant, high load bidirectional traffic.
> 
> [...]
> 
> > > 
> > > > 
> > > > > 
> > > > > > +		if (!eth->ports[i])
> > > > > > +			continue;
> > > > > 
> > > > > Isn't this NULL check redundant?
> > > > > In the second check you compare the table element to a real pointer.
> > > > 
> > > > Can netdev_priv() be NULL? If not, I guess we can remove this check.
> > > 
> > > I guess it shouldn't be NULL since "devm_alloc_etherdev_mqs()" was
> > > called, but I'm not 100% sure if there are any special cases for the "airoha"
> > > driver. Maybe in such cases it would be better to check for the netdev_priv?
> > > Anyway, such checks seem a bit too defensive to me.
> > 
> > the dev pointer can be allocated even outside of airoha_eth driver.
> > This pointer is provided by the flowtable.
> > I guess we can drop the NULL pointer check above, and do something like:
> > 
> > 	if (port && eth->ports[i] == port)
> > 		return 0;
> > 
> > what do you think?
> > 
> > Regards,
> > Lorenzo
> > 
> 
> I think if there's a risk that 'port' can be NULL, it looks like a
> reasonable solution and I'm OK with that.

I guess you are right. I do not think netdev_priv pointer can be NULL since,
even if size_priv is 0, it will just point to the end of the netdevice struct.
I will repost just doing:

	if (eth->ports[i] == port)
		return 0;

Regards,
Lorenzo

> 
> Thanks,
> Michal
> 

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ