lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aSXIJZ3EztBeCfPg@horms.kernel.org>
Date: Tue, 25 Nov 2025 15:15:49 +0000
From: Simon Horman <horms@...nel.org>
To: Alexey Kodanev <aleksei.kodanev@...l-sw.com>
Cc: netdev@...r.kernel.org, Byungho An <bh74.an@...sung.com>,
	Andrew Lunn <andrew+netdev@...n.ch>,
	"David S . Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Girish K S <ks.giri@...sung.com>,
	Siva Reddy <siva.kallam@...sung.com>,
	Vipul Pandya <vipul.pandya@...sung.com>
Subject: Re: [PATCH net] net: sxgbe: fix potential NULL dereference in
 sxgbe_rx()

On Fri, Nov 21, 2025 at 12:38:34PM +0000, Alexey Kodanev wrote:
> Currently, when skb is null, the driver prints an error and then
> dereferences skb on the next line.
> 
> To fix this, let's add a 'break' after the error message to switch
> to sxgbe_rx_refill(), which is similar to the approach taken by the
> other drivers in this particular case, e.g. calxeda with xgmac_rx().
> 
> Found during a code review.
> 
> Fixes: 1edb9ca69e8a ("net: sxgbe: add basic framework for Samsung 10Gb ethernet driver")
> Signed-off-by: Alexey Kodanev <aleksei.kodanev@...l-sw.com>

Thanks Alexey,

I think this is a case where it is hard to know the true effects
without running the system. But I'm assuming that we aren't in
a position to do so. So instead we need to try to reason at
the code level.

>From that perspective I do see that:
1. Without this change there will be a NULL pointer dereference *boob*
2. It seems that the refill logic should work with the proposed solution

So, I do expect this helps.
And I do think it can be accepted without hw testing.
But I do have a lower confidence level than I would if there
was hw testing.

Reviewed-by: Simon Horman <horms@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ