lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260113035353.405418-1-kuba@kernel.org>
Date: Mon, 12 Jan 2026 19:53:53 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: daniel@...earbox.net
Cc: Jakub Kicinski <kuba@...nel.org>,
	netdev@...r.kernel.org,
	bpf@...r.kernel.org,
	jordan@...fe.io,
	maciej.fijalkowski@...el.com,
	willemb@...gle.com,
	yangzhenze@...edance.com,
	razor@...ckwall.org,
	dw@...idwei.uk,
	pabeni@...hat.com,
	sdf@...ichev.me,
	wangdongdong.6@...edance.com,
	john.fastabend@...il.com,
	martin.lau@...nel.org,
	magnus.karlsson@...el.com,
	toke@...hat.com,
	davem@...emloft.net
Subject: Re: [net-next,v5,03/16] net: Add lease info to queue-get response

This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least pausible.

For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
    net: Add lease info to queue-get response

This commit populates nested lease info in the queue-get response, returning
the ifindex, queue id with type, and optionally the netns id if the device
resides in a different network namespace.

> diff --git a/net/core/netdev-genl.c b/net/core/netdev-genl.c
> index cd4dc4eef029..002d68f62131 100644
> --- a/net/core/netdev-genl.c
> +++ b/net/core/netdev-genl.c

[ ... ]

> @@ -410,6 +413,37 @@ netdev_nl_queue_fill_one(struct sk_buff *rsp, struct net_device *netdev,
>  		if (nla_put_napi_id(rsp, rxq->napi))
>  			goto nla_put_failure;
>
> +		if (netif_rx_queue_lease_get_owner(&netdev, &lease_q_idx)) {
> +			struct net *net, *peer_net;
> +
> +			nest_lease = nla_nest_start(rsp, NETDEV_A_QUEUE_LEASE);
> +			if (!nest_lease)
> +				goto nla_put_failure;
> +			nest_queue = nla_nest_start(rsp, NETDEV_A_LEASE_QUEUE);
> +			if (!nest_lease)
                            ^^^^^^^^^^

Should this check nest_queue instead of nest_lease? The assignment is to
nest_queue but the check is on nest_lease. If nla_nest_start() fails for
NETDEV_A_LEASE_QUEUE and returns NULL, the check passes because nest_lease
is non-NULL from the previous successful call. This would lead to
nla_nest_end(rsp, nest_queue) being called with a NULL pointer, causing a
NULL pointer dereference when accessing start->nla_len.

> +				goto nla_put_failure;

[ ... ]
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ