lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260127180401.69787770@kmaincent-XPS-13-7390>
Date: Tue, 27 Jan 2026 18:04:01 +0100
From: Kory Maincent <kory.maincent@...tlin.com>
To: Zilin Guan <zilin@....edu.cn>
Cc: horms@...nel.org, andrew+netdev@...n.ch, davem@...emloft.net,
 edumazet@...gle.com, jianhao.xu@....edu.cn, kuba@...nel.org,
 linux-kernel@...r.kernel.org, marco.crivellari@...e.com,
 netdev@...r.kernel.org, pabeni@...hat.com, vadim.fedorenko@...ux.dev
Subject: Re: [PATCH net v3 3/3] net: liquidio: Initialize netdev pointer
 before queue setup

On Tue, 27 Jan 2026 15:12:41 +0000
Zilin Guan <zilin@....edu.cn> wrote:

> In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq().
> However, the pointer to this structure is stored in oct->props[i].netdev
> only after the calls to netif_set_real_num_rx_queues() and
> netif_set_real_num_tx_queues().
> 
> If either of these functions fails, setup_nic_devices() returns an error
> without freeing the allocated netdev. Since oct->props[i].netdev is still
> NULL at this point, the cleanup function liquidio_destroy_nic_device()
> will fail to find and free the netdev, resulting in a memory leak.
> 
> Fix this by initializing oct->props[i].netdev before calling the queue
> setup functions. This ensures that the netdev is properly accessible for
> cleanup in case of errors.
> 
> Compile tested only. Issue found using a prototype static analysis tool
> and code review.

I think this patch should be moved before patch 1.
Thanks to Patch 1 we are now cleaning the failing index, but we could face
dereference NULL pointer if we are failing in one of those
netif_set_real_num_rx_queues() and netif_set_real_num_tx_queues() functions.

With this patch moved:
Reviewed-by: Kory Maincent <kory.maincent@...tlin.com>

Thank you!
-- 
Köry Maincent, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ