A NULL pointer can be returned by in_dev_get(). Thus add
a corresponding check so that a NULL pointer dereference
will be avoided at this place.
Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
Signed-off-by: Xiyu Yang <[email protected]>
Signed-off-by: Xin Tan <[email protected]>
Reviewed-by: Leon Romanovsky <[email protected]>
---
Changes in v2:
- Release rtnl lock when in_dev_get return NULL
Changes in v3:
- Continue the next loop when in_dev_get return NULL
Changes in v4:
- Change commit message
drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/i40iw/i40iw_main.c b/drivers/infiniband/hw/i40iw/i40iw_main.c
index d44cf33df81a..238614370927 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_main.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
@@ -1225,6 +1225,8 @@ static void i40iw_add_ipv4_addr(struct i40iw_device *iwdev)
const struct in_ifaddr *ifa;
idev = in_dev_get(dev);
+ if (!idev)
+ continue;
in_dev_for_each_ifa_rtnl(ifa, idev) {
i40iw_debug(&iwdev->sc_dev, I40IW_DEBUG_CM,
"IP=%pI4, vlan_id=%d, MAC=%pM\n", &ifa->ifa_address,
--
2.7.4
I suggest to reconsider the distribution of mail addresses for subsequent patches.
I would find it more appropriate to put your address in the field “Cc”
while others should probably be specified in the message field “To”.
Regards,
Markus
> Subject: [PATCH v4] infiniband: i40iw: fix a potential NULL pointer dereference
>
> A NULL pointer can be returned by in_dev_get(). Thus add a corresponding check
> so that a NULL pointer dereference will be avoided at this place.
>
> Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
> Signed-off-by: Xiyu Yang <[email protected]>
> Signed-off-by: Xin Tan <[email protected]>
> Reviewed-by: Leon Romanovsky <[email protected]>
> ---
> Changes in v2:
> - Release rtnl lock when in_dev_get return NULL Changes in v3:
> - Continue the next loop when in_dev_get return NULL Changes in v4:
> - Change commit message
>
Thanks! Looks ok.
I believe Leon caught another issue in how rtnl locking scheme is done in this function.
Will fix.
Shiraz
On Mon, Dec 30, 2019 at 10:24:28AM +0800, Xiyu Yang wrote:
> A NULL pointer can be returned by in_dev_get(). Thus add
> a corresponding check so that a NULL pointer dereference
> will be avoided at this place.
>
> Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
> Signed-off-by: Xiyu Yang <[email protected]>
> Signed-off-by: Xin Tan <[email protected]>
> Reviewed-by: Leon Romanovsky <[email protected]>
> ---
> Changes in v2:
> - Release rtnl lock when in_dev_get return NULL
> Changes in v3:
> - Continue the next loop when in_dev_get return NULL
> Changes in v4:
> - Change commit message
>
> drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++
> 1 file changed, 2 insertions(+)
Applied to for-next
And Shiraz, Leon is right, that trylock stuff is completely wrong,
let's fix it.
Jason
> Subject: Re: [PATCH v4] infiniband: i40iw: fix a potential NULL pointer dereference
>
> On Mon, Dec 30, 2019 at 10:24:28AM +0800, Xiyu Yang wrote:
> > A NULL pointer can be returned by in_dev_get(). Thus add a
> > corresponding check so that a NULL pointer dereference will be avoided
> > at this place.
> >
> > Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
> > Signed-off-by: Xiyu Yang <[email protected]>
> > Signed-off-by: Xin Tan <[email protected]>
> > Reviewed-by: Leon Romanovsky <[email protected]>
> > ---
> > Changes in v2:
> > - Release rtnl lock when in_dev_get return NULL Changes in v3:
> > - Continue the next loop when in_dev_get return NULL Changes in v4:
> > - Change commit message
> >
> > drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++
> > 1 file changed, 2 insertions(+)
>
> Applied to for-next
>
> And Shiraz, Leon is right, that trylock stuff is completely wrong, let's fix it.
>
Sure.