Received: by 10.213.65.68 with SMTP id h4csp155981imn; Mon, 12 Mar 2018 22:52:06 -0700 (PDT) X-Google-Smtp-Source: AG47ELu7cm3sndLBfqdfCVAe+jUHyp2WjR698Voc0qWOazCuWv9BgI0H0ULQclb+MdvIR8CxCXYF X-Received: by 2002:a17:902:b495:: with SMTP id y21-v6mr6477292plr.313.1520920326801; Mon, 12 Mar 2018 22:52:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520920326; cv=none; d=google.com; s=arc-20160816; b=Rdln4Tc6vbtE7XuAmTgvFbfa18GsQRygBD5om5EC9ugDTXEq9z4pVPr5p1Pqzjbjnc Fm0KqLch50tfQAHP5XLo7F18PEo/KBn777JsTfFjngHQu8a2uIFIXVK9zaOkqzUKoUEq WOVkfecw7wDknxvxADm3Lxgf8+MdWoXhou1qJ2b7dgH7aCVAJ8bJdWw8KrvcniReAemG rOrIIBNS/TykOMBXTOw+CiPziHnHMvXAtTnwc3B+9OIvzaTOnvswonW29stIrJOWXDui 0X7rxFOckU8gBOl7QW+MQysFoRtI02Y58spqdic4J7GxOkVYY24TwycinoUm62bE8bWg aTKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=h3EyMINLDgIJ30qXzp+oT0WYRB4m/ie9bY8DM6YA7jE=; b=sbwZC545X6AoP2Kjnc/kQhHPIKbIuYe/6wzWztlGz5hOMhu9U2i2pQZmbwj3zeNJ0Y ZMe3HjDm8n1TyWTM821+7kKkraCQBzur2PpN+1b9+19gIcddm8MV02SrxrJPgkXqAvOH YZUD/AN2Mv5TpvSuT5OkGIBCjyJlDdmUICk7i1djRDZTaERPGu89qYqUeiW7iJO6puLq FT18nIUlag7gV2UrxDiv8bg4A+Dp3URCZhq/bwDsuLMCrSTGmOg4Lal1Au1DqZtFizZg 38bfMxti079pNEOPxvTTvvv3bFrxePxPyvBCSxi8M4C3gUhFoqMOcvJWl6CqgRvdqW3V EIgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QkK+KRoh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i2si4206065pgc.818.2018.03.12.22.51.51; Mon, 12 Mar 2018 22:52:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QkK+KRoh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751615AbeCMFvA (ORCPT + 99 others); Tue, 13 Mar 2018 01:51:00 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:35677 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751317AbeCMFu6 (ORCPT ); Tue, 13 Mar 2018 01:50:58 -0400 Received: by mail-it0-f65.google.com with SMTP id v194-v6so14656970itb.0; Mon, 12 Mar 2018 22:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=h3EyMINLDgIJ30qXzp+oT0WYRB4m/ie9bY8DM6YA7jE=; b=QkK+KRohAMznXbDL1vVyT4W/smiRnMUsJ61s0JIrmJwUIv8CM9aWy+E222za17zy3D BU0Aqq/m/vbe3VPD8ElG9iw+D8I+lrRe3SNR1RhU3Vnn9++UTMZ3RY+1u8TSp8lPOFn0 ntfYYcckthK7CioKg0bWdp9oIPHt7hoPFcLRP61KLPrigRgdTSPuVphsNn7DMlIii5cJ ypW2Sp+P1gEXDGpMJyUZjKjwZenWVLH55TrA1pumZoXgdJuUKauIBeLfXtvHDtvKQEhy kKYM27MEG5VoZF/FHvvmv7qAqP+q5ivWoV6j0vOt9B+tn748Vcp8BH8MnVGF0/AtF6CH a97A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=h3EyMINLDgIJ30qXzp+oT0WYRB4m/ie9bY8DM6YA7jE=; b=TNnT1o2+O/Gi/HK6xId+t7RRhHn8jSflf3d/EpaViC9JyWnBFcgGJ0CqAGKqEGDKRM A3Op1CbWYpS295TY5sxUdUcZpFmLHBkW3GheGMKQ5T1iN+yX3Mbc/C+8c+jJD0hwWVMh uFAIxIa5Da4r7e9zWg/efdosnB0nGQ0r9fc8OJVHBKcjlheA09jHHBxBnQpnj3wovzUU 5GDnel+TX0QYv+fEv6nUPoEUtuBW8vwSP+wEk3PihyGYOg5vfPGtpHS8QZG/TnK7lwd7 u4ItfaHY3MUA9aU20X3pmYOANg3xFpzCBRLkfnhaPLItSSOTT8gBgZCbGQo+Uu784WSG Z3sA== X-Gm-Message-State: AElRT7Fg2eMhJdHNiusuS5QTgM5KHAmUKuWfXNN4Lzao9/TYoJ+IdaH2 DKAyMHLlqAjyBP7I64ARzDXpSbaI X-Received: by 10.36.34.1 with SMTP id o1mr11463302ito.67.1520920257704; Mon, 12 Mar 2018 22:50:57 -0700 (PDT) Received: from [192.168.86.235] (c-67-180-167-114.hsd1.ca.comcast.net. [67.180.167.114]) by smtp.gmail.com with ESMTPSA id u129sm4620245itb.5.2018.03.12.22.50.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Mar 2018 22:50:56 -0700 (PDT) Subject: Re: [PATCH v2 1/1] net: check before dereferencing netdev_ops during busy poll To: Josh Elsasser , davem@davemloft.net Cc: Greg Kroah-Hartman , Eric Dumazet , Willem de Bruijn , Alexander Potapenko , Cong Wang , Vlad Yasevich , =?UTF-8?Q?Michal_Kube=c4=8dek?= , netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <20180313053248.13654-1-jelsasser@appneta.com> <20180313053248.13654-2-jelsasser@appneta.com> From: Eric Dumazet Message-ID: <1e992840-bf36-aa86-791e-8910a2aab7a5@gmail.com> Date: Mon, 12 Mar 2018 22:50:54 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180313053248.13654-2-jelsasser@appneta.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/12/2018 10:32 PM, Josh Elsasser wrote: > init_dummy_netdev() leaves its netdev_ops pointer zeroed. This leads > to a NULL pointer dereference when sk_busy_loop fires against an iwlwifi > wireless adapter and checks napi->dev->netdev_ops->ndo_busy_poll. > > Avoid this by ensuring napi->dev->netdev_ops is valid before following > the pointer, avoiding the following panic when busy polling on a dummy > netdev: > > > Fixes: 060212928670 ("net: add low latency socket poll") > Fixes: ce6aea93f751 ("net: network drivers no longer need to implement ndo_busy_poll()") - 4.9.y > Signed-off-by: Josh Elsasser > --- > net/core/dev.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 8898618bf341..1f50c131ed15 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -5042,7 +5042,10 @@ bool sk_busy_loop(struct sock *sk, int nonblock) > goto out; > > /* Note: ndo_busy_poll method is optional in linux-4.5 */ > - busy_poll = napi->dev->netdev_ops->ndo_busy_poll; > + if (napi->dev->netdev_ops) > + busy_poll = napi->dev->netdev_ops->ndo_busy_poll; > + else > + busy_poll = NULL; > > do { > rc = 0; > We could instead setup a non NULL netdev_ops pointer on these 'dummy' devices to not add a check in fast path, but I presume we do not really care since this fix is for old kernels, and considering how long it took to discover this bug. Reviewed-by: Eric Dumazet