Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp134227imm; Thu, 21 Jun 2018 15:21:56 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIhAHOj7WQAY5SzP9i1BpK3qxmE6KSjn0+3ZGGAvlLbE08Cu9kaBzbARcTuTriKsU4anRp2 X-Received: by 2002:a17:902:7d83:: with SMTP id a3-v6mr892770plm.154.1529619716879; Thu, 21 Jun 2018 15:21:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529619716; cv=none; d=google.com; s=arc-20160816; b=xOyu+uucQCxYlA3Ab7daMPuis7W5sRURR4Me45JI1sMeWL6gkn+MgD6FBOMcPVbMxd O7K0jtqdnVLcXVRqkWki5/jEOkofh2jpvwK8ioqzPNR+J31dzTyqnMQNyGT1mJaksDcW dH1c/MpY2KnvQ6jdv2dMQK/QKavTZj4nPiKJkY7JvpsiohsOoo/wT3WaWGPnOtYmY0Ch B1HxDVeB71dcrOXJb5Hq3HogMF0my355Af2mbgB3S9l6a9hXj9Qiman0zV3CbuDqVxfU njuF5ho69eyK8ZyBYWUvEoxnVf/CriCAm1QJOTO0E6Nj9W3mOH3ljEltTzpaPUzVI3aQ k9Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=t9yWcP8GtEBInphcyCQ2T8GZlOFgUQrI//U5YtZsEho=; b=oBGL7VUzsQnk8d56KZS5CvmKyQNqCsODfjYMqo1hXOKJzazUc6ajKs9ZMTkmC9Iab4 7d+Qge9M+LWflK53deNge5Ng05DcDVeg4LExR8Pq/iK46dmPr061ZOQuu3me96zByfh4 +eF+D/RXCtEPcyKJsgObiSfByFg3epPUNsrRzDouYmSkiT5OxvQfQeyzscEcpvgy/lML QbnLJQ9WDsPz8q/w0tIdAokTNk/ghfRsnnKWgwvittQDvpx1Em2Y/dzxKDVhyoL1FPjm wbBHt94o0uVK8rQgBPEB2lHZ4oNvVe+dMcaqvLdrGs68/sflNsyTWLFli57IYBXSIqQ/ xdBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i86-v6si5846857pfk.146.2018.06.21.15.21.40; Thu, 21 Jun 2018 15:21:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933789AbeFUWVB (ORCPT + 99 others); Thu, 21 Jun 2018 18:21:01 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:38698 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933187AbeFUWU7 (ORCPT ); Thu, 21 Jun 2018 18:20:59 -0400 Received: from localhost (unknown [119.205.93.152]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 03021109771BD; Thu, 21 Jun 2018 15:20:57 -0700 (PDT) Date: Fri, 22 Jun 2018 07:20:56 +0900 (KST) Message-Id: <20180622.072056.1223319763674661318.davem@davemloft.net> To: garrmcnu@gmail.com Cc: netdev@vger.kernel.org, stephen@networkplumber.org, jiri@resnulli.us, nikolay@cumulusnetworks.com, bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: bridge: fix potential null pointer dereference on return from br_port_get_rtnl() From: David Miller In-Reply-To: <20180621201427.4961-1-garrmcnu@gmail.com> References: <20180621201427.4961-1-garrmcnu@gmail.com> X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 21 Jun 2018 15:20:59 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Garry McNulty Date: Thu, 21 Jun 2018 21:14:27 +0100 > br_port_get_rtnl() can return NULL if the network device is not a bridge > port (IFF_BRIDGE_PORT flag not set). br_port_slave_changelink() and > br_port_fill_slave_info() callbacks dereference this pointer without > checking. Currently this is not a problem because slave devices always > set this flag. Add null check in case these conditions ever change. > > Detected by CoverityScan, CID 1339613 ("Dereference null return value") > > Signed-off-by: Garry McNulty I don't think this is reasonable. The bridge code will never, ever, install a slave that doesn't have that bit set. It's the most fundamental aspect of how these objects are managed.