Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp194453imm; Thu, 21 Jun 2018 16:37:21 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJU+bBb0pRgOiXml/+C9HA66dUKdbz/NdpyKFM+aumH2rvKDZwlibm+EfTMncw9M/lmZuY1 X-Received: by 2002:a65:4241:: with SMTP id d1-v6mr23624735pgq.392.1529624241652; Thu, 21 Jun 2018 16:37:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529624241; cv=none; d=google.com; s=arc-20160816; b=Y4hCnJ3IMnFl87pmiw/JGgkq4f+Y+m5FIJXgX2M0cJicqKsRwlSHOWfV6KTaGT4q0n 834G90GLA/o1onVQZ3r3AkpXlmkZjoOa8k1cE0zwX+7hPvpK2f1DU3vFgXCrWLGq1q55 xzvF2J4JwqeroQVImJrwlcDg/rv5HbwIxpf4zUrRcHDUhaJfPqk6ukUk49+47EJbVE1k iFXL4riO17WeM870veJH203lHyq+5N/C4sHd8uh2fR1j5zaNUHIgH6Fq1Y0SMLJ2ZZK/ SA1ijCqofMHT9vw7KM6RQh2+FBouJJS2nbvBvQvkqU5a1v16XdGuBqnjafLy9HKnyTG4 RCqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=GzXTZN2s6naNL26BfTVBl1E41kNnvnYHrab5sokz8+M=; b=xoiL9iUXwBFTa+j354yVaF/ci3OaUuf6ZVxmBUsx7y/R+MVeN2tP3phz+rvRvPpIoB OTDsnzkBPj8cjSilw7azS9i0ipm6OyZJBRi5LbFyhDpYprf66pM8o4Zr+T0mmvJ9MEpy sqdMeJAvi0p3w4VqqeqkRjYjkC7LPOqleMpWDOojMWWZtli8sZDJaIkss3M+N7FlbwhK 4o6eJGU3CzmK4FyrxASEeLFYG478kZYVLjUDlaMd+dbvbY1pdeuN3NlVIGyPeaM84mKD H/Uh/sdUwOuBsiOPG6ZX9lEqAtnfpft/CzO8+VX5LfFNzqcOBQvoXhaBn22yygdzt24g D/jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cumulusnetworks.com header.s=google header.b=BXmkXzAz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cumulusnetworks.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b7-v6si3292483pls.405.2018.06.21.16.37.07; Thu, 21 Jun 2018 16:37:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cumulusnetworks.com header.s=google header.b=BXmkXzAz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cumulusnetworks.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933453AbeFUXfg (ORCPT + 99 others); Thu, 21 Jun 2018 19:35:36 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:35230 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932686AbeFUXfe (ORCPT ); Thu, 21 Jun 2018 19:35:34 -0400 Received: by mail-wm0-f66.google.com with SMTP id j15-v6so419864wme.0 for ; Thu, 21 Jun 2018 16:35:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=GzXTZN2s6naNL26BfTVBl1E41kNnvnYHrab5sokz8+M=; b=BXmkXzAzNPcXJbRd957IIlm3XIl8OpDPx6dDCjyj7OXo21lKhTOhVWVl5mN4aA/UaN fgCvqt0L1OQ0FyRNNLmOhXxsEUKu7c1MjSpNIhGI1Mzf63SSnVumuHW6XDIR8t2BSoNo DRj7qwmYaT7PVXk1jPDkNkZAAe/k8xnUcQUko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=GzXTZN2s6naNL26BfTVBl1E41kNnvnYHrab5sokz8+M=; b=XALP4EG8LwZ753gztoRbPnE1cddOdELmWsQjlHuKXYiiKKvPi4GNb7ikS5+Zka8tTV KRyG/1pU87tYXfBUATPEXGrCN5Q3ChxywhhcH76a2c8D26vPhpfI8ogwNByiMv/TJdN+ F3oPGCnLGPyN8DNNcYfu5JBfdhSFuBv1bvuBVaCgMCy9TadBcWFop1q1dyRRPqA0V0xN W0NsvPessyesxW56oNMAsYLCI46xVhrz0D2P2UztEckbg9SEPzDej4z0sZaJuLAObQ7G jHkHVA7gSRTPYhaztbfAnOpg4C42V6qO5goxFNQNsXbDjsBn2Ja4qbo+KQKpa5XV+1kg V86Q== X-Gm-Message-State: APt69E2DzObfZY0WiZTJOgLobYf2UXxzviFaiKsisj1YAFP5pGp/QyBW /d/OWcMXUDmIBatLqFT+HAVQbTSW X-Received: by 2002:a1c:a8a:: with SMTP id 132-v6mr6979163wmk.44.1529624133096; Thu, 21 Jun 2018 16:35:33 -0700 (PDT) Received: from [192.168.0.108] (46-10-48-153.ip.btc-net.bg. [46.10.48.153]) by smtp.googlemail.com with ESMTPSA id w13-v6sm963480wrl.20.2018.06.21.16.35.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jun 2018 16:35:32 -0700 (PDT) Subject: Re: [PATCH] net: bridge: fix potential null pointer dereference on return from br_port_get_rtnl() To: David Miller , garrmcnu@gmail.com Cc: netdev@vger.kernel.org, stephen@networkplumber.org, jiri@resnulli.us, bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org References: <20180621201427.4961-1-garrmcnu@gmail.com> <20180622.072056.1223319763674661318.davem@davemloft.net> From: Nikolay Aleksandrov Message-ID: Date: Fri, 22 Jun 2018 02:35:29 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180622.072056.1223319763674661318.davem@davemloft.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/22/2018 01:20 AM, David Miller wrote: > From: Garry McNulty > Date: Thu, 21 Jun 2018 21:14:27 +0100 > >> br_port_get_rtnl() can return NULL if the network device is not a bridge >> port (IFF_BRIDGE_PORT flag not set). br_port_slave_changelink() and >> br_port_fill_slave_info() callbacks dereference this pointer without >> checking. Currently this is not a problem because slave devices always >> set this flag. Add null check in case these conditions ever changye. >> >> Detected by CoverityScan, CID 1339613 ("Dereference null return value") >> >> Signed-off-by: Garry McNulty > > I don't think this is reasonable. > > The bridge code will never, ever, install a slave that doesn't have > that bit set. It's the most fundamental aspect of how these objects > are managed. > +1 This keeps coming up, here's the previous one: https://patchwork.ozlabs.org/patch/896046/ Please do a more thorough check if these conditions can actually occur. In this case, as Dave said, they cannot. To be explicit as with the patch I mentioned above: Nacked-by: Nikolay Aleksandrov You can find more info in my reply to the patch above. Thanks, Nik