Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1203302imm; Fri, 22 Jun 2018 12:07:58 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJHZEe4+cNhFfWXoNmno3tBFN7jhpfyNR4fLmj6Yw6kUs1KzKqT1YdA5UdHFHnjOQGXsszg X-Received: by 2002:a63:82c7:: with SMTP id w190-v6mr2528315pgd.172.1529694475779; Fri, 22 Jun 2018 12:07:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529694415; cv=none; d=google.com; s=arc-20160816; b=pIiSqJWuMZuW54822svwukVz6ndO+VVmrxAmcFesWrcIrzQtruWsVg6LHty8Iyxj+K Q3F02J186D1ZJrZPEBpJYQmHg2lhXQIEZgEOK7M4YDTvgjOuIwfhq9ezCPA7+Di8U+0h kGQ702xqkFy/H6i5vvbeXjwh1xm0Q6u8FsuvNaJ+hjiQdaOXdWiB6cK9oC9O4omPn1gF UUPueP+0oio6BF+Bj+kJKiXWelDibJbRz8XFbaJ7OWXmUSzP8Ok6JWR64Pl8NjtTiUQi 2a+XhXlIV6IivwahiQKnRDmcYtwiHFhZgeJAlLSjioMYoAIxP8lc/yx5WJipHi+CxbEN whNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=nlO5I83twLO+Emceqld392FNpdsWCF7e5WpKWesagFQ=; b=GBTslMvYVXYTQJSx1EvV43+ualTwqYM5cOpMUkzPou/5scX+nAmM4xe7xThnnv65Xq /XX3gZJmuT2DZxTt12tL11N4d6mzOZ1R4d+3AGSSFvLJcRJtM9afCTyoaNTmM7e30jrC SRoF+ufz+IrwNc9QXWaaXXqXOV0VR8qaI7drOSGld9ZB3DCKlKHKIrj/KAQ4IbaeHyNA g6aegFA1iu0G+1DS/62QCsEiGI5Wy3fUtyT/cI9KE6AZfhoAJcgGz/1Y86f3mzFkH6TB BYKsQWQM6IvDjzKZmvRt7Af4SSSmbEWreACccvI1hYEjyvh51d2VeU36XvFgrk2bKJZF 1U+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=YUBjx3Yg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p12-v6si9183547pll.142.2018.06.22.12.06.40; Fri, 22 Jun 2018 12:06:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=YUBjx3Yg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934322AbeFVTGB (ORCPT + 99 others); Fri, 22 Jun 2018 15:06:01 -0400 Received: from mail-ua0-f195.google.com ([209.85.217.195]:45380 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751345AbeFVTF5 (ORCPT ); Fri, 22 Jun 2018 15:05:57 -0400 Received: by mail-ua0-f195.google.com with SMTP id k14-v6so4922659uao.12; Fri, 22 Jun 2018 12:05:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nlO5I83twLO+Emceqld392FNpdsWCF7e5WpKWesagFQ=; b=YUBjx3YgfZCFo5R/wNkuY8I/UlAfjJP5T+jlTsl1kcoXfSinm8NskMn2Eh7FXT6g9J Bie6liy8P5GjrbLjUzTdCrOiYHGyyJyoSV9h7F9CtbNiYqDW7Ky21Jn7Yt2yGxlD/Dka 9mrLit35B2P44HtFi9IaJuplBJ3PCR83GV0ev57KS9s28eDZKZSHQ1u9GypNo1fDKR80 NWzlottRFxMGJOWCi8RE9+qtE0G5irnvGy8QWpQFc9JLG1QyD9Ia9d35j0vdZW0wHq6l LSqjXHFng+u4EEg94HbD66KD640VDAZDgzrQIDdCUfAnO2wa/mcUJ5QH3AOr6EKy3y3B EU+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nlO5I83twLO+Emceqld392FNpdsWCF7e5WpKWesagFQ=; b=DE8y4UtySFYsQvQfOC3HRkoH7Zm0ICKkeXpzIpV1NlYGJMksqKYC7hxw/P6xyb8Bo3 cK3RBBnBrQ/Db0SZeNUxzkxw4qoUkZvYSB7n/MoEUDY4JK8RfRnYuuksRzOOSB+w0CF2 xWy9bEjP+I+mifriwOLLMgcAi7rCChTsEVvwymlOVeL/p68j2glHIbEWM6KyQgscq/3p UQdGpSVfXrVS42KQFK/zbc0p7zRhinzOvEUbTspGTPfbwAqoVQv7kKBwnNfEU5YT5rRC KrYRBboBM9QEEUf2KJUz48wlQaj7X7yCopWoAqfWtI067ZlmYPnI+rfxTfYyjFY774HS R/eg== X-Gm-Message-State: APt69E2bDjDetKPSKoa1Bp25pbe6r9iX/vPEyVgpEsYbuWN6kxP44QdO WFS2A+Yu8+NV0iI9U6evD7c2giUe+swOT7/1oA== X-Received: by 2002:a9f:3d21:: with SMTP id l33-v6mr1828972uai.135.1529694356446; Fri, 22 Jun 2018 12:05:56 -0700 (PDT) MIME-Version: 1.0 References: <20180621201427.4961-1-garrmcnu@gmail.com> <20180622.072056.1223319763674661318.davem@davemloft.net> In-Reply-To: From: Garry McNulty Date: Fri, 22 Jun 2018 20:05:45 +0100 Message-ID: Subject: Re: [PATCH] net: bridge: fix potential null pointer dereference on return from br_port_get_rtnl() To: nikolay@cumulusnetworks.com Cc: davem@davemloft.net, netdev@vger.kernel.org, stephen@networkplumber.org, =?UTF-8?B?SmnFmcOtIFDDrXJrbw==?= , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 22 Jun 2018 at 00:35, Nikolay Aleksandrov wrote: > > On 06/22/2018 01:20 AM, David Miller wrote: > > From: Garry McNulty > > Date: Thu, 21 Jun 2018 21:14:27 +0100 > > > >> br_port_get_rtnl() can return NULL if the network device is not a bridge > >> port (IFF_BRIDGE_PORT flag not set). br_port_slave_changelink() and > >> br_port_fill_slave_info() callbacks dereference this pointer without > >> checking. Currently this is not a problem because slave devices always > >> set this flag. Add null check in case these conditions ever changye. > >> > >> Detected by CoverityScan, CID 1339613 ("Dereference null return value") > >> > >> Signed-off-by: Garry McNulty > > > > I don't think this is reasonable. > > > > The bridge code will never, ever, install a slave that doesn't have > > that bit set. It's the most fundamental aspect of how these objects > > are managed. > > > +1 > > This keeps coming up, here's the previous one: > https://patchwork.ozlabs.org/patch/896046/ > > Please do a more thorough check if these conditions can actually occur. > In this case, as Dave said, they cannot. > > To be explicit as with the patch I mentioned above: > Nacked-by: Nikolay Aleksandrov > > You can find more info in my reply to the patch above. > > Thanks, > Nik Thanks for reviewing and for the feedback. Regards Garry