Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp468318pxu; Tue, 5 Jan 2021 16:53:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJwdzItmsH8uzzGpLYJidG0t1t916NzX+6e6j4NiYqaL2V7Xd90WrEZq9nD82n+UcssGLI2F X-Received: by 2002:a17:906:8617:: with SMTP id o23mr1321100ejx.274.1609894389164; Tue, 05 Jan 2021 16:53:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609894389; cv=none; d=google.com; s=arc-20160816; b=eRM+RKRMj5N0Z/giPudib1i/ceC1LRZAbTzWMMmiCgcfSor8mpKVnw+hCkgkSLUlOI yCpeRRy1zaetR4LCxwSHBHOaye5/CHNVbRGRF1DBxiUCuC2Q5arpDQPwvyxCFnQ+zDUb FUJbvIWMK01u0EGBdjw4IyqM/rNkJYtQ+qKr94UgsxlExM1KAdxxNliPwzvY6yb9uTJ/ ycuEC8cy5jTHPK5cMNQgeMXzYIBcfMLhRwv2E5XJ834IMhk7+71y+2OqtPlhjHlp4JOs Lt1vqUIxznYPAb6h/Qlxmuuc9hhQcYALP2pqSu/VtZgwinTS28++hubPh0LZOyE1+xVN aNmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=2iEH+G6nWXvX2cMC6KtpJ6YescamWv4xPUmOaJj6X30=; b=w16VOlDrOsFKpy3ZZSkfMVFQtXFJvlTn+8/JR2TcfVR74Px0rdH9ulaTNg0OMalq3E KxDQKAg3K9K7Hs/BPkR3zHqY3JE+wHJ1gbpstSJbxQmc4CTwIy2H7JQl47VDcgZcVpVp jfYfBbJum+wF/Vu0SR7bW1g+M/HDos6pX8RtKVGd+6rz1uhjEtwEt3swbBqDIOd59yyZ KW2Mo9YpwfJvV0L/tXUtkqzMCEGjOW9gShh2HajS0NTuwrQgpLLCGl64P2cX64rUipnu XayQVptNZ5qF2KvuOiaEvfQb2RNkozjGfeuksENA78QoXDZCf7IMHd4vo1yV6QC3pwkn D0qw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y24si314241ejc.613.2021.01.05.16.52.46; Tue, 05 Jan 2021 16:53:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727787AbhAFAvL (ORCPT + 99 others); Tue, 5 Jan 2021 19:51:11 -0500 Received: from shards.monkeyblade.net ([23.128.96.9]:56730 "EHLO mail.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726963AbhAFAvL (ORCPT ); Tue, 5 Jan 2021 19:51:11 -0500 Received: from localhost (unknown [IPv6:2601:601:9f00:477::3d5]) by mail.monkeyblade.net (Postfix) with ESMTPSA id 9B5104CBCE1FD; Tue, 5 Jan 2021 16:50:30 -0800 (PST) Date: Tue, 05 Jan 2021 16:50:30 -0800 (PST) Message-Id: <20210105.165030.1318380667754321276.davem@davemloft.net> To: miaoqinglang@huawei.com Cc: kuba@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] net: qrtr: fix null-ptr-deref in qrtr_ns_remove From: David Miller In-Reply-To: <20210105055754.16486-1-miaoqinglang@huawei.com> References: <20210105055754.16486-1-miaoqinglang@huawei.com> X-Mailer: Mew version 6.8 on Emacs 27.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (mail.monkeyblade.net [0.0.0.0]); Tue, 05 Jan 2021 16:50:30 -0800 (PST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Qinglang Miao Date: Tue, 5 Jan 2021 13:57:54 +0800 > A null-ptr-deref bug is reported by Hulk Robot like this: > -------------- > KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] > Call Trace: > qrtr_ns_remove+0x22/0x40 [ns] > qrtr_proto_fini+0xa/0x31 [qrtr] > __x64_sys_delete_module+0x337/0x4e0 > do_syscall_64+0x34/0x80 > entry_SYSCALL_64_after_hwframe+0x44/0xa9 > RIP: 0033:0x468ded > -------------- > > When qrtr_ns_init fails in qrtr_proto_init, qrtr_ns_remove which would > be called later on would raise a null-ptr-deref because qrtr_ns.workqueue > has been destroyed. > > Fix it by making qrtr_ns_init have a return value and adding a check in > qrtr_proto_init. > > Reported-by: Hulk Robot > Signed-off-by: Qinglang Miao > --- > v1->v2: remove redundant braces for single statement blocks. Applied.