Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp446945rwb; Sat, 17 Sep 2022 08:03:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6Oe4F0UDr3lVGsylr6GGC490FT8v9XjW1VHSn75qziSlFjvZ8Rq3C8+Pn8/E8ukiDgDx/7 X-Received: by 2002:a17:902:f546:b0:177:ed6b:4696 with SMTP id h6-20020a170902f54600b00177ed6b4696mr4832777plf.171.1663427025437; Sat, 17 Sep 2022 08:03:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663427025; cv=none; d=google.com; s=arc-20160816; b=vQa9ZYqMmd7XdY8DuUcXX56UOZM+qIAMkSEAagS7F4Gfa57LgxrB2At+ujUdooSnDN xhz7FBeTsPsoZM0jpCB/jbMu5uJJPZLWUei9rY7xAeHUKoBsM5uBLstVNOLTcphN4u1+ /LAMzrjMKY0aVT8AMuNvVs0VNia/rD7HN8Bvgidc02h8jkBCjxs1iINXTAjF9QDfDIiV 7v5n7NNlfWQTDPJjzrpGL8f293ZXzGVvknDANIuQjyiRM58ReLY35+sSYHrjEnkDoWq9 d0g5WMmpExtnq1SALv2BALza8TerhDsfhw+soBsVvpzGnza9hQv73G86rVv9uz1D9stb NQcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=bk92PdI3ERQi7sIHszEWMWd2wS3h0FYW0Z700Jx8qdE=; b=eB4oHwZ/a3uQ+rIo3ZQ8QJwV7oQCdLb6lHPVCXu8iN0ZG26yfTLYwxzJkIekgjGG4r LSvha/+ubf5p/uRTFwuvAWM/rQ5cwkxhaNEmnHylr9Uo3BckU5MhgWOCuzaMlb6v765g J+Zrs5EzpAfG79L4ShhS+xVn1A41BZ9Uhjs6A7y3LAy/7E44sLWuLAbJosZK61wkwA1O nkRikk6a2Z1hqqQrkj0Gp4WBXh+LpmJMPuMVBL7EL/ivC/Ct/lBrfO4vhy86ih97owJJ 7QJmLtxAZw5M7ZpWy82IDFrjp9+PvU/8hMVi1ajAcvgbgkq0M5+ZFwzJlA+PlYuKgYfk Ctiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=B7NRRggw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pj14-20020a17090b4f4e00b001fdcbf875e7si6136610pjb.35.2022.09.17.08.03.33; Sat, 17 Sep 2022 08:03:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=B7NRRggw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229722AbiIQOqq (ORCPT + 99 others); Sat, 17 Sep 2022 10:46:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229714AbiIQOqp (ORCPT ); Sat, 17 Sep 2022 10:46:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A19E52F014; Sat, 17 Sep 2022 07:46:44 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3C97D6006F; Sat, 17 Sep 2022 14:46:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CFD9C433C1; Sat, 17 Sep 2022 14:46:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1663426003; bh=u+m67parpHqotFkfVU46xVR6MwSlV6nkzN4kShHzyuo=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=B7NRRggwnRPzoh2kMaOXW4U5PIPn7uji4s38Icx3pBiksgf0IyOrk04esegL7q2e7 lXrDbYKisR3C5WfQKNH3Ed+Yq7F9/KMq9oTebjXHjlt8kbj2npBSNrgqpLp3j9cD6z wSK4MXrRFiKI9WplY06WkIMvZv4zS1TceHAWu+H/m5DcFsNGwH17DrY8ceLh0AvbRc NEn1VHRIGfvLGQOTJfejAls015MceCVUIuCiAKJ5XyIMLOZB2E6NWxSnK4J8+Wk2uW DmbB2G4E1LxUFSNArq7mjbjhlbpC+B3421i8JJK19H63N0nColVfu5XKXIjrwV48dD DoyitLf/yrVYA== Message-ID: Date: Sat, 17 Sep 2022 08:46:42 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: [PATCH v1] net/ipv4/nexthop: check the return value of nexthop_find_by_id() Content-Language: en-US To: Nikolay Aleksandrov , Li Zhong , linux-kernel@vger.kernel.org, netdev@vger.kernel.org Cc: pabeni@redhat.com, kuba@kernel.org, edumazet@google.com, davem@davemloft.net, yoshfuji@linux-ipv6.org References: <20220917023020.3845137-1-floridsleeves@gmail.com> <9974177e-7067-aacd-1c53-7e82616f3c3f@blackwall.org> From: David Ahern In-Reply-To: <9974177e-7067-aacd-1c53-7e82616f3c3f@blackwall.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/17/22 2:29 AM, Nikolay Aleksandrov wrote: > On 17/09/2022 05:30, Li Zhong wrote: >> Check the return value of nexthop_find_by_id(), which could be NULL on >> when not found. So we check to avoid null pointer dereference. >> >> Signed-off-by: Li Zhong >> --- >> net/ipv4/nexthop.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c >> index 853a75a8fbaf..9f91bb78eed5 100644 >> --- a/net/ipv4/nexthop.c >> +++ b/net/ipv4/nexthop.c >> @@ -2445,6 +2445,10 @@ static struct nexthop *nexthop_create_group(struct net *net, >> struct nh_info *nhi; >> >> nhe = nexthop_find_by_id(net, entry[i].id); >> + if (!nhe) { >> + err = -EINVAL; >> + goto out_no_nh; >> + } >> if (!nexthop_get(nhe)) { >> err = -ENOENT; >> goto out_no_nh; > > These are validated in nh_check_attr_group() and should exist at this point. > Since remove_nexthop() should run under rtnl I don't see a way for a nexthop > to disappear after nh_check_attr_group() and before nexthop_create_group(). > exactly. That lookup can't fail because the ids have been validated and all of this is under rtnl preventing nexthop removes.