Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp3097992rdb; Tue, 6 Feb 2024 07:10:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IFQFkZZDOw0flm6gUoMvmJlcpOvzLqZ8460yfY68D1TceZB4mha3buTcJKMhamOG4dqmrb2 X-Received: by 2002:a05:6358:6e8f:b0:176:5990:f3e4 with SMTP id q15-20020a0563586e8f00b001765990f3e4mr3502261rwm.14.1707232249821; Tue, 06 Feb 2024 07:10:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707232249; cv=pass; d=google.com; s=arc-20160816; b=aS41HHdzzclWMEPs0fFbClVxJ/PdwQji+/GHuxsSTv0en1YBCeULkSnn5MNnkiWGSk 2vk6ilyE3SDLEqu7X9TFORzLKPAS60WRJx40EbP7kr9RU8xzzJt4q3ua27h1C+TDE7J3 l8HlywXUp1vSMLFhM9xf0lL9LVuVyoZDdPndOwM1QTEeT9IuO3BbCNocwcSzecbrYOeq zezNFAR1LOvlhu3oCJS2OUfnqAfR1+/Y2MCEBQ5Y1IQvHyVUXluDPWZazR8IGbYH8/XW K0P1eAwqXh5shwzYH0Q31dP1ZwZV0ngm2RzCZ9kwOm3w70Bx8XdeT1psT04AxX5i+RZf 7MAg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=HXy3TC6ZcVxD+5l4tdwqxDy3ePF6Ej3Nr/VSeQx/KBw=; fh=HPj7bviMC+WXygloCvRuRHVS/GgDATqM2KVvALlqBkA=; b=mTBR9iHxmSPJvoumLxUzgESsKVM7aDct9JLG1FPPsvZhK8IEn33QssAQHP7P0WMzJ/ ppS37BXs0CBcWEwk7hnP/vIVrjMZIsY3Rzp+FAw7hM7ad3z/mlIM1za7t4meASYsqu2m ZLdM1wL3MyDtIkCxhKCk3hpuFcCEou0omE6AhfBdFof8aOiZ6bPHy2E4RTYH85uSQ46S xY/PSdXOgHScr9+KQyx+RHaPn5uMLMeasfDGMBMlXHgrj10aTQu88jP52XoSF/l5qayj oirabOJ3pHQCK5WOzio+quF9FN13RG4mNWFTGMUgLfiRnwXYkjYYf+2bM36RmDBUpgac I3Gw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="X1qyTm/0"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-55180-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55180-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=1; AJvYcCVqifD2dbx1i7DCOlfXdcZbnwi1s8JBmEaCnrhiv2loVdT2Jzqv3nUQ/PL/gfxNpg7/oX/UC0jwBjxDIxH/apaNcuX9c2Mr1RT7Owoj1w== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id j15-20020a63230f000000b005dbd7d31184si1813492pgj.225.2024.02.06.07.10.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 07:10:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-55180-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="X1qyTm/0"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-55180-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55180-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8EEE228D887 for ; Tue, 6 Feb 2024 15:09:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B516213474C; Tue, 6 Feb 2024 15:08:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="X1qyTm/0" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC86013328A; Tue, 6 Feb 2024 15:08:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707232120; cv=none; b=Suyrc69GgZ0iysh3tmdT4VUri4Fgsd4zDeurId9ugjdnU+5LmSF91zjZTwlNcRd9YPUoDTctoNWOB9lI16GA2GDgZAsc/+D9mA4xWFeUCn29Ajirvpy5FUI9Y8HE9RGsrjiDXrBY2lWDULGANscX7a5LtgNC+rTV1E+xD+OIjgM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707232120; c=relaxed/simple; bh=y0RNzdVJndYWSP0vGgdOxK1NMGHChFiuRWotjCrpl0Q=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MXVLakBmOB7V2UeMyJ+UNhW+y5gEuBO8ruRI6/Oz2G9dytldbqeVEVjzqxyp9et+Zk72zJ/KbiIFWWpvyRC6izI6b1omhEApQ7YS2rutHGQ5lCHRqP/hvWXSZx++jIHW9pqazWy9i87wAl+IaKo3MaaMnn3JK9GYsXdKjWkiQqY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=X1qyTm/0; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 94A01C433C7; Tue, 6 Feb 2024 15:08:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707232119; bh=y0RNzdVJndYWSP0vGgdOxK1NMGHChFiuRWotjCrpl0Q=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=X1qyTm/0U+yzlb1K9Uzww22xl2BagUxKRr4E8pXRsIdKwRSutYO3C14gDCXxpMJ/d mPOgS/R5rdvmKhQPQqWgN6jB7CDkL8nbolZ2Qy/dVFSlBpc02UqkxXnh7lru3JQ6R+ FHexHrssJkeJ0Fd0gepitxGMeB4XtUeU2WGxGWqZ3zdiPdsxBL08iYXnB8ZViIjSxA dIWYMhwbfW8ZcorLnhgSnUkLUOhsgtkMEZW26ZLWcZm+/Zd/OfuBb1lKum6H/aHwQE L/6ijl3lLIUQXQtXH+qlWsgLKPeSGfGP7TDQBtNzbBsFUoIx0ta5PUN+LzABn/gHKU RmXipacSQ1HGg== Date: Tue, 6 Feb 2024 15:07:04 +0000 From: Simon Horman To: Pavel Sakharov Cc: Alexandre Torgue , Jose Abreu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Maxime Coquelin , netdev@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org, Alexey Khoroshilov Subject: Re: [PATCH] stmmac: Fix incorrect dereference in stmmac_*_interrupt() Message-ID: <20240206150704.GD1104779@kernel.org> References: <20240203150323.1041736-1-p.sakharov@ispras.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240203150323.1041736-1-p.sakharov@ispras.ru> On Sat, Feb 03, 2024 at 06:03:21PM +0300, Pavel Sakharov wrote: > If 'dev' is NULL, the 'priv' variable has an incorrect address when > dereferencing calling netdev_err(). > > Pass 'dev' instead of 'priv->dev" to the function. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Pavel Sakharov Thanks Pavel, I agree with your analysis that this can result in a NULL dereference. And that your proposed fix is good: netdev_err() can handle a NULL dev argument. As this seems to be a fix I suggest it should be for net. And that it should be based on that tree and designated as such in the subject: Subject: [PATCH net] ... Also if it is a fix, it should have a fixes tag. Perhaps this one: Fixes: 8532f613bc78 ("net: stmmac: introduce MSI Interrupt routines for mac, safety, RX & TX") I don't think there is a need to respin for the above, though please keep this in mind when posting Networking patches in future. Looking at the patch above, and stmmac_main.c, it seems that the following functions also suffer from a similar problem: static irqreturn_t stmmac_msi_intr_tx(int irq, void *data) { struct stmmac_tx_queue *tx_q = (struct stmmac_tx_queue *)data; ... dma_conf = container_of(tx_q, struct stmmac_dma_conf, tx_queue[chan]); priv = container_of(dma_conf, struct stmmac_priv, dma_conf); if (unlikely(!data)) { netdev_err(priv->dev, "%s: invalid dev pointer\n", __func__); ... And stmmac_msi_intr_rx(), which follows a similar pattern to stmmac_msi_intr_tx(). I also note that in those functions "invalid dev pointer" seems misleading, perhaps it ought to be "invalid queue" pointer. As these problems seem to all have been introduced at the same time, perhaps it is appropriate to fix them all in one patch? > --- > drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c > index 4727f7be4f86..5ab5148013cd 100644 > --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c > +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c > @@ -5848,7 +5848,7 @@ static irqreturn_t stmmac_mac_interrupt(int irq, void *dev_id) > struct stmmac_priv *priv = netdev_priv(dev); > > if (unlikely(!dev)) { > - netdev_err(priv->dev, "%s: invalid dev pointer\n", __func__); > + netdev_err(dev, "%s: invalid dev pointer\n", __func__); > return IRQ_NONE; > } > > @@ -5868,7 +5868,7 @@ static irqreturn_t stmmac_safety_interrupt(int irq, void *dev_id) > struct stmmac_priv *priv = netdev_priv(dev); > > if (unlikely(!dev)) { > - netdev_err(priv->dev, "%s: invalid dev pointer\n", __func__); > + netdev_err(dev, "%s: invalid dev pointer\n", __func__); > return IRQ_NONE; > } > >