From: saeed@kernel.org
To: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org, Ariel Levkovich <lariel@nvidia.com>,
Dan Carpenter <dan.carpenter@oracle.com>,
Saeed Mahameed <saeedm@nvidia.com>
Subject: [net-next 13/15] net/mlx5: Fix dereference on pointer attr after null check
Date: Wed, 30 Sep 2020 21:33:00 -0700 [thread overview]
Message-ID: <20201001043302.48113-14-saeed@kernel.org> (raw)
In-Reply-To: <20201001043302.48113-1-saeed@kernel.org>
From: Ariel Levkovich <lariel@nvidia.com>
When removing a flow from the slow path fdb, a flow attr struct is
allocated for the rule removal process. If the allocation fails the
code prints a warning message but continues with the removal flow
which include dereferencing a pointer which could be null.
Fix this by exiting the function in case the attr allocation failed.
Fixes: c620b772152b ("net/mlx5: Refactor tc flow attributes structure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index f815b0c60a6c..186dc2961000 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -1238,8 +1238,10 @@ mlx5e_tc_unoffload_from_slow_path(struct mlx5_eswitch *esw,
struct mlx5_flow_attr *slow_attr;
slow_attr = mlx5_alloc_flow_attr(MLX5_FLOW_NAMESPACE_FDB);
- if (!slow_attr)
- mlx5_core_warn(flow->priv->mdev, "Unable to unoffload slow path rule\n");
+ if (!slow_attr) {
+ mlx5_core_warn(flow->priv->mdev, "Unable to alloc attr to unoffload slow path rule\n");
+ return;
+ }
memcpy(slow_attr, flow->attr, ESW_FLOW_ATTR_SZ);
slow_attr->action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
--
2.26.2
next prev parent reply other threads:[~2020-10-01 4:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-01 4:32 [pull request][net-next 00/15] mlx5 updates 2020-09-30 saeed
2020-10-01 4:32 ` [net-next 01/15] net/mlx5: DR, Replace the check for valid STE entry saeed
2020-10-01 4:32 ` [net-next 02/15] net/mlx5: DR, Remove unneeded check from source port builder saeed
2020-10-01 4:32 ` [net-next 03/15] net/mlx5: DR, Remove unneeded vlan check from L2 builder saeed
2020-10-01 4:32 ` [net-next 04/15] net/mlx5: DR, Remove unneeded local variable saeed
2020-10-01 4:32 ` [net-next 05/15] net/mlx5: DR, Call ste_builder directly with tag pointer saeed
2020-10-01 4:32 ` [net-next 06/15] net/mlx5: DR, Add support for rule creation with flow source hint saeed
2020-10-01 4:32 ` [net-next 07/15] net/mlx5: E-switch, Use PF num in metadata reg c0 saeed
2020-10-01 4:32 ` [net-next 08/15] net/mlx5: E-switch, Add helper to check egress ACL need saeed
2020-10-01 4:32 ` [net-next 09/15] net/mlx5: E-switch, Use helper function to load unload representor saeed
2020-10-01 4:32 ` [net-next 10/15] net/mlx5: E-switch, Move devlink eswitch ports closer to eswitch saeed
2020-10-01 4:32 ` [net-next 11/15] net/mlx5: E-Switch, Support flow source for local vport saeed
2020-10-01 4:32 ` [net-next 12/15] net/mlx5: Use dma device access helper saeed
2020-10-01 4:33 ` saeed [this message]
2020-10-01 4:33 ` [net-next 14/15] net/mlx5e: Fix a use after free on error in mlx5_tc_ct_shared_counter_get() saeed
2020-10-01 4:33 ` [net-next 15/15] net/mlx5e: Fix potential null pointer dereference saeed
2020-10-01 19:26 ` [pull request][net-next 00/15] mlx5 updates 2020-09-30 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201001043302.48113-14-saeed@kernel.org \
--to=saeed@kernel.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=lariel@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.