From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Erez Shitrit <erezsh-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
Cc: Honggang Li <honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org,
davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org,
Alex Estrin <alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
Erez Shitrit <erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org,
maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org,
andrew-g2DYL2Zd6BY@public.gmane.org,
sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink
Date: Wed, 15 Apr 2015 10:06:23 -0600 [thread overview]
Message-ID: <20150415160623.GA4653@obsidianresearch.com> (raw)
In-Reply-To: <552E026A.4020200-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote:
> >>+ /* parent interface */
> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags))
> >>+ return dev->ifindex;
> >>+
> >>+ /* child/vlan interface */
> >>+ if (!priv->parent)
> >>+ return -1;
> >Like was said for other drivers, I can't see how parent can be null
> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if.
> It can, at least for ipoib child interface (AKA "vlan"), you can't
> control the call for that ndo and it can be called before the parent
> was set.
If the ndo can be called before the netdev private structures are fully
prepared then we have another bug, and returning -1 or 0 is not the right
answer anyhow.
For safety, fold this into your patch.
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9fad7b5ac8b9..e62b007adf5d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
/* MTU will be reset when mcast join happens */
priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu);
priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu;
+ priv->parent = ppriv->dev;
set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
result = ipoib_set_dev_features(priv, ppriv->ca);
@@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
goto register_failed;
}
- priv->parent = ppriv->dev;
-
ipoib_create_debug_files(priv->dev);
/* RTNL childs don't need proprietary sysfs entries */
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Erez Shitrit <erezsh@dev.mellanox.co.il>
Cc: Honggang Li <honli@redhat.com>, Roland Dreier <roland@kernel.org>,
sean.hefty@intel.com, hal.rosenstock@gmail.com, kaber@trash.net,
davem@davemloft.net, Alex Estrin <alex.estrin@intel.com>,
Doug Ledford <dledford@redhat.com>,
edumazet@google.com, Erez Shitrit <erezsh@mellanox.com>,
nicolas.dichtel@6wind.com, maheshb@google.com, jbenc@redhat.com,
ebiederm@xmission.com, elfring@users.sourceforge.net,
f.fainelli@gmail.com, linux@roeck-us.net, andrew@lunn.ch,
sfeldma@gmail.com, alexander.h.duyck@intel.com,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink
Date: Wed, 15 Apr 2015 10:06:23 -0600 [thread overview]
Message-ID: <20150415160623.GA4653@obsidianresearch.com> (raw)
In-Reply-To: <552E026A.4020200@dev.mellanox.co.il>
On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote:
> >>+ /* parent interface */
> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags))
> >>+ return dev->ifindex;
> >>+
> >>+ /* child/vlan interface */
> >>+ if (!priv->parent)
> >>+ return -1;
> >Like was said for other drivers, I can't see how parent can be null
> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if.
> It can, at least for ipoib child interface (AKA "vlan"), you can't
> control the call for that ndo and it can be called before the parent
> was set.
If the ndo can be called before the netdev private structures are fully
prepared then we have another bug, and returning -1 or 0 is not the right
answer anyhow.
For safety, fold this into your patch.
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
index 9fad7b5ac8b9..e62b007adf5d 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c
@@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
/* MTU will be reset when mcast join happens */
priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu);
priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu;
+ priv->parent = ppriv->dev;
set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags);
result = ipoib_set_dev_features(priv, ppriv->ca);
@@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv,
goto register_failed;
}
- priv->parent = ppriv->dev;
-
ipoib_create_debug_files(priv->dev);
/* RTNL childs don't need proprietary sysfs entries */
next prev parent reply other threads:[~2015-04-15 16:06 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-14 15:20 [PATCH linux-next 0/4] fix possile NULL pointer dereference in ndo_get_iflink callback functions Honggang Li
2015-04-14 15:20 ` Honggang Li
2015-04-14 15:20 ` [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li
[not found] ` <1429024817-21561-2-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:34 ` Eric Dumazet
2015-04-14 15:34 ` Eric Dumazet
[not found] ` <1429025673.7346.37.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-04-14 15:44 ` Honggang LI
2015-04-14 15:44 ` Honggang LI
[not found] ` <20150414154422.GB21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-14 15:49 ` Nicolas Dichtel
2015-04-14 15:49 ` Nicolas Dichtel
[not found] ` <552D3723.9050706-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2015-04-14 15:53 ` Honggang LI
2015-04-14 15:53 ` Honggang LI
[not found] ` <20150414155307.GD21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-14 16:14 ` Eric Dumazet
2015-04-14 16:14 ` Eric Dumazet
2015-04-14 16:01 ` Yann Droneaud
2015-04-14 16:01 ` Yann Droneaud
[not found] ` <1429027293.4333.5.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-04-14 16:44 ` Nicolas Dichtel
2015-04-14 16:44 ` Nicolas Dichtel
2015-04-14 16:30 ` Erez Shitrit
[not found] ` <CAAk-MO-O9sjHQvDfCEuzJJPvUMXJTuRaCzrCkB0xc1DUfK8Aew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-04-14 16:46 ` Nicolas Dichtel
2015-04-14 16:46 ` Nicolas Dichtel
2015-04-14 20:41 ` Jason Gunthorpe
2015-04-14 20:41 ` Jason Gunthorpe
[not found] ` <20150414204133.GJ7682-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-04-15 5:24 ` Or Gerlitz
2015-04-15 5:24 ` Or Gerlitz
2015-04-15 5:24 ` Or Gerlitz
2015-04-15 6:17 ` Erez Shitrit
2015-04-15 6:17 ` Erez Shitrit
[not found] ` <552E026A.4020200-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2015-04-15 16:06 ` Jason Gunthorpe [this message]
2015-04-15 16:06 ` Jason Gunthorpe
[not found] ` <20150415160623.GA4653-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-04-16 11:27 ` Erez Shitrit
2015-04-16 11:27 ` Erez Shitrit
2015-04-15 5:16 ` Honggang LI
2015-04-15 5:16 ` Honggang LI
[not found] ` <20150415051640.GB4881-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org>
2015-04-15 6:57 ` Honggang LI
2015-04-15 6:57 ` Honggang LI
2015-04-14 15:20 ` [PATCH linux-next 2/4] ipvlan: fix possible NULL pointer dereference in ipvlan_get_iflink Honggang Li
[not found] ` <1429024817-21561-1-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:20 ` [PATCH linux-next 3/4] macvlan: fix possible NULL pointer dereference in macvlan_dev_get_iflink Honggang Li
2015-04-14 15:20 ` Honggang Li
2015-04-14 15:26 ` Patrick McHardy
2015-04-14 15:32 ` Honggang LI
2015-04-14 15:35 ` Patrick McHardy
2015-04-14 17:47 ` David Miller
2015-04-14 15:35 ` Nicolas Dichtel
[not found] ` <552D33B0.6040808-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2015-04-14 15:37 ` Andrew Lunn
2015-04-14 15:37 ` Andrew Lunn
2015-04-14 15:46 ` Honggang LI
2015-04-14 16:26 ` [PATCH linux-next v2] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li
2015-04-14 16:26 ` Honggang Li
[not found] ` <1429028811-29888-1-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 16:26 ` [PATCH] " Honggang Li
2015-04-14 16:26 ` Honggang Li
2015-04-14 15:20 ` [PATCH linux-next 4/4] net/dsa: fix possible NULL pointer dereference in dsa_slave_get_iflink Honggang Li
[not found] ` <1429024817-21561-5-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-04-14 15:55 ` Guenter Roeck
2015-04-14 15:55 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150415160623.GA4653@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=andrew-g2DYL2Zd6BY@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=erezsh-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org \
--cc=erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org \
--cc=linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.