From: Erez Shitrit <erezsh-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org> To: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> Cc: Honggang Li <honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Roland Dreier <roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, Patrick McHardy <kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>, davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org, Alex Estrin <alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Erez Shitrit <erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, Nicolas Dichtel <nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>, Mahesh Bandewar <maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org, elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Florian Fainelli <f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>, linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org, andrew-g2DYL2Zd6BY@public.gmane.org, Scott Feldman <sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>, alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, "linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Date: Thu, 16 Apr 2015 14:27:59 +0300 [thread overview] Message-ID: <CAAk-MO9Y-k1Rw5OpmXu5eD=qVKNqcyuL6=KxO=MS6T+ujqqmgg@mail.gmail.com> (raw) In-Reply-To: <20150415160623.GA4653-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> On Wed, Apr 15, 2015 at 7:06 PM, Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> wrote: > On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote: >> >>+ /* parent interface */ >> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags)) >> >>+ return dev->ifindex; >> >>+ >> >>+ /* child/vlan interface */ >> >>+ if (!priv->parent) >> >>+ return -1; > >> >Like was said for other drivers, I can't see how parent can be null >> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if. > >> It can, at least for ipoib child interface (AKA "vlan"), you can't >> control the call for that ndo and it can be called before the parent >> was set. > > If the ndo can be called before the netdev private structures are fully > prepared then we have another bug, and returning -1 or 0 is not the right > answer anyhow. > > For safety, fold this into your patch. OK, will do that. > > diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > index 9fad7b5ac8b9..e62b007adf5d 100644 > --- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > +++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > @@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv, > /* MTU will be reset when mcast join happens */ > priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu); > priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu; > + priv->parent = ppriv->dev; > set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags); > > result = ipoib_set_dev_features(priv, ppriv->ca); > @@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv, > goto register_failed; > } > > - priv->parent = ppriv->dev; > - > ipoib_create_debug_files(priv->dev); > > /* RTNL childs don't need proprietary sysfs entries */ -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Erez Shitrit <erezsh@dev.mellanox.co.il> To: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Cc: Honggang Li <honli@redhat.com>, Roland Dreier <roland@kernel.org>, sean.hefty@intel.com, hal.rosenstock@gmail.com, Patrick McHardy <kaber@trash.net>, davem@davemloft.net, Alex Estrin <alex.estrin@intel.com>, Doug Ledford <dledford@redhat.com>, Eric Dumazet <edumazet@google.com>, Erez Shitrit <erezsh@mellanox.com>, Nicolas Dichtel <nicolas.dichtel@6wind.com>, Mahesh Bandewar <maheshb@google.com>, jbenc@redhat.com, ebiederm@xmission.com, elfring@users.sourceforge.net, Florian Fainelli <f.fainelli@gmail.com>, linux@roeck-us.net, andrew@lunn.ch, Scott Feldman <sfeldma@gmail.com>, alexander.h.duyck@intel.com, "linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Date: Thu, 16 Apr 2015 14:27:59 +0300 [thread overview] Message-ID: <CAAk-MO9Y-k1Rw5OpmXu5eD=qVKNqcyuL6=KxO=MS6T+ujqqmgg@mail.gmail.com> (raw) In-Reply-To: <20150415160623.GA4653@obsidianresearch.com> On Wed, Apr 15, 2015 at 7:06 PM, Jason Gunthorpe <jgunthorpe@obsidianresearch.com> wrote: > On Wed, Apr 15, 2015 at 09:17:14AM +0300, Erez Shitrit wrote: >> >>+ /* parent interface */ >> >>+ if (!test_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags)) >> >>+ return dev->ifindex; >> >>+ >> >>+ /* child/vlan interface */ >> >>+ if (!priv->parent) >> >>+ return -1; > >> >Like was said for other drivers, I can't see how parent can be null >> >while IPOIB_FLAG_SUBINTERFACE is set. Drop the last if. > >> It can, at least for ipoib child interface (AKA "vlan"), you can't >> control the call for that ndo and it can be called before the parent >> was set. > > If the ndo can be called before the netdev private structures are fully > prepared then we have another bug, and returning -1 or 0 is not the right > answer anyhow. > > For safety, fold this into your patch. OK, will do that. > > diff --git a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > index 9fad7b5ac8b9..e62b007adf5d 100644 > --- a/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > +++ b/drivers/infiniband/ulp/ipoib/ipoib_vlan.c > @@ -58,6 +58,7 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv, > /* MTU will be reset when mcast join happens */ > priv->dev->mtu = IPOIB_UD_MTU(priv->max_ib_mtu); > priv->mcast_mtu = priv->admin_mtu = priv->dev->mtu; > + priv->parent = ppriv->dev; > set_bit(IPOIB_FLAG_SUBINTERFACE, &priv->flags); > > result = ipoib_set_dev_features(priv, ppriv->ca); > @@ -84,8 +85,6 @@ int __ipoib_vlan_add(struct ipoib_dev_priv *ppriv, struct ipoib_dev_priv *priv, > goto register_failed; > } > > - priv->parent = ppriv->dev; > - > ipoib_create_debug_files(priv->dev); > > /* RTNL childs don't need proprietary sysfs entries */
next prev parent reply other threads:[~2015-04-16 11:27 UTC|newest] Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-04-14 15:20 [PATCH linux-next 0/4] fix possile NULL pointer dereference in ndo_get_iflink callback functions Honggang Li 2015-04-14 15:20 ` Honggang Li 2015-04-14 15:20 ` [PATCH linux-next 1/4] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li [not found] ` <1429024817-21561-2-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2015-04-14 15:34 ` Eric Dumazet 2015-04-14 15:34 ` Eric Dumazet [not found] ` <1429025673.7346.37.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org> 2015-04-14 15:44 ` Honggang LI 2015-04-14 15:44 ` Honggang LI [not found] ` <20150414154422.GB21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org> 2015-04-14 15:49 ` Nicolas Dichtel 2015-04-14 15:49 ` Nicolas Dichtel [not found] ` <552D3723.9050706-pdR9zngts4EAvxtiuMwx3w@public.gmane.org> 2015-04-14 15:53 ` Honggang LI 2015-04-14 15:53 ` Honggang LI [not found] ` <20150414155307.GD21856-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org> 2015-04-14 16:14 ` Eric Dumazet 2015-04-14 16:14 ` Eric Dumazet 2015-04-14 16:01 ` Yann Droneaud 2015-04-14 16:01 ` Yann Droneaud [not found] ` <1429027293.4333.5.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org> 2015-04-14 16:44 ` Nicolas Dichtel 2015-04-14 16:44 ` Nicolas Dichtel 2015-04-14 16:30 ` Erez Shitrit [not found] ` <CAAk-MO-O9sjHQvDfCEuzJJPvUMXJTuRaCzrCkB0xc1DUfK8Aew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2015-04-14 16:46 ` Nicolas Dichtel 2015-04-14 16:46 ` Nicolas Dichtel 2015-04-14 20:41 ` Jason Gunthorpe 2015-04-14 20:41 ` Jason Gunthorpe [not found] ` <20150414204133.GJ7682-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> 2015-04-15 5:24 ` Or Gerlitz 2015-04-15 5:24 ` Or Gerlitz 2015-04-15 5:24 ` Or Gerlitz 2015-04-15 6:17 ` Erez Shitrit 2015-04-15 6:17 ` Erez Shitrit [not found] ` <552E026A.4020200-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org> 2015-04-15 16:06 ` Jason Gunthorpe 2015-04-15 16:06 ` Jason Gunthorpe [not found] ` <20150415160623.GA4653-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> 2015-04-16 11:27 ` Erez Shitrit [this message] 2015-04-16 11:27 ` Erez Shitrit 2015-04-15 5:16 ` Honggang LI 2015-04-15 5:16 ` Honggang LI [not found] ` <20150415051640.GB4881-9l7K0WC0B0wP68cbUhXDDlaTQe2KTcn/@public.gmane.org> 2015-04-15 6:57 ` Honggang LI 2015-04-15 6:57 ` Honggang LI 2015-04-14 15:20 ` [PATCH linux-next 2/4] ipvlan: fix possible NULL pointer dereference in ipvlan_get_iflink Honggang Li [not found] ` <1429024817-21561-1-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2015-04-14 15:20 ` [PATCH linux-next 3/4] macvlan: fix possible NULL pointer dereference in macvlan_dev_get_iflink Honggang Li 2015-04-14 15:20 ` Honggang Li 2015-04-14 15:26 ` Patrick McHardy 2015-04-14 15:32 ` Honggang LI 2015-04-14 15:35 ` Patrick McHardy 2015-04-14 17:47 ` David Miller 2015-04-14 15:35 ` Nicolas Dichtel [not found] ` <552D33B0.6040808-pdR9zngts4EAvxtiuMwx3w@public.gmane.org> 2015-04-14 15:37 ` Andrew Lunn 2015-04-14 15:37 ` Andrew Lunn 2015-04-14 15:46 ` Honggang LI 2015-04-14 16:26 ` [PATCH linux-next v2] infiniband/ipoib: fix possible NULL pointer dereference in ipoib_get_iflink Honggang Li 2015-04-14 16:26 ` Honggang Li [not found] ` <1429028811-29888-1-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2015-04-14 16:26 ` [PATCH] " Honggang Li 2015-04-14 16:26 ` Honggang Li 2015-04-14 15:20 ` [PATCH linux-next 4/4] net/dsa: fix possible NULL pointer dereference in dsa_slave_get_iflink Honggang Li [not found] ` <1429024817-21561-5-git-send-email-honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2015-04-14 15:55 ` Guenter Roeck 2015-04-14 15:55 ` Guenter Roeck
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAAk-MO9Y-k1Rw5OpmXu5eD=qVKNqcyuL6=KxO=MS6T+ujqqmgg@mail.gmail.com' \ --to=erezsh-ldsdmyg8hgv8yrgs2mwiifqbs+8scbdb@public.gmane.org \ --cc=alex.estrin-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \ --cc=alexander.h.duyck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \ --cc=andrew-g2DYL2Zd6BY@public.gmane.org \ --cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \ --cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \ --cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \ --cc=elfring-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \ --cc=erezsh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \ --cc=f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \ --cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \ --cc=honli-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=jbenc-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \ --cc=kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org \ --cc=linux-0h96xk9xTtrk1uMJSBkQmQ@public.gmane.org \ --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=maheshb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \ --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org \ --cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \ --cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \ --cc=sfeldma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.