* [MPTCP] [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 12:52 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2020-11-09 12:52 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1228 bytes --]
From: Colin Ian King <colin.king(a)canonical.com>
Currently the assignment of pointer net from the sock_net(sk) call
is potentially dereferencing a null pointer sk. sk points to the
same location as pointer msk and msk is being null checked after
the sock_net call. Fix this by calling sock_net after the null
check on pointer msk.
Addresses-Coverity: ("Dereference before null check")
Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
---
net/mptcp/pm_netlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index ed60538df7b2..e76879ea5a30 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
- struct net *net = sock_net(sk);
+ struct net *net;
pr_debug("msk=%p", msk);
if (!msk)
return;
+ net = sock_net(sk);
+
if (inet_sk_state_load(sk) == TCP_CLOSE)
return;
--
2.28.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 12:52 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2020-11-09 12:52 UTC (permalink / raw)
To: Mat Martineau, Matthieu Baerts, David S . Miller, Jakub Kicinski,
Geliang Tang, Paolo Abeni, netdev, mptcp
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Currently the assignment of pointer net from the sock_net(sk) call
is potentially dereferencing a null pointer sk. sk points to the
same location as pointer msk and msk is being null checked after
the sock_net call. Fix this by calling sock_net after the null
check on pointer msk.
Addresses-Coverity: ("Dereference before null check")
Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
net/mptcp/pm_netlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index ed60538df7b2..e76879ea5a30 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
- struct net *net = sock_net(sk);
+ struct net *net;
pr_debug("msk=%p", msk);
if (!msk)
return;
+ net = sock_net(sk);
+
if (inet_sk_state_load(sk) == TCP_CLOSE)
return;
--
2.28.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 12:52 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2020-11-09 12:52 UTC (permalink / raw)
To: Mat Martineau, Matthieu Baerts, David S . Miller, Jakub Kicinski,
Geliang Tang, Paolo Abeni, netdev, mptcp
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Currently the assignment of pointer net from the sock_net(sk) call
is potentially dereferencing a null pointer sk. sk points to the
same location as pointer msk and msk is being null checked after
the sock_net call. Fix this by calling sock_net after the null
check on pointer msk.
Addresses-Coverity: ("Dereference before null check")
Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
net/mptcp/pm_netlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index ed60538df7b2..e76879ea5a30 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
- struct net *net = sock_net(sk);
+ struct net *net;
pr_debug("msk=%p", msk);
if (!msk)
return;
+ net = sock_net(sk);
+
if (inet_sk_state_load(sk) = TCP_CLOSE)
return;
--
2.28.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
2020-11-09 12:52 ` Colin King
(?)
@ 2020-11-11 18:49 ` Mat Martineau
-1 siblings, 0 replies; 12+ messages in thread
From: Mat Martineau @ 2020-11-11 18:49 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1097 bytes --]
On Mon, 9 Nov 2020, Colin King wrote:
> From: Colin Ian King <colin.king(a)canonical.com>
>
> Currently the assignment of pointer net from the sock_net(sk) call
> is potentially dereferencing a null pointer sk. sk points to the
> same location as pointer msk and msk is being null checked after
> the sock_net call. Fix this by calling sock_net after the null
> check on pointer msk.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
> Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
> ---
> net/mptcp/pm_netlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
Hi Colin and Jakub -
I noticed that the follow-up discussion on this patch didn't go to the
netdev list, so patchwork did not get updated.
This patch is superseded by the following, which already has a Reviewed-by
tag from Matthieu:
http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang(a)gmail.com/
Thanks!
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-11 18:49 ` Mat Martineau
0 siblings, 0 replies; 12+ messages in thread
From: Mat Martineau @ 2020-11-11 18:49 UTC (permalink / raw)
To: Colin King, Jakub Kicinski
Cc: Matthieu Baerts, David S . Miller, Geliang Tang, Paolo Abeni,
netdev, mptcp, kernel-janitors, linux-kernel
On Mon, 9 Nov 2020, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently the assignment of pointer net from the sock_net(sk) call
> is potentially dereferencing a null pointer sk. sk points to the
> same location as pointer msk and msk is being null checked after
> the sock_net call. Fix this by calling sock_net after the null
> check on pointer msk.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> net/mptcp/pm_netlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
Hi Colin and Jakub -
I noticed that the follow-up discussion on this patch didn't go to the
netdev list, so patchwork did not get updated.
This patch is superseded by the following, which already has a Reviewed-by
tag from Matthieu:
http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/
Thanks!
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-11 18:49 ` Mat Martineau
0 siblings, 0 replies; 12+ messages in thread
From: Mat Martineau @ 2020-11-11 18:49 UTC (permalink / raw)
To: Colin King, Jakub Kicinski
Cc: Matthieu Baerts, David S . Miller, Geliang Tang, Paolo Abeni,
netdev, mptcp, kernel-janitors, linux-kernel
On Mon, 9 Nov 2020, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently the assignment of pointer net from the sock_net(sk) call
> is potentially dereferencing a null pointer sk. sk points to the
> same location as pointer msk and msk is being null checked after
> the sock_net call. Fix this by calling sock_net after the null
> check on pointer msk.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> net/mptcp/pm_netlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
Hi Colin and Jakub -
I noticed that the follow-up discussion on this patch didn't go to the
netdev list, so patchwork did not get updated.
This patch is superseded by the following, which already has a Reviewed-by
tag from Matthieu:
http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/
Thanks!
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
2020-11-11 18:49 ` Mat Martineau
(?)
@ 2020-11-11 19:23 ` Colin Ian King
-1 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-11 19:23 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1267 bytes --]
On 11/11/2020 18:49, Mat Martineau wrote:
> On Mon, 9 Nov 2020, Colin King wrote:
>
>> From: Colin Ian King <colin.king(a)canonical.com>
>>
>> Currently the assignment of pointer net from the sock_net(sk) call
>> is potentially dereferencing a null pointer sk. sk points to the
>> same location as pointer msk and msk is being null checked after
>> the sock_net call. Fix this by calling sock_net after the null
>> check on pointer msk.
>>
>> Addresses-Coverity: ("Dereference before null check")
>> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
>> Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
>> ---
>> net/mptcp/pm_netlink.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>
> Hi Colin and Jakub -
>
> I noticed that the follow-up discussion on this patch didn't go to the
> netdev list, so patchwork did not get updated.
>
> This patch is superseded by the following, which already has a
> Reviewed-by tag from Matthieu:
>
> http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang(a)gmail.com/
>
>
OK, thanks for letting me know. Good to see it got fixed!
Colin
>
> Thanks!
>
> --
> Mat Martineau
> Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-11 19:23 ` Colin Ian King
0 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-11 19:23 UTC (permalink / raw)
To: Mat Martineau, Jakub Kicinski
Cc: Matthieu Baerts, David S . Miller, Geliang Tang, Paolo Abeni,
netdev, mptcp, kernel-janitors, linux-kernel
On 11/11/2020 18:49, Mat Martineau wrote:
> On Mon, 9 Nov 2020, Colin King wrote:
>
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the assignment of pointer net from the sock_net(sk) call
>> is potentially dereferencing a null pointer sk. sk points to the
>> same location as pointer msk and msk is being null checked after
>> the sock_net call. Fix this by calling sock_net after the null
>> check on pointer msk.
>>
>> Addresses-Coverity: ("Dereference before null check")
>> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> net/mptcp/pm_netlink.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>
> Hi Colin and Jakub -
>
> I noticed that the follow-up discussion on this patch didn't go to the
> netdev list, so patchwork did not get updated.
>
> This patch is superseded by the following, which already has a
> Reviewed-by tag from Matthieu:
>
> http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/
>
>
OK, thanks for letting me know. Good to see it got fixed!
Colin
>
> Thanks!
>
> --
> Mat Martineau
> Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-11 19:23 ` Colin Ian King
0 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-11 19:23 UTC (permalink / raw)
To: Mat Martineau, Jakub Kicinski
Cc: Matthieu Baerts, David S . Miller, Geliang Tang, Paolo Abeni,
netdev, mptcp, kernel-janitors, linux-kernel
On 11/11/2020 18:49, Mat Martineau wrote:
> On Mon, 9 Nov 2020, Colin King wrote:
>
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the assignment of pointer net from the sock_net(sk) call
>> is potentially dereferencing a null pointer sk. sk points to the
>> same location as pointer msk and msk is being null checked after
>> the sock_net call. Fix this by calling sock_net after the null
>> check on pointer msk.
>>
>> Addresses-Coverity: ("Dereference before null check")
>> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> net/mptcp/pm_netlink.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>
> Hi Colin and Jakub -
>
> I noticed that the follow-up discussion on this patch didn't go to the
> netdev list, so patchwork did not get updated.
>
> This patch is superseded by the following, which already has a
> Reviewed-by tag from Matthieu:
>
> http://patchwork.ozlabs.org/project/netdev/patch/078a2ef5bdc4e3b2c25ef852461692001f426495.1604976945.git.geliangtang@gmail.com/
>
>
OK, thanks for letting me know. Good to see it got fixed!
Colin
>
> Thanks!
>
> --
> Mat Martineau
> Intel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 14:57 Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2020-11-09 14:57 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 532 bytes --]
On Mon, Nov 09, 2020 at 02:38:47PM +0000, Colin Ian King wrote:
> On 09/11/2020 14:36, Geliang Tang wrote:
> > Hi Colin,
> >
> > Thanks for your patch. But this bug is reported by Dan Carpenter to MPTCP
> > ML earlier, and I have already sent out a fix in MPTCP ML for review. So
> > your fix is duplicated. I'm sorry.
>
> Oh I missed Dan's fix. No problem, glad it is fixed. :-)
No, I didn't send a fix, just the bug report. I normally don't send
bug reports to the kernel-janitors list.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 12+ messages in thread
* [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 14:38 Colin Ian King
0 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-09 14:38 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]
On 09/11/2020 14:36, Geliang Tang wrote:
> Hi Colin,
>
> Thanks for your patch. But this bug is reported by Dan Carpenter to MPTCP
> ML earlier, and I have already sent out a fix in MPTCP ML for review. So
> your fix is duplicated. I'm sorry.
Oh I missed Dan's fix. No problem, glad it is fixed. :-)
>
> -Geliang
>
> Colin King <colin.king(a)canonical.com> 于2020年11月9日周一 下午8:52写道:
>
>>
>> From: Colin Ian King <colin.king(a)canonical.com>
>>
>> Currently the assignment of pointer net from the sock_net(sk) call
>> is potentially dereferencing a null pointer sk. sk points to the
>> same location as pointer msk and msk is being null checked after
>> the sock_net call. Fix this by calling sock_net after the null
>> check on pointer msk.
>>
>> Addresses-Coverity: ("Dereference before null check")
>> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
>> Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
>> ---
>> net/mptcp/pm_netlink.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
>> index ed60538df7b2..e76879ea5a30 100644
>> --- a/net/mptcp/pm_netlink.c
>> +++ b/net/mptcp/pm_netlink.c
>> @@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
>> struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
>> struct mptcp_sock *msk = entry->sock;
>> struct sock *sk = (struct sock *)msk;
>> - struct net *net = sock_net(sk);
>> + struct net *net;
>>
>> pr_debug("msk=%p", msk);
>>
>> if (!msk)
>> return;
>>
>> + net = sock_net(sk);
>> +
>> if (inet_sk_state_load(sk) == TCP_CLOSE)
>> return;
>>
>> --
>> 2.28.0
>>
^ permalink raw reply [flat|nested] 12+ messages in thread
* [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked.
@ 2020-11-09 14:36 Geliang Tang
0 siblings, 0 replies; 12+ messages in thread
From: Geliang Tang @ 2020-11-09 14:36 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]
Hi Colin,
Thanks for your patch. But this bug is reported by Dan Carpenter to MPTCP
ML earlier, and I have already sent out a fix in MPTCP ML for review. So
your fix is duplicated. I'm sorry.
-Geliang
Colin King <colin.king(a)canonical.com> 于2020年11月9日周一 下午8:52写道:
>
> From: Colin Ian King <colin.king(a)canonical.com>
>
> Currently the assignment of pointer net from the sock_net(sk) call
> is potentially dereferencing a null pointer sk. sk points to the
> same location as pointer msk and msk is being null checked after
> the sock_net call. Fix this by calling sock_net after the null
> check on pointer msk.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
> Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
> ---
> net/mptcp/pm_netlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
> index ed60538df7b2..e76879ea5a30 100644
> --- a/net/mptcp/pm_netlink.c
> +++ b/net/mptcp/pm_netlink.c
> @@ -206,13 +206,15 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
> struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer);
> struct mptcp_sock *msk = entry->sock;
> struct sock *sk = (struct sock *)msk;
> - struct net *net = sock_net(sk);
> + struct net *net;
>
> pr_debug("msk=%p", msk);
>
> if (!msk)
> return;
>
> + net = sock_net(sk);
> +
> if (inet_sk_state_load(sk) == TCP_CLOSE)
> return;
>
> --
> 2.28.0
>
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-11-11 19:24 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-11 19:23 [MPTCP] Re: [PATCH][next] mptcp: fix a dereference of pointer before msk is null checked Colin Ian King
2020-11-11 19:23 ` Colin Ian King
2020-11-11 19:23 ` Colin Ian King
-- strict thread matches above, loose matches on Subject: below --
2020-11-11 18:49 [MPTCP] " Mat Martineau
2020-11-11 18:49 ` Mat Martineau
2020-11-11 18:49 ` Mat Martineau
2020-11-09 14:57 [MPTCP] " Dan Carpenter
2020-11-09 14:38 Colin Ian King
2020-11-09 14:36 Geliang Tang
2020-11-09 12:52 [MPTCP] " Colin King
2020-11-09 12:52 ` Colin King
2020-11-09 12:52 ` Colin King
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.