linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] qede: fix null pointer dereference on skb on allocation failure
@ 2018-08-01 16:39 Colin King
  2018-08-01 19:03 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Colin King @ 2018-08-01 16:39 UTC (permalink / raw)
  To: Ariel Elior, everest-linux-l2, David S . Miller, netdev
  Cc: kernel-janitors, linux-kernel

From: Colin Ian King <colin.king@canonical.com>

If skb fails to be allocated with the call to build_skb then a
null pointer dereference will occur on the call to skb_reserve.
Fix this by checking for a null skb and returning NULL.

Detected by CoverityScan, CID#1469485 ("Dereference null return value")

Fixes: 8a8633978b84 ("qede: Add build_skb() support.")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/ethernet/qlogic/qede/qede_fp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/qlogic/qede/qede_fp.c b/drivers/net/ethernet/qlogic/qede/qede_fp.c
index 6c702399b801..4b912ff5c0f3 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_fp.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_fp.c
@@ -730,6 +730,8 @@ qede_build_skb(struct qede_rx_queue *rxq,
 
 	buf = page_address(bd->data) + bd->page_offset;
 	skb = build_skb(buf, rxq->rx_buf_seg_size);
+	if (!skb)
+		return NULL;
 
 	skb_reserve(skb, pad);
 	skb_put(skb, len);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] qede: fix null pointer dereference on skb on allocation failure
  2018-08-01 16:39 [PATCH] qede: fix null pointer dereference on skb on allocation failure Colin King
@ 2018-08-01 19:03 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-08-01 19:03 UTC (permalink / raw)
  To: colin.king
  Cc: Ariel.Elior, everest-linux-l2, netdev, kernel-janitors, linux-kernel

From: Colin King <colin.king@canonical.com>
Date: Wed,  1 Aug 2018 17:39:47 +0100

> From: Colin Ian King <colin.king@canonical.com>
> 
> If skb fails to be allocated with the call to build_skb then a
> null pointer dereference will occur on the call to skb_reserve.
> Fix this by checking for a null skb and returning NULL.
> 
> Detected by CoverityScan, CID#1469485 ("Dereference null return value")
> 
> Fixes: 8a8633978b84 ("qede: Add build_skb() support.")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

This is in no way sufficient.

The caller doesn't check the return value, so you're just pushing
the problem one function level up.

In fact, the caller is going to take a reference on the page
whether this returns NULL or not, thus leaking that memory.

The whole call chain needs to be fixed to handle build_skb()
errors, not just this one function.

Thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-08-01 19:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-01 16:39 [PATCH] qede: fix null pointer dereference on skb on allocation failure Colin King
2018-08-01 19:03 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).