netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] i40e: Add checking for null for nlmsg_find_attr()
@ 2023-01-25 14:13 Natalia Petrova
  2023-01-25 15:08 ` Simon Horman
                   ` (3 more replies)
  0 siblings, 4 replies; 9+ messages in thread
From: Natalia Petrova @ 2023-01-25 14:13 UTC (permalink / raw)
  To: Jesse Brandeburg
  Cc: Natalia Petrova, Tony Nguyen, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, intel-wired-lan, netdev,
	linux-kernel, lvc-project

The result of nlmsg_find_attr() 'br_spec' is dereferenced in
nla_for_each_nested, but it can take null value in 'nla_find' finction,
which will result in an error.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
---
 drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index b36bf9c3e1e4..ed4be4ffeb09 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -13101,6 +13101,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
 	}
 
 	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
+	if (!br_spec)
+		return -ENOENT;
 
 	nla_for_each_nested(attr, br_spec, rem) {
 		__u16 mode;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-25 14:13 [PATCH] i40e: Add checking for null for nlmsg_find_attr() Natalia Petrova
@ 2023-01-25 15:08 ` Simon Horman
  2023-01-25 20:09 ` [Intel-wired-lan] " Paul Menzel
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 9+ messages in thread
From: Simon Horman @ 2023-01-25 15:08 UTC (permalink / raw)
  To: Natalia Petrova
  Cc: Jesse Brandeburg, Tony Nguyen, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, intel-wired-lan, netdev,
	linux-kernel, lvc-project

On Wed, Jan 25, 2023 at 05:13:28PM +0300, Natalia Petrova wrote:
> The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> nla_for_each_nested, but it can take null value in 'nla_find' finction,
> which will result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> ---
>  drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
> index b36bf9c3e1e4..ed4be4ffeb09 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_main.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
> @@ -13101,6 +13101,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
>  	}
>  
>  	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
> +	if (!br_spec)
> +		return -ENOENT;

Seems fine to me, but I wonder if -EINVAL is more appropriate.
nlh is invalid in this case.

>  
>  	nla_for_each_nested(attr, br_spec, rem) {
>  		__u16 mode;
> -- 
> 2.34.1
> 

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [Intel-wired-lan] [PATCH] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-25 14:13 [PATCH] i40e: Add checking for null for nlmsg_find_attr() Natalia Petrova
  2023-01-25 15:08 ` Simon Horman
@ 2023-01-25 20:09 ` Paul Menzel
  2023-01-30 22:11 ` [PATCH v2] " Natalia Petrova
  2023-02-01  9:06 ` [PATCH v3] " Natalia Petrova
  3 siblings, 0 replies; 9+ messages in thread
From: Paul Menzel @ 2023-01-25 20:09 UTC (permalink / raw)
  To: Natalia Petrova
  Cc: Jesse Brandeburg, lvc-project, intel-wired-lan, linux-kernel,
	Eric Dumazet, Tony Nguyen, netdev, Jakub Kicinski, Paolo Abeni,
	David S. Miller

Dear Natalia,


Thank you for your patch.

Am 25.01.23 um 15:13 schrieb Natalia Petrova:

In the commit message summary, you could use:

Check if nlmsg_find_attr() returns null

> The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> nla_for_each_nested, but it can take null value in 'nla_find' finction,

f*u*nction

> which will result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> ---
>   drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
> index b36bf9c3e1e4..ed4be4ffeb09 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_main.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
> @@ -13101,6 +13101,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
>   	}
>   
>   	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
> +	if (!br_spec)
> +		return -ENOENT;
>   
>   	nla_for_each_nested(attr, br_spec, rem) {
>   		__u16 mode;


Kind regards,

Paul

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [PATCH v2] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-25 14:13 [PATCH] i40e: Add checking for null for nlmsg_find_attr() Natalia Petrova
  2023-01-25 15:08 ` Simon Horman
  2023-01-25 20:09 ` [Intel-wired-lan] " Paul Menzel
@ 2023-01-30 22:11 ` Natalia Petrova
  2023-01-31  5:17   ` Greg Kroah-Hartman
  2023-02-01  9:06 ` [PATCH v3] " Natalia Petrova
  3 siblings, 1 reply; 9+ messages in thread
From: Natalia Petrova @ 2023-01-30 22:11 UTC (permalink / raw)
  To: stable, Greg Kroah-Hartman
  Cc: Natalia Petrova, Jesse Brandeburg, Tony Nguyen, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, lvc-project

The result of nlmsg_find_attr() 'br_spec' is dereferenced in
nla_for_each_nested(), but it can take null value in nla_find() function,
which will result in an error.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> 
was taken into account; return value -ENOENT was changed to -EINVAL.
 drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 53d0083e35da..4626d2a1af91 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -13167,6 +13167,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
 	}
 
 	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
+	if (!br_spec)
+		return -EINVAL;
 
 	nla_for_each_nested(attr, br_spec, rem) {
 		__u16 mode;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH v2] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-30 22:11 ` [PATCH v2] " Natalia Petrova
@ 2023-01-31  5:17   ` Greg Kroah-Hartman
  2023-01-31 16:23     ` Simon Horman
  0 siblings, 1 reply; 9+ messages in thread
From: Greg Kroah-Hartman @ 2023-01-31  5:17 UTC (permalink / raw)
  To: Natalia Petrova
  Cc: stable, Jesse Brandeburg, Tony Nguyen, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, lvc-project

On Tue, Jan 31, 2023 at 01:11:06AM +0300, Natalia Petrova wrote:
> The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> nla_for_each_nested(), but it can take null value in nla_find() function,
> which will result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
> ---
> v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> 
> was taken into account; return value -ENOENT was changed to -EINVAL.
>  drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 

<formletter>

This is not the correct way to submit patches for inclusion in the
stable kernel tree.  Please read:
    https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.

</formletter>

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH v2] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-31  5:17   ` Greg Kroah-Hartman
@ 2023-01-31 16:23     ` Simon Horman
  0 siblings, 0 replies; 9+ messages in thread
From: Simon Horman @ 2023-01-31 16:23 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Natalia Petrova, stable, Jesse Brandeburg, Tony Nguyen,
	David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	intel-wired-lan, netdev, linux-kernel, lvc-project

On Tue, Jan 31, 2023 at 06:17:49AM +0100, Greg Kroah-Hartman wrote:
> On Tue, Jan 31, 2023 at 01:11:06AM +0300, Natalia Petrova wrote:
> > The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> > nla_for_each_nested(), but it can take null value in nla_find() function,
> > which will result in an error.
> > 
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > 
> > Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> > Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> > Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
> > ---
> > v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> 
> > was taken into account; return value -ENOENT was changed to -EINVAL.
> >  drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> 
> <formletter>
> 
> This is not the correct way to submit patches for inclusion in the
> stable kernel tree.  Please read:
>     https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> for how to do this properly.
> 
> </formletter>

Hi Natalia,

offering some friendly guidance here.

It seems to me that the problem you have highlighted is present
in current upstream code, and thus should be addressed there.

If it is considered a bug fix, then it should be targeted at the 'net'
tree. If the patch is accepted, into the release currently being
worked on (v6.2), backporting to older kernels can follow from there.
Otherwise it can be targeted at 'net-next', for inclusion
in the following release (v6.3).

As I think might have been mentioned, elsewhere, for networking
changes, you should indicate the target tree in the subject.
E.g. for net

Subject: [PATCH v3] i40e: Check if nlmsg_find_attr() returns null

The above also incorporates a suggested enhancement to the subject text.

I believe there was also a typo spotted in the patch description:
finction -> function

In all, my suggestion would be to address these problems as a v3.
I do not believe that you need to include stable@vger.kernel.org
or Greg on the recipient list, as the patch would be for 'net'
or 'net-next', not stable.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [PATCH v3] i40e: Add checking for null for nlmsg_find_attr()
  2023-01-25 14:13 [PATCH] i40e: Add checking for null for nlmsg_find_attr() Natalia Petrova
                   ` (2 preceding siblings ...)
  2023-01-30 22:11 ` [PATCH v2] " Natalia Petrova
@ 2023-02-01  9:06 ` Natalia Petrova
  2023-02-02 17:23   ` Tony Nguyen
  2023-02-07 10:48   ` [Intel-wired-lan] " G, GurucharanX
  3 siblings, 2 replies; 9+ messages in thread
From: Natalia Petrova @ 2023-02-01  9:06 UTC (permalink / raw)
  To: Jesse Brandeburg
  Cc: Natalia Petrova, Tony Nguyen, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, intel-wired-lan, netdev,
	linux-kernel, lvc-project

The result of nlmsg_find_attr() 'br_spec' is dereferenced in
nla_for_each_nested(), but it can take NULL value in nla_find() function,
which will result in an error.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
v3: Fixed mailing list.
v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> 
was taken into account; return value -ENOENT was changed to -EINVAL.
 drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 53d0083e35da..4626d2a1af91 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -13167,6 +13167,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
 	}
 
 	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
+	if (!br_spec)
+		return -EINVAL;
 
 	nla_for_each_nested(attr, br_spec, rem) {
 		__u16 mode;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH v3] i40e: Add checking for null for nlmsg_find_attr()
  2023-02-01  9:06 ` [PATCH v3] " Natalia Petrova
@ 2023-02-02 17:23   ` Tony Nguyen
  2023-02-07 10:48   ` [Intel-wired-lan] " G, GurucharanX
  1 sibling, 0 replies; 9+ messages in thread
From: Tony Nguyen @ 2023-02-02 17:23 UTC (permalink / raw)
  To: Natalia Petrova, Jesse Brandeburg
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	intel-wired-lan, netdev, linux-kernel, lvc-project

On 2/1/2023 1:06 AM, Natalia Petrova wrote:
> The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> nla_for_each_nested(), but it can take NULL value in nla_find() function,
> which will result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
> ---

Thanks for the patch. I've applied it, however, for the future if you 
could specify the target tree. Simon mentioned it in v2, but his example 
omitted the tree.

i.e.
[PATCH v3 net] i40e: Add checking for null for nlmsg_find_attr()

Thanks,
Tony

> v3: Fixed mailing list.
> v2: The remark about the error code by Simon Horman <simon.horman@corigine.com>
> was taken into account; return value -ENOENT was changed to -EINVAL.
>   drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
> index 53d0083e35da..4626d2a1af91 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_main.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
> @@ -13167,6 +13167,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
>   	}
>   
>   	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
> +	if (!br_spec)
> +		return -EINVAL;
>   
>   	nla_for_each_nested(attr, br_spec, rem) {
>   		__u16 mode;

^ permalink raw reply	[flat|nested] 9+ messages in thread
* RE: [Intel-wired-lan] [PATCH v3] i40e: Add checking for null for nlmsg_find_attr()
  2023-02-01  9:06 ` [PATCH v3] " Natalia Petrova
  2023-02-02 17:23   ` Tony Nguyen
@ 2023-02-07 10:48   ` G, GurucharanX
  1 sibling, 0 replies; 9+ messages in thread
From: G, GurucharanX @ 2023-02-07 10:48 UTC (permalink / raw)
  To: Natalia Petrova, Brandeburg, Jesse
  Cc: lvc-project, intel-wired-lan, linux-kernel, Eric Dumazet, Nguyen,
	Anthony L, netdev, Jakub Kicinski, Paolo Abeni, David S. Miller



> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of
> Natalia Petrova
> Sent: Wednesday, February 1, 2023 2:36 PM
> To: Brandeburg, Jesse <jesse.brandeburg@intel.com>
> Cc: lvc-project@linuxtesting.org; intel-wired-lan@lists.osuosl.org; Natalia
> Petrova <n.petrova@fintech.ru>; linux-kernel@vger.kernel.org; Eric
> Dumazet <edumazet@google.com>; Nguyen, Anthony L
> <anthony.l.nguyen@intel.com>; netdev@vger.kernel.org; Jakub Kicinski
> <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com>; David S. Miller
> <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH v3] i40e: Add checking for null for
> nlmsg_find_attr()
> 
> The result of nlmsg_find_attr() 'br_spec' is dereferenced in
> nla_for_each_nested(), but it can take NULL value in nla_find() function,
> which will result in an error.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
> Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
> ---
> v3: Fixed mailing list.
> v2: The remark about the error code by Simon Horman
> <simon.horman@corigine.com> was taken into account; return value -
> ENOENT was changed to -EINVAL.
>  drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 

Tested-by: Gurucharan G <gurucharanx.g@intel.com> (A Contingent worker at Intel)

^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-02-07 10:48 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-25 14:13 [PATCH] i40e: Add checking for null for nlmsg_find_attr() Natalia Petrova
2023-01-25 15:08 ` Simon Horman
2023-01-25 20:09 ` [Intel-wired-lan] " Paul Menzel
2023-01-30 22:11 ` [PATCH v2] " Natalia Petrova
2023-01-31  5:17   ` Greg Kroah-Hartman
2023-01-31 16:23     ` Simon Horman
2023-02-01  9:06 ` [PATCH v3] " Natalia Petrova
2023-02-02 17:23   ` Tony Nguyen
2023-02-07 10:48   ` [Intel-wired-lan] " G, GurucharanX

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).