Re: [PATCH] infiniband: i40iw: fix a potential NULL pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 26, 2019 at 10:52:52AM +0800, xiyuyang19@xxxxxxxxxxxx wrote:
> From: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
>
> in_dev_get may return a NULL object. The fix handles the situation
> by adding a check to avoid NULL pointer dereference on idev,
> as pick_local_ipaddrs does.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
> ---
>  drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/infiniband/hw/i40iw/i40iw_main.c b/drivers/infiniband/hw/i40iw/i40iw_main.c
> index d44cf33d..18587cc 100644
> --- a/drivers/infiniband/hw/i40iw/i40iw_main.c
> +++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
> @@ -1225,6 +1225,8 @@ static void i40iw_add_ipv4_addr(struct i40iw_device *iwdev)
>  			const struct in_ifaddr *ifa;
>
>  			idev = in_dev_get(dev);
> +			if (!idev)
> +				return;

1. You forgot to release rtnl lock.
2. The rtnl_trylock()/rtnl_unlock() scheme is wrong in this function.
That lock is global and any devices can take it and prevent from i40iw
to success in rtnl_trylock(), after that in_dev_for_each_ifa_rtnl() will
be incorrect.

>  			in_dev_for_each_ifa_rtnl(ifa, idev) {
>  				i40iw_debug(&iwdev->sc_dev, I40IW_DEBUG_CM,
>  					    "IP=%pI4, vlan_id=%d, MAC=%pM\n", &ifa->ifa_address,
> --
> 2.7.4
>



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux