Patch "qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 26 Mar 2023 19:14:36 -0400

This is a note to let you know that I've just added the patch titled

    qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     qed-qed_sriov-guard-against-null-derefs-from-qed_iov.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 034f966ec1058a31216c77af7c6aaba8d764e6b8
Author: Daniil Tatianin <d-tatianin@xxxxxxxxxxxxxx>
Date:   Thu Mar 16 13:29:21 2023 +0300

    qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    
    [ Upstream commit 25143b6a01d0cc5319edd3de22ffa2578b045550 ]
    
    We have to make sure that the info returned by the helper is valid
    before using it.
    
    Found by Linux Verification Center (linuxtesting.org) with the SVACE
    static analysis tool.
    
    Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust")
    Fixes: 733def6a04bf ("qed*: IOV link control")
    Signed-off-by: Daniil Tatianin <d-tatianin@xxxxxxxxxxxxxx>
    Reviewed-by: Michal Swiatkowski <michal.swiatkowski@xxxxxxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
index 3eb05376e7c3e..bf0ba3855da1d 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
@@ -4378,6 +4378,9 @@ qed_iov_configure_min_tx_rate(struct qed_dev *cdev, int vfid, u32 rate)
 	}
 
 	vf = qed_iov_get_vf_info(QED_LEADING_HWFN(cdev), (u16)vfid, true);
+	if (!vf)
+		return -EINVAL;
+
 	vport_id = vf->vport_id;
 
 	return qed_configure_vport_wfq(cdev, vport_id, rate);
@@ -5124,7 +5127,7 @@ static void qed_iov_handle_trust_change(struct qed_hwfn *hwfn)
 
 		/* Validate that the VF has a configured vport */
 		vf = qed_iov_get_vf_info(hwfn, i, true);
-		if (!vf->vport_instance)
+		if (!vf || !vf->vport_instance)
 			continue;
 
 		memset(&params, 0, sizeof(params));






