Patch "ice: Don't dereference NULL in ice_gnss_read error path" has been added to the 6.3-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 18 Jun 2023 10:11:46 -0400

This is a note to let you know that I've just added the patch titled

    ice: Don't dereference NULL in ice_gnss_read error path

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ice-don-t-dereference-null-in-ice_gnss_read-error-pa.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 88d4bcc23a5f83547dc3a9593063e863d08e0e86
Author: Simon Horman <horms@xxxxxxxxxx>
Date:   Thu May 25 12:52:58 2023 +0200

    ice: Don't dereference NULL in ice_gnss_read error path
    
    [ Upstream commit 05a1308a2e08e4a375bf60eb4c6c057a201d81fc ]
    
    If pf is NULL in ice_gnss_read() then it will be dereferenced
    in the error path by a call to dev_dbg(ice_pf_to_dev(pf), ...).
    
    Avoid this by simply returning in this case.
    If logging is desired an alternate approach might be to
    use pr_err() before returning.
    
    Flagged by Smatch as:
    
      .../ice_gnss.c:196 ice_gnss_read() error: we previously assumed 'pf' could be null (see line 131)
    
    Fixes: 43113ff73453 ("ice: add TTY for GNSS module for E810T device")
    Signed-off-by: Simon Horman <horms@xxxxxxxxxx>
    Reviewed-by: Tariq Toukan <tariqt@xxxxxxxxxx>
    Tested-by: Sunitha Mekala <sunithax.d.mekala@xxxxxxxxx> (A Contingent worker at Intel)
    Signed-off-by: Tony Nguyen <anthony.l.nguyen@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
index bd0ed155e11b6..75c9de675f202 100644
--- a/drivers/net/ethernet/intel/ice/ice_gnss.c
+++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
@@ -96,12 +96,7 @@ static void ice_gnss_read(struct kthread_work *work)
 	int err = 0;
 
 	pf = gnss->back;
-	if (!pf) {
-		err = -EFAULT;
-		goto exit;
-	}
-
-	if (!test_bit(ICE_FLAG_GNSS, pf->flags))
+	if (!pf || !test_bit(ICE_FLAG_GNSS, pf->flags))
 		return;
 
 	hw = &pf->hw;
@@ -159,7 +154,6 @@ static void ice_gnss_read(struct kthread_work *work)
 	free_page((unsigned long)buf);
 requeue:
 	kthread_queue_delayed_work(gnss->kworker, &gnss->read_work, delay);
-exit:
 	if (err)
 		dev_dbg(ice_pf_to_dev(pf), "GNSS failed to read err=%d\n", err);
 }






