Patch "i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 26 Aug 2023 09:57:07 -0400

This is a note to let you know that I've just added the patch titled

    i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     i40e-fix-potential-null-pointer-dereferencing-of-pf-.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e5862a56ff9a86eccd3ed7ee6ddfd877f30f4ab6
Author: Andrii Staikov <andrii.staikov@xxxxxxxxx>
Date:   Tue Aug 22 15:16:53 2023 -0700

    i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()
    
    [ Upstream commit 9525a3c38accd2e186f52443e35e633e296cc7f5 ]
    
    Add check for pf->vf not being NULL before dereferencing
    pf->vf[vsi->vf_id] in updating VSI filter sync.
    Add a similar check before dereferencing !pf->vf[vsi->vf_id].trusted
    in the condition for clearing promisc mode bit.
    
    Fixes: c87c938f62d8 ("i40e: Add VF VLAN pruning")
    Signed-off-by: Andrii Staikov <andrii.staikov@xxxxxxxxx>
    Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@xxxxxxxxx>
    Tested-by: Rafal Romanowski <rafal.romanowski@xxxxxxxxx>
    Signed-off-by: Tony Nguyen <anthony.l.nguyen@xxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 0e01b1927c1c6..08ccf0024ce1a 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -2615,7 +2615,7 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi)
 			retval = i40e_correct_mac_vlan_filters
 				(vsi, &tmp_add_list, &tmp_del_list,
 				 vlan_filters);
-		else
+		else if (pf->vf)
 			retval = i40e_correct_vf_mac_vlan_filters
 				(vsi, &tmp_add_list, &tmp_del_list,
 				 vlan_filters, pf->vf[vsi->vf_id].trusted);
@@ -2788,7 +2788,8 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi)
 	}
 
 	/* if the VF is not trusted do not do promisc */
-	if ((vsi->type == I40E_VSI_SRIOV) && !pf->vf[vsi->vf_id].trusted) {
+	if (vsi->type == I40E_VSI_SRIOV && pf->vf &&
+	    !pf->vf[vsi->vf_id].trusted) {
 		clear_bit(__I40E_VSI_OVERFLOW_PROMISC, vsi->state);
 		goto out;
 	}






