Message ID | 20230130221106.19267-1-n.petrova@fintech.ru |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2427633wrn; Mon, 30 Jan 2023 14:29:41 -0800 (PST) X-Google-Smtp-Source: AK7set9s5RlnzoFw7KD/jnBr4gjpTuEXvs808r4FykQTjfsrHEPdSlhFJwjuC+fGAjX3bl3TXCQu X-Received: by 2002:a17:90b:4c0b:b0:22c:6e01:2ae2 with SMTP id na11-20020a17090b4c0b00b0022c6e012ae2mr10148795pjb.46.1675117781420; Mon, 30 Jan 2023 14:29:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675117781; cv=none; d=google.com; s=arc-20160816; b=IL5wvW95nX+/v9nvZa/b8858FF8a9DNjUOol1wHNfXfkw7jn63XEZpy3dpSz2yqyQt zY4fHm++I/159hVjSfI76JdWvwTuyGMWxfyS+yt5cmXkLn8zalY/YWrXRyqcbGKqjRuP lQNHZimjPR/zoExqaiQ81WybgeaoZ9ioya++nloCF3vZnx37mZ98tNa4Ksm1vb7T6liM 40l7xRWbW97cx1vZU6UEfBBxXGHBxiBlzI43ZD4uLdIA3vr7/Er3lomT9+08UxOTY2VU 1n8r+hR3rNU7hfqvjC/P3jJIejBJK1lJqGkGuQ+TXGNmr/1bKXbpqJtQqxba868VIyY2 rL1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=k1GMGXiuOhhoT1METS6k/3AbooD3sqGTT+NyAcaFN68=; b=OmWosILzhRYI7rQwrFrHWkt/+ICL9Ca121bUOeI21tM/Bn4Ri5AqUtgketMA3gxCDf 3EumQLcqJtW5zCE6PTJtuACkQJ17Qd+0cXQf0r4u7WElV3NgrxgB2GUWOflhraqY10l8 gmx5uRjY41RZ+fVhZaxe1tKuQV6TYMHR2dUaP7gkN5skJaTmpJG3eaLGCTDNxyM50Mav 8zZqagnC0hkSMl0W1wF3srhM0wnmpf/Xf5gvP8Un9v/Q+4R6CwqlJJukRHd28NxvEEqM zS4TRnJygQd0ma5kHAlwucYz0yotVBB7dRp+g2OjeDO+7qjJ2eIy8+3xVMwN+6o057TS K9Ng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f9-20020a17090a664900b0022c17c80492si9660932pjm.1.2023.01.30.14.29.28; Mon, 30 Jan 2023 14:29:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231190AbjA3WLX (ORCPT <rfc822;maxin.john@gmail.com> + 99 others); Mon, 30 Jan 2023 17:11:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230204AbjA3WLW (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 30 Jan 2023 17:11:22 -0500 Received: from exchange.fintech.ru (e10edge.fintech.ru [195.54.195.159]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 917D730E83; Mon, 30 Jan 2023 14:11:17 -0800 (PST) Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Tue, 31 Jan 2023 01:11:09 +0300 Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Tue, 31 Jan 2023 01:11:09 +0300 From: Natalia Petrova <n.petrova@fintech.ru> To: <stable@vger.kernel.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org> CC: Natalia Petrova <n.petrova@fintech.ru>, Jesse Brandeburg <jesse.brandeburg@intel.com>, Tony Nguyen <anthony.l.nguyen@intel.com>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, <intel-wired-lan@lists.osuosl.org>, <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <lvc-project@linuxtesting.org> Subject: [PATCH v2] i40e: Add checking for null for nlmsg_find_attr() Date: Tue, 31 Jan 2023 01:11:06 +0300 Message-ID: <20230130221106.19267-1-n.petrova@fintech.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230125141328.8479-1-n.petrova@fintech.ru> References: MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.0.253.125] X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru (10.0.10.18) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756004688747310918?= X-GMAIL-MSGID: =?utf-8?q?1756488302603797756?= |
Series |
[v2] i40e: Add checking for null for nlmsg_find_attr()
|
|
Commit Message
Natalia Petrova
Jan. 30, 2023, 10:11 p.m. UTC
The result of nlmsg_find_attr() 'br_spec' is dereferenced in nla_for_each_nested(), but it can take null value in nla_find() function, which will result in an error. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops") Signed-off-by: Natalia Petrova <n.petrova@fintech.ru> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> --- v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> was taken into account; return value -ENOENT was changed to -EINVAL. drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On Tue, Jan 31, 2023 at 01:11:06AM +0300, Natalia Petrova wrote: > The result of nlmsg_find_attr() 'br_spec' is dereferenced in > nla_for_each_nested(), but it can take null value in nla_find() function, > which will result in an error. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops") > Signed-off-by: Natalia Petrova <n.petrova@fintech.ru> > Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> > --- > v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> > was taken into account; return value -ENOENT was changed to -EINVAL. > drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ > 1 file changed, 2 insertions(+) > <formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly. </formletter>
On Tue, Jan 31, 2023 at 06:17:49AM +0100, Greg Kroah-Hartman wrote: > On Tue, Jan 31, 2023 at 01:11:06AM +0300, Natalia Petrova wrote: > > The result of nlmsg_find_attr() 'br_spec' is dereferenced in > > nla_for_each_nested(), but it can take null value in nla_find() function, > > which will result in an error. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops") > > Signed-off-by: Natalia Petrova <n.petrova@fintech.ru> > > Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> > > --- > > v2: The remark about the error code by Simon Horman <simon.horman@corigine.com> > > was taken into account; return value -ENOENT was changed to -EINVAL. > > drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > <formletter> > > This is not the correct way to submit patches for inclusion in the > stable kernel tree. Please read: > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > for how to do this properly. > > </formletter> Hi Natalia, offering some friendly guidance here. It seems to me that the problem you have highlighted is present in current upstream code, and thus should be addressed there. If it is considered a bug fix, then it should be targeted at the 'net' tree. If the patch is accepted, into the release currently being worked on (v6.2), backporting to older kernels can follow from there. Otherwise it can be targeted at 'net-next', for inclusion in the following release (v6.3). As I think might have been mentioned, elsewhere, for networking changes, you should indicate the target tree in the subject. E.g. for net Subject: [PATCH v3] i40e: Check if nlmsg_find_attr() returns null The above also incorporates a suggested enhancement to the subject text. I believe there was also a typo spotted in the patch description: finction -> function In all, my suggestion would be to address these problems as a v3. I do not believe that you need to include stable@vger.kernel.org or Greg on the recipient list, as the patch would be for 'net' or 'net-next', not stable.
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 53d0083e35da..4626d2a1af91 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -13167,6 +13167,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev, } br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); + if (!br_spec) + return -EINVAL; nla_for_each_nested(attr, br_spec, rem) { __u16 mode;