hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAAZJ8
--------------------------------
The call trace as below: Call trace: __netdev_alloc_skb+0x8c/0x1e0 ad_lacpdu_send+0x34/0x18c [bonding] ad_tx_machine+0xcc/0x174 [bonding] bond_3ad_state_machine_handler+0x120/0x470 [bonding] process_one_work+0x1d8/0x4e0 worker_thread+0x154/0x420 kthread+0x108/0x150 ret_from_fork+0x10/0x18
It is caused by null pointer dereference in net_rship module. The code path is as follows: ad_lacpdu_send dev_alloc_skb netdev_alloc_skb(NULL, length) // dev is NULL __netdev_alloc_skb(dev, length, GFP_ATOMIC) net_rship_skb_record_dev_rxinfo(skb, dev) // here dereference dev, it is NULL pointer, trigger issue.
So we should add null pointer check to avoid the issue.
Fixes: 64ba5634c4c6 ("net: add some bpf hooks in tcp stack for network numa relationship") Signed-off-by: Liu Jian liujian56@huawei.com --- include/net/net_rship.h | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/include/net/net_rship.h b/include/net/net_rship.h index ad8af5a5cb9b..dda4dd732bd0 100644 --- a/include/net/net_rship.h +++ b/include/net/net_rship.h @@ -222,6 +222,9 @@ static inline void net_rship_skb_record_dev_rxinfo(struct sk_buff *skb, struct n if (gnet_bpf_enabled(GNET_RCV_NIC_NODE)) { struct sched_net_rship_skb *ext = __get_skb_net_rship(skb);
+ if (!dev) + return; + ext->rx_dev_idx = dev->ifindex; ext->rx_dev_net_cookie = dev_net(dev)->net_cookie; }