[PATCH OLK-6.6] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

30 Oct 2024

From: Elena Salomatkina esalomatkina@ispras.ru
stable inclusion
from stable-v6.6.55
commit 0168ab6fbd9e50d20b97486168b604b2ab28a2ca
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRB1
CVE: CVE-2024-50000
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit f25389e779500cf4a59ef9804534237841bce536 ]
In mlx5e_tir_builder_alloc() kvzalloc() may return NULL
which is dereferenced on the next line in a reference
to the modify field.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a6696735d694 ("net/mlx5e: Convert TIR to a dedicated object")
Signed-off-by: Elena Salomatkina esalomatkina@ispras.ru
Reviewed-by: Simon Horman horms@kernel.org
Reviewed-by: Kalesh AP kalesh-anakkur.purayil@broadcom.com
Reviewed-by: Tariq Toukan tariqt@nvidia.com
Reviewed-by: Gal Pressman gal@nvidia.com
Signed-off-by: Saeed Mahameed saeedm@nvidia.com
Signed-off-by: Sasha Levin sashal@kernel.org
Signed-off-by: Li Huafei lihuafei1@huawei.com
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
index d4239e3b3c88..11f724ad90db 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tir.c
@@ -23,6 +23,9 @@ struct mlx5e_tir_builder *mlx5e_tir_builder_alloc(bool modify)
    struct mlx5e_tir_builder *builder;
builder = kvzalloc(sizeof(*builder), GFP_KERNEL);
+	if (!builder)
+		return NULL;
+
    builder->modify = modify;
return builder;
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

[PATCH OLK-6.6] net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()