| Message ID | 20180814171050.26356-1-tiwai@suse.de |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | hv/netvsc: Fix NULL dereference at single queue mode fallback | expand |
On Tue, 14 Aug 2018 19:10:50 +0200 Takashi Iwai <tiwai@suse.de> wrote: > The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback > to single queue mode") tried to fix the fallback behavior to a single > queue mode, but it changed the function to return zero incorrectly, > while the function should return an object pointer. Eventually this > leads to a NULL dereference at the callers that expect non-NULL > value. > > Fix it by returning the proper net_device object. > > Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") > Cc: <stable@vger.kernel.org> > Signed-off-by: Takashi Iwai <tiwai@suse.de> Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
From: Takashi Iwai <tiwai@suse.de> Date: Tue, 14 Aug 2018 19:10:50 +0200 > The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback > to single queue mode") tried to fix the fallback behavior to a single > queue mode, but it changed the function to return zero incorrectly, > while the function should return an object pointer. Eventually this > leads to a NULL dereference at the callers that expect non-NULL > value. > > Fix it by returning the proper net_device object. > > Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") > Signed-off-by: Takashi Iwai <tiwai@suse.de> Applied and queued up for -stable. Please do not put explicit "CC: stable" notations in networking patches, I queue up and submit networking patches to -stable explicitly. Thank you.
On Tue, 14 Aug 2018 19:29:32 +0200, David Miller wrote: > > From: Takashi Iwai <tiwai@suse.de> > Date: Tue, 14 Aug 2018 19:10:50 +0200 > > > The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback > > to single queue mode") tried to fix the fallback behavior to a single > > queue mode, but it changed the function to return zero incorrectly, > > while the function should return an object pointer. Eventually this > > leads to a NULL dereference at the callers that expect non-NULL > > value. > > > > Fix it by returning the proper net_device object. > > > > Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > Applied and queued up for -stable. > > Please do not put explicit "CC: stable" notations in networking patches, I queue > up and submit networking patches to -stable explicitly. OK, noted for the next time. Thanks! Takashi
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index 408ece27131c..2a5209f23f29 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -1338,7 +1338,7 @@ struct netvsc_device *rndis_filter_device_add(struct hv_device *dev, /* setting up multiple channels failed */ net_device->max_chn = 1; net_device->num_chn = 1; - return 0; + return net_device; err_dev_remv: rndis_filter_device_remove(dev, net_device);
The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") tried to fix the fallback behavior to a single queue mode, but it changed the function to return zero incorrectly, while the function should return an object pointer. Eventually this leads to a NULL dereference at the callers that expect non-NULL value. Fix it by returning the proper net_device object. Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode") Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/net/hyperv/rndis_filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)