[SRU] [B] [PATCH 0/2] Fix NULL pointer dereference in netvsc_probe()
Kai-Heng Feng
kai.heng.feng at canonical.com
Thu Mar 14 17:16:15 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1814069
[Impact]
NULL pointer dereference in netvsc_probe(). Module hv_netvsc is included
in initramfs, so this blocks the boot process.
For Hyper-V only supports single channel, rndis_filter_device_add()
bails early and jump to tag "out". Subsequent code calls
rndis_filter_device_remove() and returns ERR_PTR(ret), where ret is
0 (sucess). Because of that, it passes IS_ERR(nvdev) check in
netvsc_probe() and cause a NULL pointer dereference, as nvdev now is 0:
...
if (nvdev->num_chn > 1)
schedule_work(&nvdev->subchan_work);
[Fix]
Correctly return net_device at the end of rndis_filter_device_add().
[Test]
Users report positive result.
[Regression Potenial]
Low. Trivial change, patches are in upstream sometime.
Stephen Hemminger (1):
hv/netvsc: fix handling of fallback to single queue mode
Takashi Iwai (1):
hv/netvsc: Fix NULL dereference at single queue mode fallback
drivers/net/hyperv/rndis_filter.c | 1 +
1 file changed, 1 insertion(+)
--
2.17.1
More information about the kernel-team
mailing list