ACK: [SRU] [B] [PATCH 0/2] Fix NULL pointer dereference in netvsc_probe()
Kleber Souza
kleber.souza at canonical.com
Wed Mar 27 17:11:02 UTC 2019
On 3/14/19 6:16 PM, Kai-Heng Feng wrote:
> BugLink: https://bugs.launchpad.net/bugs/1814069
>
> [Impact]
> NULL pointer dereference in netvsc_probe(). Module hv_netvsc is included
> in initramfs, so this blocks the boot process.
>
> For Hyper-V only supports single channel, rndis_filter_device_add()
> bails early and jump to tag "out". Subsequent code calls
> rndis_filter_device_remove() and returns ERR_PTR(ret), where ret is
> 0 (sucess). Because of that, it passes IS_ERR(nvdev) check in
> netvsc_probe() and cause a NULL pointer dereference, as nvdev now is 0:
>
> ...
> if (nvdev->num_chn > 1)
> schedule_work(&nvdev->subchan_work);
>
> [Fix]
> Correctly return net_device at the end of rndis_filter_device_add().
>
> [Test]
> Users report positive result.
>
> [Regression Potenial]
> Low. Trivial change, patches are in upstream sometime.
>
> Stephen Hemminger (1):
> hv/netvsc: fix handling of fallback to single queue mode
>
> Takashi Iwai (1):
> hv/netvsc: Fix NULL dereference at single queue mode fallback
>
> drivers/net/hyperv/rndis_filter.c | 1 +
> 1 file changed, 1 insertion(+)
>
Limited to hv driver, tested by the bug reporter.
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list