APPLIED: [SRU] [B] [PATCH 0/2] Fix NULL pointer dereference in netvsc_probe()
Khaled Elmously
khalid.elmously at canonical.com
Thu Mar 28 06:17:09 UTC 2019
On 2019-03-15 01:16:15 , Kai-Heng Feng wrote:
> BugLink: https://bugs.launchpad.net/bugs/1814069
>
> [Impact]
> NULL pointer dereference in netvsc_probe(). Module hv_netvsc is included
> in initramfs, so this blocks the boot process.
>
> For Hyper-V only supports single channel, rndis_filter_device_add()
> bails early and jump to tag "out". Subsequent code calls
> rndis_filter_device_remove() and returns ERR_PTR(ret), where ret is
> 0 (sucess). Because of that, it passes IS_ERR(nvdev) check in
> netvsc_probe() and cause a NULL pointer dereference, as nvdev now is 0:
>
> ...
> if (nvdev->num_chn > 1)
> schedule_work(&nvdev->subchan_work);
>
> [Fix]
> Correctly return net_device at the end of rndis_filter_device_add().
>
> [Test]
> Users report positive result.
>
> [Regression Potenial]
> Low. Trivial change, patches are in upstream sometime.
>
> Stephen Hemminger (1):
> hv/netvsc: fix handling of fallback to single queue mode
>
> Takashi Iwai (1):
> hv/netvsc: Fix NULL dereference at single queue mode fallback
>
> drivers/net/hyperv/rndis_filter.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list