Re: [PATCH] Convert BUG_ON to WARN_ON in bond_options.c

From: Michael J Dilmore
Date: Wed Jun 21 2017 - 18:27:54 EST

On 21/06/17 22:56, David Miller wrote:

From: Michael D <michael.j.dilmore@xxxxxxxxx>
Date: Wed, 21 Jun 2017 22:41:07 +0100

I don't think you can stop it being dereferenced... you just need to
prevent an attacker from exploiting the null pointer dereference
vulnerability right? And this is done by returning the function right
What's all of this about an "attacker"?

If there is a bug, we dererence a NULL pointer, and we should
fix that bug.

The BUG_ON() helps us see where the problem is while at the
same time stopping the kernel before the NULL deref happens.
Ok this is starting to make sense now - went a bit off track but think my general thinking is ok - i.e. if we return the function with an error code before the dereference then this basically does the same thing as BUG_ON but without crashing the kernel.

Something like:

if (WARN_ON(!new_active_slave) {
netdev_dbg("Can't add new active slave - pointer null");