[PATCH net] net: fec: Coverity issue: Dereference null return value
From: wei . fang
Date: Thu Dec 15 2022 - 04:15:29 EST
From: Wei Fang <wei.fang@xxxxxxx>
The build_skb might return a null pointer but there is no check on the
return value in the fec_enet_rx_queue(). So a null pointer dereference
might occur. To avoid this, we check the return value of build_skb. If
the return value is a null pointer, the driver will recycle the page and
update the statistic of ndev. Then jump to rx_processing_done to clear
the status flags of the BD so that the hardware can recycle the BD.
Signed-off-by: Wei Fang <wei.fang@xxxxxxx>
Reviewed-by: Shenwei Wang <Shenwei.wang@xxxxxxx>
---
drivers/net/ethernet/freescale/fec_main.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index 5528b0af82ae..c78aaa780983 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -1674,6 +1674,16 @@ fec_enet_rx_queue(struct net_device *ndev, int budget, u16 queue_id)
* bridging applications.
*/
skb = build_skb(page_address(page), PAGE_SIZE);
+ if (unlikely(!skb)) {
+ page_pool_recycle_direct(rxq->page_pool, page);
+ ndev->stats.rx_packets--;
+ ndev->stats.rx_bytes -= pkt_len;
+ ndev->stats.rx_dropped++;
+
+ netdev_err(ndev, "build_skb failed!\n");
+ goto rx_processing_done;
+ }
+
skb_reserve(skb, data_start);
skb_put(skb, pkt_len - sub_len);
skb_mark_for_recycle(skb);
--
2.25.1