Re: [EXT] [PATCH] net: atlantic: Fix NULL dereference of skb pointer in
From: Даниил Максимов
Date: Wed Dec 06 2023 - 05:15:40 EST
I am sorry for breaking the mailing list and sending my answer only to
Igor, I've never used emails that much. To make it clear, the answer
was: "Hi Igor! No, it hasn't been reproduced in reality because I
don't have any appropriate device."
пн, 4 дек. 2023 г. в 19:06, Igor Russkikh <irusskikh@xxxxxxxxxxx>:
>
>
> Hi Daniil,
>
> > If is_ptp_ring == true in the loop of __aq_ring_xdp_clean function,
> > then a timestamp is stored from a packet in a field of skb object,
> > which is not allocated at the moment of the call (skb == NULL).
> >
> > Generalize aq_ptp_extract_ts and other affected functions so they don't
> > work with struct sk_buff*, but with struct skb_shared_hwtstamps*.
> >
> > Found by Linux Verification Center (linuxtesting.org) with SVACE
>
> Thanks for finding this and working on this.
>
> Have you reproduced it in wild, or this just comes out of static analysis?
>
> I'm asking because looking into the flow you described - it looks like XDP
> mode should immediately fail with null pointer access on any rx traffic.
> But that was never reported.
>
> I will try to debug and validate the fix, but this may take some time.
>
> So for now
>
> Reviewed-by: Igor Russkikh <irusskikh@xxxxxxxxxxx>
>
>
> Thanks
> Igor