Re: Null-pointer-dereference in ef100_process_design_param()

From: Kyungwook Boo
Date: Fri Feb 21 2025 - 06:46:05 EST


Hello, Edward,

Thank you for your reply.

On 25. 2. 21. 00:35, Edward Cree wrote:
> On 19/02/2025 10:04, Kyungwook Boo wrote:
> > It seems that a null pointer dereference issue in ef100_process_design_param()
> > can occur due to an uninitialized pointer efx->net_dev.
>
> Yes, your diagnosis looks correct to me.
> Moreover, besides the calls you identify, the function also has calls to
> netif_err() using the same efx->net_dev pointer.

I agree with your finding--I missed that one.

> My preferred solution is to keep ef100_check_design_params() where it is,
> but move the netif_set_tso_max_{size,segs}() calls into
> ef100_probe_netdev(), after the netdevice is allocated, and using the
> values stashed in nic_data; also to replace the netif_err() calls with
> pci_err(). I will develop a patch accordingly.

I was wondering whether the calling condition will be properly maintained when
relocating netif_set_tso_max_{size,segs}().

I’m not entirely sure, but if maintaining this condition is unnecessary or has
already been considered, then your suggestion seems to be the better approach.

Best regards,
Kyungwook Boo