Re: [PATCH net-next v2 3/3] net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
From: Malladi, Meghana
Date: Fri Mar 28 2025 - 02:22:33 EST
On 3/25/2025 11:18 PM, Jakub Kicinski wrote:
On Fri, 21 Mar 2025 13:43:13 +0530 Meghana Malladi wrote:
Whenever there is a perout request from the user application,
kernel receives req structure containing the configuration info
for that req.
This doesn't really explain the condition under which the bug triggers.
Presumably when user request comes in req is never NULL?
You are right, I have looked into what would trigger this bug but seems
like user request can never be NULL, but the contents inside the req can
be invalid, but that is already being handled by the kernel. So this bug
fix makes no sense and I will be dropping this patch for v3. Thanks.
Add NULL pointer handling for perout request if
that req struct points to NULL.
Fixes: e5b456a14215 ("net: ti: icss-iep: Add pwidth configuration for perout signal")
Signed-off-by: Meghana Malladi <m-malladi@xxxxxx>
Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
---
Changes from v1(v2-v1):
- Collected RB tag from Simon Horman <horms@xxxxxxxxxx>
drivers/net/ethernet/ti/icssg/icss_iep.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/ti/icssg/icss_iep.c b/drivers/net/ethernet/ti/icssg/icss_iep.c
index b4a34c57b7b4..aeebdc4c121e 100644
--- a/drivers/net/ethernet/ti/icssg/icss_iep.c
+++ b/drivers/net/ethernet/ti/icssg/icss_iep.c
@@ -498,6 +498,10 @@ static int icss_iep_perout_enable(struct icss_iep *iep,
{
int ret = 0;
+ /* Return error if the req is NULL */
code is trivial here, explain the 'why' not the 'what'
Why is this called with NULL?
+ if (!req)
+ return -EINVAL;