Re: [PATCH] net: mediatek: add null pointer check for hardware offloading

From: Vadim Fedorenko
Date: Fri Jan 02 2026 - 06:20:56 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 3/4] dt-bindings: can: renesas,rcar-canfd: Document RZ/T2H and RZ/N2H SoCs"
Previous message: Michael S. Tsirkin: "Re: [PATCH RFC 05/13] dma-debug: track cache clean flag in entries"
In reply to: Sai Krishna Gajula: "RE: [PATCH] net: mediatek: add null pointer check for hardware offloading"
Next in thread: Sebastian Wolf: "Re: [PATCH] net: mediatek: add null pointer check for hardware offloading"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31/12/2025 22:52, Sebastian Roland Wolf wrote:

From: Sebastian Roland Wolf <srw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Add a null pointer check to prevent kernel crashes when hardware
offloading is active on MediaTek devices.

In some edge cases, the ethernet pointer or its associated netdev
element can be NULL. Checking these pointers before access is
mandatory to avoid segmentation faults and kernel oops.

This improves the robustness of the validation check for mtk_eth
ingress devices introduced in commit 73cfd947dbdb ("net: mediatek:
add support for ingress traffic offloading").

Fixes: 73cfd947dbdb ("net: mediatek: add support for ingress traffic offloading")
net: mediatek: Add null pointer check to prevent crashes with active hardware offloading.

Signed-off-by: Sebastian Roland Wolf <Sebastian.Wolf@xxxxxxxxxxxxxxx>
---
drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mediatek/mtk_ppe_offload.c b/drivers/net/ethernet/mediatek/mtk_ppe_offload.c
index e9bd32741983..6900ac87e1e9 100644
--- a/drivers/net/ethernet/mediatek/mtk_ppe_offload.c
+++ b/drivers/net/ethernet/mediatek/mtk_ppe_offload.c
@@ -270,7 +270,8 @@ mtk_flow_offload_replace(struct mtk_eth *eth, struct flow_cls_offload *f,
flow_rule_match_meta(rule, &match);
if (mtk_is_netsys_v2_or_greater(eth)) {

The code dereferences eth here ...

idev = __dev_get_by_index(&init_net, match.key->ingress_ifindex);
- if (idev && idev->netdev_ops == eth->netdev[0]->netdev_ops) {
+ if (idev && eth && eth->netdev[0] &&

... but it is checked a couple of lines after.

Even more, the function starts with providing rhahstable to lookup
cookie. I'm really doubt eth can be NULL.
At the same time lack of eth->netdev[0] looks like a design problem,
because according to the code there might be up to 3 netdev devices
registered for ppe.

I'm not familiar with the code, but it would be better to have a splat
of crash to check what was exactly missing, and drgn can help you find
if there were other netdevs available at the moment of crash.

+ idev->netdev_ops == eth->netdev[0]->netdev_ops) {
struct mtk_mac *mac = netdev_priv(idev);
if (WARN_ON(mac->ppe_idx >= eth->soc->ppe_num))

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 3/4] dt-bindings: can: renesas,rcar-canfd: Document RZ/T2H and RZ/N2H SoCs"
Previous message: Michael S. Tsirkin: "Re: [PATCH RFC 05/13] dma-debug: track cache clean flag in entries"
In reply to: Sai Krishna Gajula: "RE: [PATCH] net: mediatek: add null pointer check for hardware offloading"
Next in thread: Sebastian Wolf: "Re: [PATCH] net: mediatek: add null pointer check for hardware offloading"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]