Searched hist:be7f62eebaff2f86c1467a2d33930a0a7a87675b (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/net/dsa/sja1105/ |
| H A D | sja1105_main.c | diff be7f62eebaff2f86c1467a2d33930a0a7a87675b Thu Jun 24 10:52:07 CDT 2021 Vladimir Oltean <vladimir.oltean@nxp.com> net: dsa: sja1105: fix NULL pointer dereference in sja1105_reload_cbs()
priv->cbs is an array of priv->info->num_cbs_shapers elements of type
struct sja1105_cbs_entry which only get allocated if CONFIG_NET_SCH_CBS
is enabled.
However, sja1105_reload_cbs() is called from sja1105_static_config_reload()
which in turn is called for any of the items in sja1105_reset_reasons,
therefore during the normal runtime of the driver and not just from a
code path which can be triggered by the tc-cbs offload.
The sja1105_reload_cbs() function does not contain a check whether the
priv->cbs array is NULL or not, it just assumes it isn't and proceeds to
iterate through the credit-based shaper elements. This leads to a NULL
pointer dereference.
The solution is to return success if the priv->cbs array has not been
allocated, since sja1105_reload_cbs() has nothing to do.
Fixes: 4d7525085a9b ("net: dsa: sja1105: offload the Credit-Based Shaper qdisc")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|