[PATCH net-next v2 3/3] net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Malladi, Meghana
m-malladi at ti.com
Thu Mar 27 23:16:49 PDT 2025
On 3/25/2025 11:18 PM, Jakub Kicinski wrote:
> On Fri, 21 Mar 2025 13:43:13 +0530 Meghana Malladi wrote:
>> Whenever there is a perout request from the user application,
>> kernel receives req structure containing the configuration info
>> for that req.
>
> This doesn't really explain the condition under which the bug triggers.
> Presumably when user request comes in req is never NULL?
>
You are right, I have looked into what would trigger this bug but seems
like user request can never be NULL, but the contents inside the req can
be invalid, but that is already being handled by the kernel. So this bug
fix makes no sense and I will be dropping this patch for v3. Thanks.
>> Add NULL pointer handling for perout request if
>> that req struct points to NULL.
>>
>> Fixes: e5b456a14215 ("net: ti: icss-iep: Add pwidth configuration for perout signal")
>> Signed-off-by: Meghana Malladi <m-malladi at ti.com>
>> Reviewed-by: Simon Horman <horms at kernel.org>
>> ---
>>
>> Changes from v1(v2-v1):
>> - Collected RB tag from Simon Horman <horms at kernel.org>
>>
>> drivers/net/ethernet/ti/icssg/icss_iep.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/net/ethernet/ti/icssg/icss_iep.c b/drivers/net/ethernet/ti/icssg/icss_iep.c
>> index b4a34c57b7b4..aeebdc4c121e 100644
>> --- a/drivers/net/ethernet/ti/icssg/icss_iep.c
>> +++ b/drivers/net/ethernet/ti/icssg/icss_iep.c
>> @@ -498,6 +498,10 @@ static int icss_iep_perout_enable(struct icss_iep *iep,
>> {
>> int ret = 0;
>>
>> + /* Return error if the req is NULL */
>
> code is trivial here, explain the 'why' not the 'what'
> Why is this called with NULL?
>
>> + if (!req)
>> + return -EINVAL;
More information about the linux-arm-kernel
mailing list