Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference

From: Oliver Neukum
Date: Mon Nov 06 2023 - 07:53:31 EST

Next message: Sam Ravnborg: "Re: [PATCH] drm/bridge: tc358767: Support input format negotiation hook"
Previous message: Peter Zijlstra: "Re: [RFC PATCH 24/32] x86/ftrace: Enable HAVE_FUNCTION_GRAPH_FREGS"
In reply to: Bjørn Mork: "Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference"
Next in thread: Oliver Neukum: "Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06.11.23 11:55, Bjørn Mork wrote:

I believe that code is based on the (safe?) assumption that the struct
usbnet driver_info->tx_fixup points to cdc_ncm_tx_fixup(). And

That seems to be a correct assumption, but one that is far from obvious.
Could you add a big, fat comment?

cdc_ncm_tx_fixup does lots of weird stuff, including special handling of
NULL skb. It might return a valid skb for further processing by
usbnet_start_xmit(). If it doesn't, then we jump straight to
"not_drop", like we do when cdc_ncm_tx_fixup decides to eat the passed
skb.

But "funky" is i precise description of all this... If someone feels
like it, then all that open coded skb queing inside cdc_ncm should be
completely rewritten.

I understand what you mean, but I need a generic answer. Can you call
ndo_start_xmit() with skb == NULL?

Regards
Oliver

Next message: Sam Ravnborg: "Re: [PATCH] drm/bridge: tc358767: Support input format negotiation hook"
Previous message: Peter Zijlstra: "Re: [RFC PATCH 24/32] x86/ftrace: Enable HAVE_FUNCTION_GRAPH_FREGS"
In reply to: Bjørn Mork: "Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference"
Next in thread: Oliver Neukum: "Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]