tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

The driver allocates arrays for ports, FDBs, and filter blocks using
kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the
device reports zero interfaces (either due to hardware configuration
or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)
instead of NULL.

Later in dpaa2_switch_probe(), the NAPI initialization unconditionally
accesses ethsw->ports[0]->netdev, which attempts to dereference
ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.

Add a check to ensure num_ifs is greater than zero after retrieving
device attributes. This prevents the zero-sized allocations and
subsequent invalid pointer dereference.

Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Reported-by: Junrui Luo <moonafterrain@outlook.com>
Fixes: 0b1b71370458 ("staging: dpaa2-switch: handle Rx path on control interface")
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://patch.msgid.link/SYBPR01MB7881BEABA8DA896947962470AF91A@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Junrui Luo and committed by
Jakub Kicinski ed48a84a de5720f9

+6
+6
drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c
··· 3024 3024 goto err_close; 3025 3025 } 3026 3026 3027 + if (!ethsw->sw_attr.num_ifs) { 3028 + dev_err(dev, "DPSW device has no interfaces\n"); 3029 + err = -ENODEV; 3030 + goto err_close; 3031 + } 3032 + 3027 3033 err = dpsw_get_api_version(ethsw->mc_io, 0, 3028 3034 &ethsw->major, 3029 3035 &ethsw->minor);