net/hinic: Fix null pointer dereference in hinic_physical_port_id

driver inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I4XF98 CVE: NA ----------------------------------------------------------------------- The hinic driver currently generates a NULL pointer dereference when performing the hinicadm tool command during device probe. This is because the hinicadm process accesses the NULL hwif pointer in the hwdev which have not been allocated in probe. Fix this by checking the initialization state of device before accessing it. Signed-off-by: N Chiqijun <chiqijun@huawei.com> Reviewed-by: N Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

net/hinic: Fix null pointer dereference in hinic_physical_port_id
driver inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I4XF98 CVE: NA ----------------------------------------------------------------------- The hinic driver currently generates a NULL pointer dereference when performing the hinicadm tool command during device probe. This is because the hinicadm process accesses the NULL hwif pointer in the hwdev which have not been allocated in probe. Fix this by checking the initialization state of device before accessing it. Signed-off-by: N Chiqijun <chiqijun@huawei.com> Reviewed-by: N Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
98541cfd · Chiqijun · Zheng Zengkai · a8052325 · 98541cfd
隐藏空白更改
内联并排

Showing with 22 addition and 8 deletion

drivers/net/ethernet/huawei/hinic/hinic_lld.c drivers/net/ethernet/huawei/hinic/hinic_lld.c +22 -8

未找到文件。
--- a/drivers/net/ethernet/huawei/hinic/hinic_lld.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_lld.c
@@ -801,8 +801,7 @@ static bool __is_pcidev_match_chip_name(const char *ifname,
 			if (dev->init_state < HINIC_INIT_STATE_HW_PART_INITED)
 				return false;
 		} else {
-			if (dev->init_state >=
-			    HINIC_INIT_STATE_HW_PART_INITED &&
+			if (dev->init_state < HINIC_INIT_STATE_HW_PART_INITED ||
 			    hinic_func_type(dev->hwdev) != type)
 				return false;
 		}
@@ -1153,6 +1152,10 @@ void *hinic_get_ppf_hwdev_by_pdev(struct pci_dev *pdev)
 	chip_node = pci_adapter->chip_node;
 	lld_dev_hold();
 	list_for_each_entry(dev, &chip_node->func_list, node) {
+		if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag) ||
+		    dev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
+			continue;
+
 		if (dev->hwdev && hinic_func_type(dev->hwdev) == TYPE_PPF) {
 			lld_dev_put();
 			return dev->hwdev;
@@ -1365,6 +1368,10 @@ int hinic_get_pf_id(void *hwdev, u32 port_id, u32 *pf_id, u32 *isvalid)

 	lld_dev_hold();
 	list_for_each_entry(dev, &chip_node->func_list, node) {
+		if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag) ||
+		    dev->init_state < HINIC_INIT_STATE_HWDEV_INITED)
+			continue;
+
 		if (hinic_physical_port_id(dev->hwdev) == port_id) {
 			*pf_id = hinic_global_func_id(dev->hwdev);
 			*isvalid = 1;
@@ -1852,7 +1859,8 @@ static void send_event_to_all_pf(struct hinic_pcidev *dev,

 	lld_dev_hold();
 	list_for_each_entry(des_dev, &dev->chip_node->func_list, node) {
-		if (test_bit(HINIC_FUNC_IN_REMOVE, &des_dev->flag))
+		if (test_bit(HINIC_FUNC_IN_REMOVE, &des_dev->flag) ||
+		    des_dev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
 			continue;

 		if (hinic_func_type(des_dev->hwdev) == TYPE_VF)
@@ -1870,7 +1878,8 @@ static void send_event_to_dst_pf(struct hinic_pcidev *dev, u16 func_id,

 	lld_dev_hold();
 	list_for_each_entry(des_dev, &dev->chip_node->func_list, node) {
-		if (test_bit(HINIC_FUNC_IN_REMOVE, &des_dev->flag))
+		if (test_bit(HINIC_FUNC_IN_REMOVE, &des_dev->flag) ||
+		    des_dev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
 			continue;

 		if (hinic_func_type(des_dev->hwdev) == TYPE_VF)
@@ -2637,8 +2646,11 @@ static void slave_host_init_delay_work(struct work_struct *work)
 	/* Make sure the PPF must be the first one */
 	lld_dev_hold();
 	list_for_each_entry(ppf_pcidev, &chip_node->func_list, node) {
-		if (ppf_pcidev &&
-		    hinic_func_type(ppf_pcidev->hwdev) == TYPE_PPF) {
+		if (test_bit(HINIC_FUNC_IN_REMOVE, &ppf_pcidev->flag) ||
+		    ppf_pcidev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
+			continue;
+
+		if (hinic_func_type(ppf_pcidev->hwdev) == TYPE_PPF) {
 			found = 1;
 			break;
 		}
@@ -2872,7 +2884,8 @@ int hinic_register_micro_log(struct hinic_micro_log_info *micro_log_info)
 	lld_dev_hold();
 	list_for_each_entry(chip_node, &g_hinic_chip_list, node) {
 		list_for_each_entry(dev, &chip_node->func_list, node) {
-			if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag))
+			if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag) ||
+			    dev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
 				continue;

 			if (hinic_func_type(dev->hwdev) == TYPE_PPF) {
@@ -2902,7 +2915,8 @@ void hinic_unregister_micro_log(struct hinic_micro_log_info *micro_log_info)
 	lld_dev_hold();
 	list_for_each_entry(chip_node, &g_hinic_chip_list, node) {
 		list_for_each_entry(dev, &chip_node->func_list, node) {
-			if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag))
+			if (test_bit(HINIC_FUNC_IN_REMOVE, &dev->flag) ||
+			    dev->init_state < HINIC_INIT_STATE_HW_IF_INITED)
 				continue;

 			if (hinic_func_type(dev->hwdev) == TYPE_PPF)