Merge branch 'net-smc-fixes-2022-04-08'

Karsten Graul says: ==================== net/smc: fixes 2022-04-08 Patch 1 fixes two usages of snprintf() with non null-terminated string which results into an out-of-bounds read. Pach 2 fixes a syzbot finding where a pointer check was missed before the call to dev_name(). Patch 3 fixes a crash when already released memory is used as a function pointer. ==================== Link: https://lore.kernel.org/r/20220408151035.1044701-1-kgraul@linux.ibm.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2022-04-11 18:28:07 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2022-04-11 18:28:08 -0700
commit: d6d9fc1d37f9bb911ba7013d7628a03bb4cb2561 (patch)
tree: c77ba33014b956c110acfe9afd5dd81ac992f661 /net/smc/smc_pnet.c
parent: 5ad7f18cd82cee8e773d40cc7a1465a526f2615c (diff)
parent: 49b7d376abe54a49e8bd5e64824032b7c97c62d4 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/net/smc/smc_pnet.c b/net/smc/smc_pnet.c
index 7984f8883472..7055ed10e316 100644
--- a/net/smc/smc_pnet.c
+++ b/net/smc/smc_pnet.c
@@ -311,8 +311,9 @@ static struct smc_ib_device *smc_pnet_find_ib(char *ib_name)
 	list_for_each_entry(ibdev, &smc_ib_devices.list, list) {
 		if (!strncmp(ibdev->ibdev->name, ib_name,
 			     sizeof(ibdev->ibdev->name)) ||
-		    !strncmp(dev_name(ibdev->ibdev->dev.parent), ib_name,
-			     IB_DEVICE_NAME_MAX - 1)) {
+		    (ibdev->ibdev->dev.parent &&
+		     !strncmp(dev_name(ibdev->ibdev->dev.parent), ib_name,
+			     IB_DEVICE_NAME_MAX - 1))) {
 			goto out;
 		}
 	}
author	Jakub Kicinski <kuba@kernel.org>	2022-04-11 18:28:07 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2022-04-11 18:28:08 -0700
commit	d6d9fc1d37f9bb911ba7013d7628a03bb4cb2561 (patch)
tree	c77ba33014b956c110acfe9afd5dd81ac992f661 /net/smc/smc_pnet.c
parent	5ad7f18cd82cee8e773d40cc7a1465a526f2615c (diff)
parent	49b7d376abe54a49e8bd5e64824032b7c97c62d4 (diff)