Hi,
Static analysis with Coverity on today's linux-next has found a
potential null pointer dereference bug with the following commit:
commit d92e4e6e33c8b19635be70fb8935b627d2e4f8fe
Author: Petr Machata <pe...@mellanox.com>
Date: Sun Jun 30 09:04:56 2019 +0300
mlxsw: spectrum: PTP: Support timestamping on Spectrum-1
In function: mlxsw_sp1_ptp_packet_finish the offending code is as follows:
/* Between capturing the packet and finishing it, there is a
window of
* opportunity for the originating port to go away (e.g. due to a
* split). Also make sure the SKB device reference is still valid.
*/
mlxsw_sp_port = mlxsw_sp->ports[local_port];
if (!mlxsw_sp_port && (!skb->dev || skb->dev ==
mlxsw_sp_port->dev)) {
dev_kfree_skb_any(skb);
return;
}
If mlxsw_sp_port is null and skb->dev is not-null then the comparison
"skb->dev == mlxsw_sp_port->dev" ends up with a null pointer dereference.
I think the if statement should be:
if (mlxsw_sp_port && (!skb->dev || skb->dev == mlxsw_sp_port->dev))
..but I'm not 100% sure as I may be missing something a bit more subtle
here.
Colin
