kernel/SOURCES/1651-net-mlx5e-fix-null-pointer-dereference-in-ioctl-module-eepro.patch

54 lines
1.9 KiB
Diff

From 8667c2e8fe140d8da277af968148cadaf9eafc87 Mon Sep 17 00:00:00 2001
From: Kamal Heib <kheib@redhat.com>
Date: Mon, 20 Apr 2026 17:10:11 -0400
Subject: [PATCH] net/mlx5e: Fix NULL pointer dereference in ioctl module
EEPROM query
JIRA: https://redhat.atlassian.net/browse/RHEL-169055
commit 7d36a4a8bf62dc508bc6bb4b59727aec25064ca5
Author: Gal Pressman <gal@nvidia.com>
Date: Thu Dec 25 15:27:15 2025 +0200
net/mlx5e: Fix NULL pointer dereference in ioctl module EEPROM query
The mlx5_query_mcia() function unconditionally dereferences the status
pointer to store the MCIA register status value.
However, mlx5e_get_module_id() passes NULL since it doesn't need the
status value.
Add a NULL check before dereferencing the status pointer to prevent a
NULL pointer dereference.
Fixes: 2e4c44b12f4d ("net/mlx5: Refactor EEPROM query error handling to return status separately")
Signed-off-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Link: https://patch.msgid.link/20251225132717.358820-4-mbloch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Kamal Heib <kheib@redhat.com>
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/port.c b/drivers/net/ethernet/mellanox/mlx5/core/port.c
index e4b1dfafb41f..3e52579bc2af 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/port.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/port.c
@@ -393,9 +393,11 @@ static int mlx5_query_mcia(struct mlx5_core_dev *dev,
if (err)
return err;
- *status = MLX5_GET(mcia_reg, out, status);
- if (*status)
+ if (MLX5_GET(mcia_reg, out, status)) {
+ if (status)
+ *status = MLX5_GET(mcia_reg, out, status);
return -EIO;
+ }
ptr = MLX5_ADDR_OF(mcia_reg, out, dword_0);
memcpy(data, ptr, size);
--
2.50.1 (Apple Git-155)