From: Sasha Levin <sashal@kernel.org>
Date: Sun, 19 Feb 2023 09:19:19 +0000 (-0500)
Subject: Fixes for 4.14
X-Git-Tag: v4.14.306~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dcf3b2ada8b626b994c1731ff686bccab9d49ab6;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.14

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.14/i40e-add-checking-for-null-for-nlmsg_find_attr.patch b/queue-4.14/i40e-add-checking-for-null-for-nlmsg_find_attr.patch
new file mode 100644
index 00000000000..1e517d39c3e
--- /dev/null
+++ b/queue-4.14/i40e-add-checking-for-null-for-nlmsg_find_attr.patch
@@ -0,0 +1,43 @@
+From e9756d12656229c9968af18af785bc898125e745 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 9 Feb 2023 09:28:33 -0800
+Subject: i40e: Add checking for null for nlmsg_find_attr()
+
+From: Natalia Petrova <n.petrova@fintech.ru>
+
+[ Upstream commit 7fa0b526f865cb42aa33917fd02a92cb03746f4d ]
+
+The result of nlmsg_find_attr() 'br_spec' is dereferenced in
+nla_for_each_nested(), but it can take NULL value in nla_find() function,
+which will result in an error.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 51616018dd1b ("i40e: Add support for getlink, setlink ndo ops")
+Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
+Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
+Tested-by: Gurucharan G <gurucharanx.g@intel.com> (A Contingent worker at Intel)
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Link: https://lore.kernel.org/r/20230209172833.3596034-1-anthony.l.nguyen@intel.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
+index 67b7e37925191..de8a713db078f 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -9453,6 +9453,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
+ 	}
+ 
+ 	br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
++	if (!br_spec)
++		return -EINVAL;
+ 
+ 	nla_for_each_nested(attr, br_spec, rem) {
+ 		__u16 mode;
+-- 
+2.39.0
+
diff --git a/queue-4.14/series b/queue-4.14/series
index 7fd47f476c4..ea6aa70f0c6 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -48,3 +48,4 @@ net-stmmac-restrict-warning-on-disabling-dma-store-and-fwd-mode.patch
 net-mpls-fix-stale-pointer-if-allocation-fails-during-device-rename.patch
 ipv6-fix-datagram-socket-connection-with-dscp.patch
 ipv6-fix-tcp-socket-connection-with-dscp.patch
+i40e-add-checking-for-null-for-nlmsg_find_attr.patch