Vladimir Oltean 4228c00e14 net: dsa: sja1105: fix NULL pointer dereference in sja1105_reload_cbs() ... [ Upstream commit be7f62eebaff2f86c1467a2d33930a0a7a87675b ] priv->cbs is an array of priv->info->num_cbs_shapers elements of type struct sja1105_cbs_entry which only get allocated if CONFIG_NET_SCH_CBS is enabled. However, sja1105_reload_cbs() is called from sja1105_static_config_reload() which in turn is called for any of the items in sja1105_reset_reasons, therefore during the normal runtime of the driver and not just from a code path which can be triggered by the tc-cbs offload. The sja1105_reload_cbs() function does not contain a check whether the priv->cbs array is NULL or not, it just assumes it isn't and proceeds to iterate through the credit-based shaper elements. This leads to a NULL pointer dereference. The solution is to return success if the priv->cbs array has not been allocated, since sja1105_reload_cbs() has nothing to do. Fixes: 4d7525085a ("net: dsa: sja1105: offload the Credit-Based Shaper qdisc") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>		2021-07-14 16:56:29 +02:00
..
b53
microchip	net: dsa: microchip: enable phy errata workaround on 9567	2021-06-16 12:01:37 +02:00
mv88e6xxx
ocelot
qca
sja1105	net: dsa: sja1105: fix NULL pointer dereference in sja1105_reload_cbs()	2021-07-14 16:56:29 +02:00
bcm_sf2_cfp.c
bcm_sf2_regs.h
bcm_sf2.c
bcm_sf2.h
dsa_loop_bdinfo.c
dsa_loop.c
dsa_loop.h
Kconfig
lan9303_i2c.c
lan9303_mdio.c
lan9303-core.c
lan9303.h
lantiq_gswip.c
lantiq_pce.h
Makefile
mt7530.c
mt7530.h
mv88e6060.c
mv88e6060.h
qca8k.c
qca8k.h
realtek-smi-core.c
realtek-smi-core.h
rtl8366.c
rtl8366rb.c
vitesse-vsc73xx-core.c
vitesse-vsc73xx-platform.c
vitesse-vsc73xx-spi.c
vitesse-vsc73xx.h