Commit fd304af3 authored by Colin Ian King's avatar Colin Ian King Committed by Kleber Sacilotto de Souza

e1000: avoid null pointer dereference on invalid stat type

BugLink: https://bugs.launchpad.net/bugs/1810947

[ Upstream commit 5983587c ]

Currently if the stat type is invalid then data[i] is being set
either by dereferencing a null pointer p, or it is reading from
an incorrect previous location if we had a valid stat type
previously.  Fix this by skipping over the read of p on an invalid
stat type.

Detected by CoverityScan, CID#113385 ("Explicit null dereferenced")
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Reviewed-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 166c7edb
...@@ -1826,11 +1826,12 @@ static void e1000_get_ethtool_stats(struct net_device *netdev, ...@@ -1826,11 +1826,12 @@ static void e1000_get_ethtool_stats(struct net_device *netdev,
{ {
struct e1000_adapter *adapter = netdev_priv(netdev); struct e1000_adapter *adapter = netdev_priv(netdev);
int i; int i;
char *p = NULL;
const struct e1000_stats *stat = e1000_gstrings_stats; const struct e1000_stats *stat = e1000_gstrings_stats;
e1000_update_stats(adapter); e1000_update_stats(adapter);
for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) { for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++, stat++) {
char *p;
switch (stat->type) { switch (stat->type) {
case NETDEV_STATS: case NETDEV_STATS:
p = (char *)netdev + stat->stat_offset; p = (char *)netdev + stat->stat_offset;
...@@ -1841,15 +1842,13 @@ static void e1000_get_ethtool_stats(struct net_device *netdev, ...@@ -1841,15 +1842,13 @@ static void e1000_get_ethtool_stats(struct net_device *netdev,
default: default:
WARN_ONCE(1, "Invalid E1000 stat type: %u index %d\n", WARN_ONCE(1, "Invalid E1000 stat type: %u index %d\n",
stat->type, i); stat->type, i);
break; continue;
} }
if (stat->sizeof_stat == sizeof(u64)) if (stat->sizeof_stat == sizeof(u64))
data[i] = *(u64 *)p; data[i] = *(u64 *)p;
else else
data[i] = *(u32 *)p; data[i] = *(u32 *)p;
stat++;
} }
/* BUG_ON(i != E1000_STATS_LEN); */ /* BUG_ON(i != E1000_STATS_LEN); */
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment