Cmnt: [SRU][F/J][PATCH 0/1] CVE-2024-26595

Stefan Bader stefan.bader at canonical.com
Tue Nov 19 10:04:56 UTC 2024 

On 18.11.24 21:19, Yuxuan Luo wrote:
> On Thu, Nov 14, 2024 at 01:53:35PM +0800, Jian Hui Lee wrote:
>> [Impact]
>>
>> mlxsw: spectrum_acl_tcam: Fix NULL Pointer dereference in error path
>>
>> When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after
>> failing to attach the region to an ACL group, we hit a NULL pointer
>> dereference.
>>
>> Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().
>>
>> [Fix]
>>
>> noble:  not affected
>> jammy:  backported from linux-stable
>> focal:  backported from linux-stable
>> bionic: backported from linux-stable. sent to esm
>> xenial: not affected
>>
>> [Test Case]
>>
>> Compile and boot tested.
>>
>> [Where problems could occur]
>>
>> The fix affects mellanox ethernet switch driver. An issue with this fix
>> may lead to kernel crashes or system instability after destroying tcam
>> region.
>>
>> Ido Schimmel (1):
>>    mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
>>
>>   drivers/net/ethernet/mellanox/mlxsw/spectrum.h          | 1 +
>>   drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c      | 5 +++++
>>   drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 4 ++--
>>   3 files changed, 8 insertions(+), 2 deletions(-)
>>
> 
> As mentioned above, the "linux-stable" tag should be omitted since it's
> a commit from the mainline. Besides, I am incline to expand the
> mlxsw_sp_acl_to_tcam() function to explicitly show that we are not
> backporting 74cbc3c03c82 ("mlxsw: spectrum_acl_tcam: Move devlink param
> to TCAM code") in this case.

I would feel the same. Even more double check that the mlxsw_sp_acl 
structure in the old code actually has a member tcam. Sometimes macros 
get introduced after code rework and do not work with older code.

-Stefan
> 
>> -- 
>> 2.43.0
>>
>>
>> -- 
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 

-- 
- Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241119/98c362d4/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241119/98c362d4/attachment-0001.sig>

More information about the kernel-team mailing list