NULL pointer dereference in netvsc_probe(). Module hv_netvsc is included
in initramfs, so this blocks the boot process.
For Hyper-V only supports single channel, rndis_filter_device_add()
bails early and jump to tag "out". Subsequent code calls
rndis_filter_device_remove() and returns ERR_PTR(ret), where ret is
0 (sucess). Because of that, it passes IS_ERR(nvdev) check in
netvsc_probe() and cause a NULL pointer dereference, as nvdev now is 0:
if (nvdev->num_chn > 1)
Correctly return net_device at the end of rndis_filter_device_add().
Users report positive result.
Low. Trivial change, patches are in upstream sometime.
Stephen Hemminger (1):
hv/netvsc: fix handling of fallback to single queue mode
Takashi Iwai (1):
hv/netvsc: Fix NULL dereference at single queue mode fallback
The recent commit 916c5e1413be ("hv/netvsc: fix handling of fallback
to single queue mode") tried to fix the fallback behavior to a single
queue mode, but it changed the function to return zero incorrectly,
while the function should return an object pointer. Eventually this
leads to a NULL dereference at the callers that expect non-NULL
Fix it by returning the proper net_device object.
Fixes: 916c5e1413be ("hv/netvsc: fix handling of fallback to single queue mode")
Signed-off-by: Takashi Iwai <[hidden email]>
Reviewed-by: Stephen Hemminger <[hidden email]>
Signed-off-by: David S. Miller <[hidden email]>
(cherry picked from commit b19b46346f483ae055fa027cb2d5c2ca91484b91)
Signed-off-by: Kai-Heng Feng <[hidden email]>
drivers/net/hyperv/rndis_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)