On Thu, Jun 06, 2019 at 09:55:07AM +0200, Marcus Meissner wrote: > Hi, > > Dave does not like private-only emails, so again for netdev list: > > On Wed, Jun 05, 2019 at 11:20:29AM +0200, Marcus Meissner wrote: > > Hi Gen Zhang, > > > > looking at > > https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825 > > > > ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() > > In function ip6_ra_control(), the pointer new_ra is allocated a memory > > space via kmalloc(). And it is used in the following codes. However, > > when there is a memory allocation error, kmalloc() fails. Thus null > > pointer dereference may happen. And it will cause the kernel to crash. > > Therefore, we should check the return value and handle the error. > > > > There seems to be no case in current GIT where new_ra is being dereferenced > > even if it > > is NULL (kfree(NULL) will work fine). > > > > Was this just an assumption based on insufficient code review, or was there > > a real > > crash observed and how? > > The reporter had replied privately that he was only doing a code audit. Thanks again for your concerns of this patch.
It is not exactly that. This comes from a static analysis research prototype. And I think it is different from 'only doing code audit'. Thanks Gen > > We (Redhat and SUSE) wonder if this fix is needed at all. > > Ciao, Marcus
