Re: [PATCH net] bnx2x: fix null pointer dereference in bnx2x_free_mem_bp()
From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Date: 2026-07-01 14:21:31
Also in:
lkml, stable
On Wed, Jul 01, 2026 at 12:20:26PM +0530, Abdun Nihaal wrote:
In one of the error path in bnx2x_alloc_mem_bp(), bnx2x_free_mem_bp()
may be called with bp->fp uninitialized. And so, there could be a null
pointer dereference in bnx2x_free_mem_bp(). Fix that by adding a null
check before the only dereference of bp->fp in the function.
The issue was reported by Sashiko AI review.
Fixes: c3146eb676e7 ("bnx2x: Correct memory preparation and release")
Cc: stable@vger.kernel.org
Signed-off-by: Abdun Nihaal <redacted>
---
Compile tested only.
Thanks to Simon Horman for pointing out the Sashiko review.Should we include Reported-by tag given to Sashiko? I did that in my last changes, I guess it would be good to track the amount of things fixed that originated from Sashiko review. Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
quoted hunk ↗ jump to hunk
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c index 5b2640bd31c3..25ee45cb7f3f 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c@@ -4712,8 +4712,9 @@ void bnx2x_free_mem_bp(struct bnx2x *bp) { int i; - for (i = 0; i < bp->fp_array_size; i++) - kfree(bp->fp[i].tpa_info); + if (bp->fp) + for (i = 0; i < bp->fp_array_size; i++) + kfree(bp->fp[i].tpa_info); kfree(bp->fp); kfree(bp->sp_objs); kfree(bp->fp_stats);-- 2.43.0