RE: [PATCH net] tipc: fix panic in tipc_udp_nl_dump_remoteip() using bearer as udp without check

[Tung Quang Nguyen]

>Subject: [PATCH net] tipc: fix panic in tipc_udp_nl_dump_remoteip() using
>bearer as udp without check
Please rephrase the name of this patch and add version for each change.
Example for your next sending:
[PATCH v4 net] tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
>
>When TIPC_NL_UDP_GET_REMOTEIP cmd calls tipc_udp_nl_dump_remoteip()
>with media name set to a l2 name, kernel panics [1].
Remove above description because new patch name is descriptive enough.
>
>The reproduction steps:
>1. create a tun interface
>2. enable l2 bearer
>3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun
>
>the ub was in fact a struct dev.
>
>when bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or other media
>when other thread changes it.
>
>fix this by checking media_id.
>
>[1]
>tipc: Started in network mode
>tipc: Node identity 8af312d38a21, cluster identity 4711
>tipc: Enabled bearer <eth:syz_tun>, priority 1
>Oops: general protection fault
>KASAN: null-ptr-deref in range
>CPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT
>Hardware name: QEMU Ubuntu 24.04 PC
>RIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0
Please move this observation right after the reproduction steps.

>Fixes: 832629ca5c313 ("tipc: add UDP remoteip dump to netlink API")
>Signed-off-by: Haixia Qu <hxqu@xxxxxxxxxxxxxxxx>
>---
Please add "v4: <the reason of version up>" here

Note: Please remove email domain ericsson.com of Jon and Richard because it is not existing anymore.