[PATCH v4] lan743x: fix for potential NULL pointer dereference with bare card

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sergej Bauer <sbauer@blackbox.su>
To: unlisted-recipients:; (no To-header on input)
Cc: andrew@lunn.ch, Markus.Elfring@web.de, thesven73@gmail.com,
	sbauer@blackbox.su, Jakub Kicinski <kuba@kernel.org>,
	Bryan Whitehead <bryan.whitehead@microchip.com>,
	Microchip Linux Driver Support <UNGLinuxDriver@microchip.com>,
	"David S. Miller" <davem@davemloft.net>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4] lan743x: fix for potential NULL pointer dereference with bare card
Date: Tue, 15 Dec 2020 19:12:45 +0300	[thread overview]
Message-ID: <20201215161252.8448-1-sbauer@blackbox.su> (raw)
In-Reply-To: <20201127083925.4813c57a@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>

This is the 4th revision of the patch fix for potential null pointer dereference
with lan743x card.

The simpliest way to reproduce: boot with bare lan743x and issue "ethtool ethN"
command where ethN is the interface with lan743x card. Example:

$ sudo ethtool eth7
dmesg:
[  103.510336] BUG: kernel NULL pointer dereference, address: 0000000000000340
...
[  103.510836] RIP: 0010:phy_ethtool_get_wol+0x5/0x30 [libphy]
...
[  103.511629] Call Trace:
[  103.511666]  lan743x_ethtool_get_wol+0x21/0x40 [lan743x]
[  103.511724]  dev_ethtool+0x1507/0x29d0
[  103.511769]  ? avc_has_extended_perms+0x17f/0x440
[  103.511820]  ? tomoyo_init_request_info+0x84/0x90
[  103.511870]  ? tomoyo_path_number_perm+0x68/0x1e0
[  103.511919]  ? tty_insert_flip_string_fixed_flag+0x82/0xe0
[  103.511973]  ? inet_ioctl+0x187/0x1d0
[  103.512016]  dev_ioctl+0xb5/0x560
[  103.512055]  sock_do_ioctl+0xa0/0x140
[  103.512098]  sock_ioctl+0x2cb/0x3c0
[  103.512139]  __x64_sys_ioctl+0x84/0xc0
[  103.512183]  do_syscall_64+0x33/0x80
[  103.512224]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  103.512274] RIP: 0033:0x7f54a9cba427
...

Previous versions can be found at:
v1:
initial version
    https://lkml.org/lkml/2020/10/28/921

v2:
do not return from lan743x_ethtool_set_wol if netdev->phydev == NULL, just skip
the call of phy_ethtool_set_wol() instead.
    https://lkml.org/lkml/2020/10/31/380

v3:
in function lan743x_ethtool_set_wol:
use ternary operator instead of if-else sentence (review by Markus Elfring)
return -ENETDOWN instead of -EIO (review by Andrew Lunn)

v4:
Sven Van Asbruck noticed that the patch was being applied cleanly to the 5.9
branch, so the tag “Fixes” was added as Jakub suggested.

Signed-off-by: Sergej Bauer <sbauer@blackbox.su>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Fixes: 4d94282afd95 ("lan743x: Add power management support")
---
diff --git a/drivers/net/ethernet/microchip/lan743x_ethtool.c b/drivers/net/ethernet/microchip/lan743x_ethtool.c
index dcde496da7fb..c5de8f46cdd3 100644
--- a/drivers/net/ethernet/microchip/lan743x_ethtool.c
+++ b/drivers/net/ethernet/microchip/lan743x_ethtool.c
@@ -780,7 +780,9 @@ static void lan743x_ethtool_get_wol(struct net_device *netdev,
 
 	wol->supported = 0;
 	wol->wolopts = 0;
-	phy_ethtool_get_wol(netdev->phydev, wol);
+
+	if (netdev->phydev)
+		phy_ethtool_get_wol(netdev->phydev, wol);
 
 	wol->supported |= WAKE_BCAST | WAKE_UCAST | WAKE_MCAST |
 		WAKE_MAGIC | WAKE_PHY | WAKE_ARP;
@@ -809,9 +811,8 @@ static int lan743x_ethtool_set_wol(struct net_device *netdev,
 
 	device_set_wakeup_enable(&adapter->pdev->dev, (bool)wol->wolopts);
 
-	phy_ethtool_set_wol(netdev->phydev, wol);
-
-	return 0;
+	return netdev->phydev ? phy_ethtool_set_wol(netdev->phydev, wol)
+			: -ENETDOWN;
 }
 #endif /* CONFIG_PM */

next prev parent reply	other threads:[~2020-12-15 16:14 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <220201101203820.GD1109407@lunn.ch>
2020-11-01 22:35 ` [PATCH v3] lan743x: fix for potential NULL pointer dereference with bare card Sergej Bauer
2020-11-04  1:38   ` Jakub Kicinski
2020-11-04 19:46     ` Sergej Bauer
2020-11-26 14:22     ` Sven Van Asbroeck
2020-11-27  8:39       ` Sergej Bauer
2020-11-27 16:39         ` Jakub Kicinski
2020-12-15 16:12           ` Sergej Bauer [this message]
2020-12-15 23:39             ` [PATCH v4] " patchwork-bot+netdevbpf
2020-12-16  1:12               ` Jakub Kicinski
2020-12-16  1:35                 ` Sergej Bauer

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dcde496da7f dfblob:c5de8f46cdd )
 OR (
bs:"[PATCH v4] lan743x: fix for potential NULL pointer dereference with bare card" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201215161252.8448-1-sbauer@blackbox.su \
    --to=sbauer@blackbox.su \
    --cc=Markus.Elfring@web.de \
    --cc=UNGLinuxDriver@microchip.com \
    --cc=andrew@lunn.ch \
    --cc=bryan.whitehead@microchip.com \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=thesven73@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.