From: Jakub Kicinski <kuba@kernel.org>
To: Kory Maincent <kory.maincent@bootlin.com>
Cc: Andrew Lunn <andrew@lunn.ch>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Oleksij Rempel <o.rempel@pengutronix.de>,
thomas.petazzoni@bootlin.com,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>
Subject: Re: [PATCH net] net: ethtool: pse-pd: Fix possible null-deref
Date: Tue, 9 Jul 2024 07:18:46 -0700 [thread overview]
Message-ID: <20240709071846.7b113db7@kernel.org> (raw)
In-Reply-To: <20240709131201.166421-1-kory.maincent@bootlin.com>
On Tue, 9 Jul 2024 15:12:01 +0200 Kory Maincent wrote:
> Fix a possible null dereference when a PSE supports both c33 and PoDL, but
> only one of the netlink attributes is specified. The c33 or PoDL PSE
> capabilities are already validated in the ethnl_set_pse_validate() call.
>
> Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
> Reported-by: Jakub Kicinski <kuba@kernel.org>
> Closes: https://lore.kernel.org/netdev/20240705184116.13d8235a@kernel.org/
> Fixes: 4d18e3ddf427 ("net: ethtool: pse-pd: Expand pse commands with the PSE PoE interface")
> ---
> net/ethtool/pse-pd.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/ethtool/pse-pd.c b/net/ethtool/pse-pd.c
> index 2c981d443f27..9dc70eb50039 100644
> --- a/net/ethtool/pse-pd.c
> +++ b/net/ethtool/pse-pd.c
> @@ -178,9 +178,9 @@ ethnl_set_pse(struct ethnl_req_info *req_info, struct genl_info *info)
>
> phydev = dev->phydev;
> /* These values are already validated by the ethnl_pse_set_policy */
> - if (pse_has_podl(phydev->psec))
> + if (tb[ETHTOOL_A_PODL_PSE_ADMIN_CONTROL])
> config.podl_admin_control = nla_get_u32(tb[ETHTOOL_A_PODL_PSE_ADMIN_CONTROL]);
> - if (pse_has_c33(phydev->psec))
> + if (tb[ETHTOOL_A_C33_PSE_ADMIN_CONTROL])
> config.c33_admin_control = nla_get_u32(tb[ETHTOOL_A_C33_PSE_ADMIN_CONTROL]);
>
> /* Return errno directly - PSE has no notification */
At a glance this doesn't follow usual ethtool flow.
If user doesn't specify a value the previous configuration should be
kept. We init config to 0. Is 0 a special value for both those params
which tells drivers "don't change" ?
Normal ethtool flow is to first fill in the data with a ->get() then
modify what user wants to change.
Either we need:
- an explanation in the commit message how this keeps old config; or
- a ->get() to keep the previous values; or
- just reject setting one value but not the other in
ethnl_set_pse_validate() (assuming it never worked, anyway).
next prev parent reply other threads:[~2024-07-09 14:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 13:12 [PATCH net] net: ethtool: pse-pd: Fix possible null-deref Kory Maincent
2024-07-09 14:18 ` Jakub Kicinski [this message]
2024-07-09 14:43 ` Kory Maincent
2024-07-09 15:52 ` Jakub Kicinski
2024-07-09 16:33 ` Kory Maincent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240709071846.7b113db7@kernel.org \
--to=kuba@kernel.org \
--cc=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kory.maincent@bootlin.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=o.rempel@pengutronix.de \
--cc=pabeni@redhat.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.