From: Andrew Lunn <andrew@lunn.ch>
To: Michal Kubecek <mkubecek@suse.cz>
Cc: David Miller <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
Florian Fainelli <f.fainelli@gmail.com>,
Heiner Kallweit <hkallweit1@gmail.com>,
Chris Healy <cphealy@gmail.com>,
michael@walle.cc
Subject: Re: [PATCH net-next v2 06/10] net: ethtool: Add infrastructure for reporting cable test results
Date: Tue, 5 May 2020 15:19:36 +0200 [thread overview]
Message-ID: <20200505131936.GF208718@lunn.ch> (raw)
In-Reply-To: <20200505104226.GJ8237@lion.mk-sys.cz>
> > +int ethnl_cable_test_alloc(struct phy_device *phydev)
> > +{
> > + int err = -ENOMEM;
> > +
> > + phydev->skb = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
> > + if (!phydev->skb)
> > + goto out;
> > +
> > + phydev->ehdr = ethnl_bcastmsg_put(phydev->skb,
> > + ETHTOOL_MSG_CABLE_TEST_NTF);
> > + if (!phydev->ehdr) {
> > + err = -EINVAL;
>
> This should be -EMSGSIZE.
>
> > + goto out;
> > + }
> > +
> > + err = ethnl_fill_reply_header(phydev->skb, phydev->attached_dev,
> > + ETHTOOL_A_CABLE_TEST_NTF_HEADER);
> > + if (err)
> > + goto out;
> > +
> > + err = nla_put_u8(phydev->skb, ETHTOOL_A_CABLE_TEST_NTF_STATUS,
> > + ETHTOOL_A_CABLE_TEST_NTF_STATUS_COMPLETED);
> > + if (err)
> > + goto out;
> > +
> > + phydev->nest = nla_nest_start(phydev->skb,
> > + ETHTOOL_A_CABLE_TEST_NTF_NEST);
> > + if (!phydev->nest)
> > + goto out;
>
> If nla_nest_start() fails, we still have 0 in err.
>
> > +
> > + return 0;
> > +
> > +out:
> > + nlmsg_free(phydev->skb);
> > + return err;
> > +}
> > +EXPORT_SYMBOL_GPL(ethnl_cable_test_alloc);
>
> Do you think it would make sense to set phydev->skb to NULL on failure
> and also in ethnl_cable_test_free() and ethnl_cable_test_finished() so
> that if driver messes up, it hits null pointer dereference which is much
> easier to debug than use after free?
Hi Michal
The use after free is not that hard to debug, i had to do it myself :-)
But yes, i can poison phydev->skb.
Andrew
next prev parent reply other threads:[~2020-05-05 13:19 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 0:18 [PATCH net-next v2 00/10] Ethernet Cable test support Andrew Lunn
2020-05-05 0:18 ` [PATCH net-next v2 01/10] net: phy: Add cable test support to state machine Andrew Lunn
2020-05-05 0:18 ` [PATCH net-next v2 02/10] net: phy: Add support for polling cable test Andrew Lunn
2020-05-05 3:15 ` Florian Fainelli
2020-05-05 0:18 ` [PATCH net-next v2 03/10] net: ethtool: netlink: Add support for triggering a " Andrew Lunn
2020-05-05 3:18 ` Florian Fainelli
2020-05-05 7:15 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 04/10] net: ethtool: Add attributes for cable test reports Andrew Lunn
2020-05-05 3:19 ` Florian Fainelli
2020-05-05 8:28 ` Michal Kubecek
2020-05-05 13:15 ` Andrew Lunn
2020-05-05 13:24 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 05/10] net: ethtool: Make helpers public Andrew Lunn
2020-05-05 3:20 ` Florian Fainelli
2020-05-05 8:29 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 06/10] net: ethtool: Add infrastructure for reporting cable test results Andrew Lunn
2020-05-05 3:21 ` Florian Fainelli
2020-05-05 10:42 ` Michal Kubecek
2020-05-05 13:19 ` Andrew Lunn [this message]
2020-05-05 0:18 ` [PATCH net-next v2 07/10] net: ethtool: Add helpers for reporting " Andrew Lunn
2020-05-05 3:22 ` Florian Fainelli
2020-05-05 10:50 ` Michal Kubecek
2020-05-05 13:22 ` Andrew Lunn
2020-05-05 13:32 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 08/10] net: phy: marvell: Add cable test support Andrew Lunn
2020-05-05 3:24 ` Florian Fainelli
2020-05-05 10:11 ` Michael Walle
2020-05-05 13:32 ` Andrew Lunn
2020-05-05 10:52 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 09/10] net: phy: Put interface into oper testing during cable test Andrew Lunn
2020-05-05 3:24 ` Florian Fainelli
2020-05-05 11:26 ` Michal Kubecek
2020-05-05 0:18 ` [PATCH net-next v2 10/10] net: phy: Send notifier when starting the " Andrew Lunn
2020-05-05 3:25 ` Florian Fainelli
2020-05-05 11:32 ` Michal Kubecek
2020-05-05 13:35 ` Andrew Lunn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200505131936.GF208718@lunn.ch \
--to=andrew@lunn.ch \
--cc=cphealy@gmail.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=hkallweit1@gmail.com \
--cc=michael@walle.cc \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).