From: Sergej Bauer <sbauer@blackbox.su>
To: unlisted-recipients:; (no To-header on input)
Cc: andrew@lunn.ch, Markus.Elfring@web.de, thesven73@gmail.com,
sbauer@blackbox.su, Jakub Kicinski <kuba@kernel.org>,
Bryan Whitehead <bryan.whitehead@microchip.com>,
Microchip Linux Driver Support <UNGLinuxDriver@microchip.com>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4] lan743x: fix for potential NULL pointer dereference with bare card
Date: Tue, 15 Dec 2020 19:12:45 +0300 [thread overview]
Message-ID: <20201215161252.8448-1-sbauer@blackbox.su> (raw)
In-Reply-To: <20201127083925.4813c57a@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
This is the 4th revision of the patch fix for potential null pointer dereference
with lan743x card.
The simpliest way to reproduce: boot with bare lan743x and issue "ethtool ethN"
command where ethN is the interface with lan743x card. Example:
$ sudo ethtool eth7
dmesg:
[ 103.510336] BUG: kernel NULL pointer dereference, address: 0000000000000340
...
[ 103.510836] RIP: 0010:phy_ethtool_get_wol+0x5/0x30 [libphy]
...
[ 103.511629] Call Trace:
[ 103.511666] lan743x_ethtool_get_wol+0x21/0x40 [lan743x]
[ 103.511724] dev_ethtool+0x1507/0x29d0
[ 103.511769] ? avc_has_extended_perms+0x17f/0x440
[ 103.511820] ? tomoyo_init_request_info+0x84/0x90
[ 103.511870] ? tomoyo_path_number_perm+0x68/0x1e0
[ 103.511919] ? tty_insert_flip_string_fixed_flag+0x82/0xe0
[ 103.511973] ? inet_ioctl+0x187/0x1d0
[ 103.512016] dev_ioctl+0xb5/0x560
[ 103.512055] sock_do_ioctl+0xa0/0x140
[ 103.512098] sock_ioctl+0x2cb/0x3c0
[ 103.512139] __x64_sys_ioctl+0x84/0xc0
[ 103.512183] do_syscall_64+0x33/0x80
[ 103.512224] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 103.512274] RIP: 0033:0x7f54a9cba427
...
Previous versions can be found at:
v1:
initial version
https://lkml.org/lkml/2020/10/28/921
v2:
do not return from lan743x_ethtool_set_wol if netdev->phydev == NULL, just skip
the call of phy_ethtool_set_wol() instead.
https://lkml.org/lkml/2020/10/31/380
v3:
in function lan743x_ethtool_set_wol:
use ternary operator instead of if-else sentence (review by Markus Elfring)
return -ENETDOWN instead of -EIO (review by Andrew Lunn)
v4:
Sven Van Asbruck noticed that the patch was being applied cleanly to the 5.9
branch, so the tag “Fixes” was added as Jakub suggested.
Signed-off-by: Sergej Bauer <sbauer@blackbox.su>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Fixes: 4d94282afd95 ("lan743x: Add power management support")
---
diff --git a/drivers/net/ethernet/microchip/lan743x_ethtool.c b/drivers/net/ethernet/microchip/lan743x_ethtool.c
index dcde496da7fb..c5de8f46cdd3 100644
--- a/drivers/net/ethernet/microchip/lan743x_ethtool.c
+++ b/drivers/net/ethernet/microchip/lan743x_ethtool.c
@@ -780,7 +780,9 @@ static void lan743x_ethtool_get_wol(struct net_device *netdev,
wol->supported = 0;
wol->wolopts = 0;
- phy_ethtool_get_wol(netdev->phydev, wol);
+
+ if (netdev->phydev)
+ phy_ethtool_get_wol(netdev->phydev, wol);
wol->supported |= WAKE_BCAST | WAKE_UCAST | WAKE_MCAST |
WAKE_MAGIC | WAKE_PHY | WAKE_ARP;
@@ -809,9 +811,8 @@ static int lan743x_ethtool_set_wol(struct net_device *netdev,
device_set_wakeup_enable(&adapter->pdev->dev, (bool)wol->wolopts);
- phy_ethtool_set_wol(netdev->phydev, wol);
-
- return 0;
+ return netdev->phydev ? phy_ethtool_set_wol(netdev->phydev, wol)
+ : -ENETDOWN;
}
#endif /* CONFIG_PM */
next prev parent reply other threads:[~2020-12-15 16:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <220201101203820.GD1109407@lunn.ch>
2020-11-01 22:35 ` [PATCH v3] lan743x: fix for potential NULL pointer dereference with bare card Sergej Bauer
2020-11-04 1:38 ` Jakub Kicinski
2020-11-04 19:46 ` Sergej Bauer
2020-11-26 14:22 ` Sven Van Asbroeck
2020-11-27 8:39 ` Sergej Bauer
2020-11-27 16:39 ` Jakub Kicinski
2020-12-15 16:12 ` Sergej Bauer [this message]
2020-12-15 23:39 ` [PATCH v4] " patchwork-bot+netdevbpf
2020-12-16 1:12 ` Jakub Kicinski
2020-12-16 1:35 ` Sergej Bauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201215161252.8448-1-sbauer@blackbox.su \
--to=sbauer@blackbox.su \
--cc=Markus.Elfring@web.de \
--cc=UNGLinuxDriver@microchip.com \
--cc=andrew@lunn.ch \
--cc=bryan.whitehead@microchip.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=thesven73@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).