[PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
@ 2022-06-29 19:33 Vladimir Oltean
  2022-06-29 19:42 ` Russell King (Oracle)
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Vladimir Oltean @ 2022-06-29 19:33 UTC (permalink / raw)
  To: netdev
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Russell King (Oracle), Russell King, Andrew Lunn, Heiner Kallweit

The current link mode of the phylink instance may not require an
attached PCS. However, phylink_major_config() unconditionally
dereferences this potentially NULL pointer when restarting the link poll
timer, which will panic the kernel.

Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
otherwise do nothing. The code prior to the blamed patch also only
looked at pcs->poll within an "if (pcs)" block.

Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
---
 drivers/net/phy/phylink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c
index 1a7550f5fdf5..48f0b9b39491 100644
--- a/drivers/net/phy/phylink.c
+++ b/drivers/net/phy/phylink.c
@@ -766,7 +766,7 @@ static void phylink_pcs_poll_stop(struct phylink *pl)
 
 static void phylink_pcs_poll_start(struct phylink *pl)
 {
-	if (pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
+	if (pl->pcs && pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
 		mod_timer(&pl->link_poll, jiffies + HZ);
 }
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-29 19:33 [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start Vladimir Oltean
@ 2022-06-29 19:42 ` Russell King (Oracle)
  2022-06-29 20:14   ` Gerhard Engleder
  2022-06-30 11:41 ` Michael Walle
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 7+ messages in thread
From: Russell King (Oracle) @ 2022-06-29 19:42 UTC (permalink / raw)
  To: Vladimir Oltean
  Cc: netdev, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Andrew Lunn, Heiner Kallweit

On Wed, Jun 29, 2022 at 10:33:58PM +0300, Vladimir Oltean wrote:
> The current link mode of the phylink instance may not require an
> attached PCS. However, phylink_major_config() unconditionally
> dereferences this potentially NULL pointer when restarting the link poll
> timer, which will panic the kernel.
> 
> Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
> otherwise do nothing. The code prior to the blamed patch also only
> looked at pcs->poll within an "if (pcs)" block.
> 
> Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

Thanks.

Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-29 19:42 ` Russell King (Oracle)
@ 2022-06-29 20:14   ` Gerhard Engleder
  0 siblings, 0 replies; 7+ messages in thread
From: Gerhard Engleder @ 2022-06-29 20:14 UTC (permalink / raw)
  To: Russell King (Oracle), Vladimir Oltean
  Cc: netdev, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Andrew Lunn, Heiner Kallweit


On 29.06.22 21:42, Russell King (Oracle) wrote:
> On Wed, Jun 29, 2022 at 10:33:58PM +0300, Vladimir Oltean wrote:
>> The current link mode of the phylink instance may not require an
>> attached PCS. However, phylink_major_config() unconditionally
>> dereferences this potentially NULL pointer when restarting the link poll
>> timer, which will panic the kernel.
>>
>> Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
>> otherwise do nothing. The code prior to the blamed patch also only
>> looked at pcs->poll within an "if (pcs)" block.
>>
>> Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
>> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
> Thanks.
>
> Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
>
Fixes the problem on my side.

Tested-by: Gerhard Engleder <gerhard@engleder-embedded.com>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-29 19:33 [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start Vladimir Oltean
  2022-06-29 19:42 ` Russell King (Oracle)
@ 2022-06-30 11:41 ` Michael Walle
  2022-06-30 13:46 ` Nicolas Ferre
  2022-06-30 19:30 ` patchwork-bot+netdevbpf
  3 siblings, 0 replies; 7+ messages in thread
From: Michael Walle @ 2022-06-30 11:41 UTC (permalink / raw)
  To: vladimir.oltean
  Cc: andrew, davem, edumazet, hkallweit1, kuba, linux, netdev, pabeni,
	rmk+kernel, Michael Walle

> The current link mode of the phylink instance may not require an
> attached PCS. However, phylink_major_config() unconditionally
> dereferences this potentially NULL pointer when restarting the link poll
> timer, which will panic the kernel.
> 
> Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
> otherwise do nothing. The code prior to the blamed patch also only
> looked at pcs->poll within an "if (pcs)" block.
> 
> Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

Tested-by: Michael Walle <michael@walle.cc> # on kontron-kbox-a-230-ls

-michael

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-29 19:33 [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start Vladimir Oltean
  2022-06-29 19:42 ` Russell King (Oracle)
  2022-06-30 11:41 ` Michael Walle
@ 2022-06-30 13:46 ` Nicolas Ferre
  2022-06-30 14:50   ` Russell King (Oracle)
  2022-06-30 19:30 ` patchwork-bot+netdevbpf
  3 siblings, 1 reply; 7+ messages in thread
From: Nicolas Ferre @ 2022-06-30 13:46 UTC (permalink / raw)
  To: Vladimir Oltean, netdev
  Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	Russell King (Oracle), Russell King, Andrew Lunn, Heiner Kallweit,
	Claudiu Beznea, Santiago Esteban

Vladimir, Russell,

On 29/06/2022 at 21:33, Vladimir Oltean wrote:
> The current link mode of the phylink instance may not require an
> attached PCS. However, phylink_major_config() unconditionally
> dereferences this potentially NULL pointer when restarting the link poll
> timer, which will panic the kernel.
> 
> Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
> otherwise do nothing. The code prior to the blamed patch also only
> looked at pcs->poll within an "if (pcs)" block.
> 
> Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
> ---
>   drivers/net/phy/phylink.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c
> index 1a7550f5fdf5..48f0b9b39491 100644
> --- a/drivers/net/phy/phylink.c
> +++ b/drivers/net/phy/phylink.c
> @@ -766,7 +766,7 @@ static void phylink_pcs_poll_stop(struct phylink *pl)
>   
>   static void phylink_pcs_poll_start(struct phylink *pl)
>   {
> -	if (pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
> +	if (pl->pcs && pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
>   		mod_timer(&pl->link_poll, jiffies + HZ);
>   }
>   

Fixes the NULL pointer on my boards:
Tested-by: Nicolas Ferre <nicolas.ferre@microchip.com> # on sam9x60ek

Best regards,
   Nicolas


-- 
Nicolas Ferre

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-30 13:46 ` Nicolas Ferre
@ 2022-06-30 14:50   ` Russell King (Oracle)
  0 siblings, 0 replies; 7+ messages in thread
From: Russell King (Oracle) @ 2022-06-30 14:50 UTC (permalink / raw)
  To: Nicolas Ferre
  Cc: Vladimir Oltean, netdev, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Andrew Lunn, Heiner Kallweit,
	Claudiu Beznea, Santiago Esteban

On Thu, Jun 30, 2022 at 03:46:54PM +0200, Nicolas Ferre wrote:
> Vladimir, Russell,
> 
> On 29/06/2022 at 21:33, Vladimir Oltean wrote:
> > The current link mode of the phylink instance may not require an
> > attached PCS. However, phylink_major_config() unconditionally
> > dereferences this potentially NULL pointer when restarting the link poll
> > timer, which will panic the kernel.
> > 
> > Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
> > otherwise do nothing. The code prior to the blamed patch also only
> > looked at pcs->poll within an "if (pcs)" block.
> > 
> > Fixes: bfac8c490d60 ("net: phylink: disable PCS polling over major configuration")
> > Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
> > ---
> >   drivers/net/phy/phylink.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c
> > index 1a7550f5fdf5..48f0b9b39491 100644
> > --- a/drivers/net/phy/phylink.c
> > +++ b/drivers/net/phy/phylink.c
> > @@ -766,7 +766,7 @@ static void phylink_pcs_poll_stop(struct phylink *pl)
> >   static void phylink_pcs_poll_start(struct phylink *pl)
> >   {
> > -	if (pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
> > +	if (pl->pcs && pl->pcs->poll && pl->cfg_link_an_mode == MLO_AN_INBAND)
> >   		mod_timer(&pl->link_poll, jiffies + HZ);
> >   }
> 
> Fixes the NULL pointer on my boards:
> Tested-by: Nicolas Ferre <nicolas.ferre@microchip.com> # on sam9x60ek

Thanks all, hopefully it'll get applied to net-next soon.

Sadly, this slipped through my testing, as the only platform I have
access to at the moment always supplies a PCS (mvneta based) so there's
no way my testing would ever have caught this. Sorry for the problems.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
  2022-06-29 19:33 [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start Vladimir Oltean
                   ` (2 preceding siblings ...)
  2022-06-30 13:46 ` Nicolas Ferre
@ 2022-06-30 19:30 ` patchwork-bot+netdevbpf
  3 siblings, 0 replies; 7+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-06-30 19:30 UTC (permalink / raw)
  To: Vladimir Oltean
  Cc: netdev, davem, edumazet, kuba, pabeni, rmk+kernel, linux, andrew,
	hkallweit1

Hello:

This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Wed, 29 Jun 2022 22:33:58 +0300 you wrote:
> The current link mode of the phylink instance may not require an
> attached PCS. However, phylink_major_config() unconditionally
> dereferences this potentially NULL pointer when restarting the link poll
> timer, which will panic the kernel.
> 
> Fix the problem by checking whether a PCS exists in phylink_pcs_poll_start(),
> otherwise do nothing. The code prior to the blamed patch also only
> looked at pcs->poll within an "if (pcs)" block.
> 
> [...]

Here is the summary with links:
  - [net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start
    https://git.kernel.org/netdev/net-next/c/b7d78b46d5e8

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-06-30 19:30 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-29 19:33 [PATCH net-next] net: phylink: fix NULL pl->pcs dereference during phylink_pcs_poll_start Vladimir Oltean
2022-06-29 19:42 ` Russell King (Oracle)
2022-06-29 20:14   ` Gerhard Engleder
2022-06-30 11:41 ` Michael Walle
2022-06-30 13:46 ` Nicolas Ferre
2022-06-30 14:50   ` Russell King (Oracle)
2022-06-30 19:30 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).