| Message ID | 20240910174636.857352-1-maxime.chevallier@bootlin.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands | expand |
On Tue, Sep 10, 2024 at 7:46 PM Maxime Chevallier <maxime.chevallier@bootlin.com> wrote: > > When processing the netlink GET requests to get PHY info, the req_info.pdn > pointer is NULL when no PHY matches the requested parameters, such as when > the phy_index is invalid, or there's simply no PHY attached to the > interface. > > Therefore, check the req_info.pdn pointer for NULL instead of > dereferencing it. > > Suggested-by: Eric Dumazet <edumazet@google.com> > Reported-by: Eric Dumazet <edumazet@google.com> > Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285 > Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface") > Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> > --- Thanks, there is another issue found by syzbot BTW (one imbalanced netdev_put()) Reviewed-by: Eric Dumazet <edumazet@google.com>
Hi Eric, On Wed, 11 Sep 2024 09:26:23 +0200 Eric Dumazet <edumazet@google.com> wrote: > On Tue, Sep 10, 2024 at 7:46 PM Maxime Chevallier > <maxime.chevallier@bootlin.com> wrote: > > > > When processing the netlink GET requests to get PHY info, the req_info.pdn > > pointer is NULL when no PHY matches the requested parameters, such as when > > the phy_index is invalid, or there's simply no PHY attached to the > > interface. > > > > Therefore, check the req_info.pdn pointer for NULL instead of > > dereferencing it. > > > > Suggested-by: Eric Dumazet <edumazet@google.com> > > Reported-by: Eric Dumazet <edumazet@google.com> > > Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285 > > Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface") > > Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> > > --- > > Thanks, there is another issue found by syzbot BTW (one imbalanced netdev_put()) Sorry for asking that, but I missed the report from this current patch, as well as the one you're referring to. I've looked-up the netdev archive and the syzbot web interface [1] and found no reports for both issues. I am clearly not looking at the right place, and/or I probably need to open my eyes a bit more. Can you point me to the report in question ? [1] : https://syzkaller.appspot.com/upstream/s/net > > Reviewed-by: Eric Dumazet <edumazet@google.com> Thanks for the review, Maxime
Hi, On Wed, 11 Sep 2024 10:33:22 +0200 Maxime Chevallier <maxime.chevallier@bootlin.com> wrote: > Sorry for asking that, but I missed the report from this current patch, > as well as the one you're referring to. I've looked-up the netdev > archive and the syzbot web interface [1] and found no reports for both > issues. I am clearly not looking at the right place, and/or I probably > need to open my eyes a bit more. Heh my bad, I just received the report in question. Looks like you are getting these before I do :) Thanks, Maxime
On Wed, Sep 11, 2024 at 10:37 AM Maxime Chevallier <maxime.chevallier@bootlin.com> wrote: > > Hi, > > On Wed, 11 Sep 2024 10:33:22 +0200 > Maxime Chevallier <maxime.chevallier@bootlin.com> wrote: > > > > Sorry for asking that, but I missed the report from this current patch, > > as well as the one you're referring to. I've looked-up the netdev > > archive and the syzbot web interface [1] and found no reports for both > > issues. I am clearly not looking at the right place, and/or I probably > > need to open my eyes a bit more. > > Heh my bad, I just received the report in question. Looks like you are > getting these before I do :) I triage the reports, to avoid flooding mailing list with duplicates, and possibly catch very serious security bugs. I usually wait for some consistent signal like a repro, so that a single email is sent to the list.
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Tue, 10 Sep 2024 19:46:35 +0200 you wrote: > When processing the netlink GET requests to get PHY info, the req_info.pdn > pointer is NULL when no PHY matches the requested parameters, such as when > the phy_index is invalid, or there's simply no PHY attached to the > interface. > > Therefore, check the req_info.pdn pointer for NULL instead of > dereferencing it. > > [...] Here is the summary with links: - [net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands https://git.kernel.org/netdev/net-next/c/fce1e9f86af1 You are awesome, thank you!
diff --git a/net/ethtool/phy.c b/net/ethtool/phy.c index 560dd039c662..4ef7c6e32d10 100644 --- a/net/ethtool/phy.c +++ b/net/ethtool/phy.c @@ -164,7 +164,7 @@ int ethnl_phy_doit(struct sk_buff *skb, struct genl_info *info) goto err_unlock_rtnl; /* No PHY, return early */ - if (!req_info.pdn->phy) + if (!req_info.pdn) goto err_unlock_rtnl; ret = ethnl_phy_reply_size(&req_info.base, info->extack);
When processing the netlink GET requests to get PHY info, the req_info.pdn pointer is NULL when no PHY matches the requested parameters, such as when the phy_index is invalid, or there's simply no PHY attached to the interface. Therefore, check the req_info.pdn pointer for NULL instead of dereferencing it. Suggested-by: Eric Dumazet <edumazet@google.com> Reported-by: Eric Dumazet <edumazet@google.com> Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285 Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface") Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> --- Hi, I'm targetting net-next as the commit this patch fixes is still in net-next. net/ethtool/phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)