lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240911134623.1739633-1-maxime.chevallier@bootlin.com>
Date: Wed, 11 Sep 2024 15:46:21 +0200
From: Maxime Chevallier <maxime.chevallier@...tlin.com>
To: davem@...emloft.net
Cc: Maxime Chevallier <maxime.chevallier@...tlin.com>,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	thomas.petazzoni@...tlin.com,
	Andrew Lunn <andrew@...n.ch>,
	Jakub Kicinski <kuba@...nel.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Paolo Abeni <pabeni@...hat.com>,
	Russell King <linux@...linux.org.uk>,
	linux-arm-kernel@...ts.infradead.org,
	Christophe Leroy <christophe.leroy@...roup.eu>,
	Herve Codina <herve.codina@...tlin.com>,
	Florian Fainelli <f.fainelli@...il.com>,
	Heiner Kallweit <hkallweit1@...il.com>,
	Vladimir Oltean <vladimir.oltean@....com>,
	Köry Maincent <kory.maincent@...tlin.com>,
	Jesse Brandeburg <jesse.brandeburg@...el.com>,
	Marek Behún <kabel@...nel.org>,
	Piergiorgio Beruto <piergiorgio.beruto@...il.com>,
	Oleksij Rempel <o.rempel@...gutronix.de>,
	Nicolò Veronese <nicveronese@...il.com>,
	Simon Horman <horms@...nel.org>,
	mwojtas@...omium.org,
	Nathan Chancellor <nathan@...nel.org>,
	Antoine Tenart <atenart@...nel.org>,
	Marc Kleine-Budde <mkl@...gutronix.de>,
	Dan Carpenter <dan.carpenter@...aro.org>,
	Romain Gantois <romain.gantois@...tlin.com>,
	syzbot+e9ed4e4368d450c8f9db@...kaller.appspotmail.com
Subject: [PATCH net-next] net: ethtool: phy: Clear the netdev context pointer for DUMP requests

The context info allows continuing DUMP requests, shall they fill the
netlink buffer. When performing unfiltered dump request, clear the dev
pointer in the context at the end of the dump, avoiding the release of
the netdevice. In the case of a filtered DUMP, the refcount for the
netdev was held when parsing the header, and is released in the .done()
callback.

Reported-by: syzbot+e9ed4e4368d450c8f9db@...kaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/000000000000d3bf150621d361a7@google.com/
Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface")
Signed-off-by: Maxime Chevallier <maxime.chevallier@...tlin.com>
---
 net/ethtool/phy.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ethtool/phy.c b/net/ethtool/phy.c
index 560dd039c662..99d2a8b6144c 100644
--- a/net/ethtool/phy.c
+++ b/net/ethtool/phy.c
@@ -301,6 +301,11 @@ int ethnl_phy_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 
 			ctx->phy_index = 0;
 		}
+
+		/* Clear the context netdev pointer so avoid a netdev_put from
+		 * the .done() callback
+		 */
+		ctx->phy_req_info->base.dev = NULL;
 	}
 	rtnl_unlock();
 
-- 
2.46.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ