lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250806082512.3288872-1-xu.yang_2@nxp.com>
Date: Wed,  6 Aug 2025 16:25:12 +0800
From: Xu Yang <xu.yang_2@....com>
To: andrew@...n.ch,
	hkallweit1@...il.com,
	linux@...linux.org.uk,
	o.rempel@...gutronix.de,
	pabeni@...hat.com
Cc: netdev@...r.kernel.org,
	imx@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] net: phy: fix NULL pointer dereference in phy_polling_mode()

Not all phy devices have phy driver attached, so fix the NULL pointer
dereference issue in phy_polling_mode() which was observed on USB net
devices.

[   31.494735] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001b8
[   31.503512] Mem abort info:
[   31.506298]   ESR = 0x0000000096000004
[   31.510054]   EC = 0x25: DABT (current EL), IL = 32 bits
[   31.515355]   SET = 0, FnV = 0
[   31.518408]   EA = 0, S1PTW = 0
[   31.521543]   FSC = 0x04: level 0 translation fault
[   31.526420] Data abort info:
[   31.529300]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[   31.534778]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   31.539823]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   31.545125] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000085a33000
[   31.551558] [00000000000001b8] pgd=0000000000000000, p4d=0000000000000000
[   31.558345] Internal error: Oops: 0000000096000004 [#1]  SMP
[   31.563987] Modules linked in:
[   31.567032] CPU: 1 UID: 0 PID: 38 Comm: kworker/u8:1 Not tainted 6.15.0-rc7-next-20250523-06662-gdb11f7daf2b1-dirty #300 PREEMPT
[   31.578659] Hardware name: NXP i.MX93 11X11 EVK board (DT)
[   31.584129] Workqueue: events_power_efficient phy_state_machine
[   31.590048] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   31.596998] pc : _phy_state_machine+0x120/0x310
[   31.601513] lr : _phy_state_machine+0xc8/0x310
[   31.605942] sp : ffff8000827ebd20
[   31.609244] x29: ffff8000827ebd30 x28: 0000000000000000 x27: 0000000000000000
[   31.616368] x26: ffff000004014028 x25: ffff000004c24b80 x24: ffff000004013a05
[   31.623492] x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
[   31.630616] x20: ffff00000881fea0 x19: ffff000008515000 x18: 0000000000000006
[   31.637740] x17: 3a76726420303030 x16: 35313538303a7665 x15: 647968702030303a
[   31.644864] x14: ffff000004ea9200 x13: 3030303030303030 x12: ffff800082057068
[   31.651988] x11: 0000000000000058 x10: 000001067f7cd7af x9 : ffff000004ea9200
[   31.659112] x8 : 000000000004341b x7 : ffff000004ea9200 x6 : 00000000000002d6
[   31.666236] x5 : ffff00007fb99308 x4 : 0000000000000000 x3 : 0000000000000000
[   31.673360] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
[   31.680485] Call trace:
[   31.682920]  _phy_state_machine+0x120/0x310 (P)
[   31.687444]  phy_state_machine+0x2c/0x80
[   31.691360]  process_one_work+0x148/0x290
[   31.695364]  worker_thread+0x2c8/0x3e4
[   31.699108]  kthread+0x12c/0x204
[   31.702333]  ret_from_fork+0x10/0x20
[   31.705906] Code: f941be60 b9442261 71001c3f 54000d00 (f940dc02)

Fixes: f2bc1c265572 ("net: phy: introduce optional polling interface for PHY statistics")
Cc: stable@...r.kernel.org
Signed-off-by: Xu Yang <xu.yang_2@....com>
---
 include/linux/phy.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/include/linux/phy.h b/include/linux/phy.h
index 4c2b8b6e7187..068071646a8b 100644
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -1632,12 +1632,14 @@ static inline bool phy_interrupt_is_valid(struct phy_device *phydev)
  */
 static inline bool phy_polling_mode(struct phy_device *phydev)
 {
-	if (phydev->state == PHY_CABLETEST)
-		if (phydev->drv->flags & PHY_POLL_CABLE_TEST)
-			return true;
+	if (phydev->drv) {
+		if (phydev->state == PHY_CABLETEST)
+			if (phydev->drv->flags & PHY_POLL_CABLE_TEST)
+				return true;
 
-	if (phydev->drv->update_stats)
-		return true;
+		if (phydev->drv->update_stats)
+			return true;
+	}
 
 	return phydev->irq == PHY_POLL;
 }
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ