lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACKFLinXhq9G1nn301OEjTH+E_31RmnDPwQ=VSEMD=+FVGiuaQ@mail.gmail.com>
Date: Mon, 5 Jan 2026 10:29:33 -0800
From: Michael Chan <michael.chan@...adcom.com>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: Pavan Chebbi <pavan.chebbi@...adcom.com>, Breno Leitao <leitao@...ian.org>, 
	Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	Richard Cochran <richardcochran@...il.com>, Vadim Fedorenko <vadim.fedorenko@...ux.dev>, 
	Vladimir Oltean <vladimir.oltean@....com>, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, kernel-team@...a.com, stable@...r.kernel.org
Subject: Re: [PATCH net v2] bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable
 during error cleanup

On Mon, Jan 5, 2026 at 10:03 AM Russell King (Oracle)
<linux@...linux.org.uk> wrote:
>
> I'd like to restate my question, as it is the crux of the issue: as
> the PTP clock remains registered during the firmware change,
> userspace can interact with that device in every way possible.
>
> If the firmware is in the process of being changed, and e.g.
> bnxt_ptp_enable() were to be called by way of userspace interacting
> with the PTP clock, we have already established that bnxt_ptp_enable()
> will talk to the firmware - but what happens if bnxt_ptp_enable()
> attempts to while the firmware is being changed? Is this safe?
>

I believe we have code to deal with that.  During FW
upgrade/downgrade/reset, the BNXT_STATE_IN_FW_RESET flag should be
set.  The operation that needs to be avoided in this window is reading
the clock registers.  A quick check of the code shows that we take the
ptp_lock and check the flag before we call readl().

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5469 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ