lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZLaiJ4G6TaJYGJyU@shell.armlinux.org.uk>
Date: Tue, 18 Jul 2023 15:31:03 +0100
From: "Russell King (Oracle)" <linux@...linux.org.uk>
To: Vladimir Oltean <vladimir.oltean@....com>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Andrew Lunn <andrew@...n.ch>,
	Florian Fainelli <f.fainelli@...il.com>,
	Maxim Georgiev <glipus@...il.com>,
	Horatiu Vultur <horatiu.vultur@...rochip.com>,
	Köry Maincent <kory.maincent@...tlin.com>,
	Maxime Chevallier <maxime.chevallier@...tlin.com>,
	Richard Cochran <richardcochran@...il.com>,
	Vadim Fedorenko <vadim.fedorenko@...ux.dev>,
	Gerhard Engleder <gerhard@...leder-embedded.com>,
	Hangbin Liu <liuhangbin@...il.com>,
	Heiner Kallweit <hkallweit1@...il.com>,
	Jacob Keller <jacob.e.keller@...el.com>,
	Jay Vosburgh <j.vosburgh@...il.com>,
	Andy Gospodarek <andy@...yhouse.net>, Wei Fang <wei.fang@....com>,
	Shenwei Wang <shenwei.wang@....com>,
	Clark Wang <xiaoning.wang@....com>,
	NXP Linux Team <linux-imx@....com>, UNGLinuxDriver@...rochip.com,
	Lars Povlsen <lars.povlsen@...rochip.com>,
	Steen Hegelund <Steen.Hegelund@...rochip.com>,
	Daniel Machon <daniel.machon@...rochip.com>,
	Simon Horman <simon.horman@...igine.com>,
	Casper Andersson <casper.casan@...il.com>,
	Sergey Organov <sorganov@...il.com>,
	Michal Kubecek <mkubecek@...e.cz>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v8 net-next 10/12] net: transfer rtnl_lock() requirement
 from ethtool_set_ethtool_phy_ops() to caller

On Mon, Jul 17, 2023 at 06:27:07PM +0300, Vladimir Oltean wrote:
> phy_init() and phy_exit() will have to do more stuff under rtnl_lock()
> in a future change. Since rtnl_unlock() -> netdev_run_todo() does a lot
> of stuff under the hood, it's a pity to lock and unlock the rtnetlink
> mutex twice in a row.
> 
> Change the calling convention such that the only caller of
> ethtool_set_ethtool_phy_ops(), phy_device.c, provides a context where
> the rtnl_mutex is already acquired.
> 
> Note that phy_exit() wasn't performing the opposite teardown of
> phy_init(). Reverse mdio_bus_init() with ethtool_set_ethtool_phy_ops(),
> so that this is now the case.

To me, this looks buggy.

> @@ -3451,11 +3452,14 @@ static int __init phy_init(void)
>  {
>  	int rc;
>  
> +	rtnl_lock();
> +	ethtool_set_ethtool_phy_ops(&phy_ethtool_phy_ops);
> +	rtnl_unlock();
> +
>  	rc = mdio_bus_init();
>  	if (rc)
>  		return rc;

If mdio_bus_init() fails, and phylib is built as a module, then we
leave ethtool_phy_ops pointing into module space that has potentially
been freed or re-used for another module. This error path needs to
properly clean up.

The same is also true for the other failure paths in phy_init() which
already do not cater for their failures leaving a dangling pointer in
ethtool_phy_ops. This should probably be fixed first in a separate
patch for the net tree.

Thanks.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ