lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8b947cec-f559-40b4-a0e0-7a506fd89341@gmail.com>
Date: Fri, 23 May 2025 08:19:26 -0700
From: Florian Fainelli <f.fainelli@...il.com>
To: Wei Fang <wei.fang@....com>, andrew@...n.ch, hkallweit1@...il.com,
 linux@...linux.org.uk, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, xiaolei.wang@...driver.com
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, imx@...ts.linux.dev
Subject: Re: [PATCH v2 net] net: phy: clear phydev->devlink when the link is
 deleted



On 5/23/2025 1:37 AM, Wei Fang wrote:
> There is a potential crash issue when disabling and re-enabling the
> network port. When disabling the network port, phy_detach() calls
> device_link_del() to remove the device link, but it does not clear
> phydev->devlink, so phydev->devlink is not a NULL pointer. Then the
> network port is re-enabled, but if phy_attach_direct() fails before
> calling device_link_add(), the code jumps to the "error" label and
> calls phy_detach(). Since phydev->devlink retains the old value from
> the previous attach/detach cycle, device_link_del() uses the old value,
> which accesses a NULL pointer and causes a crash. The simplified crash
> log is as follows.
> 
> [   24.702421] Call trace:
> [   24.704856]  device_link_put_kref+0x20/0x120
> [   24.709124]  device_link_del+0x30/0x48
> [   24.712864]  phy_detach+0x24/0x168
> [   24.716261]  phy_attach_direct+0x168/0x3a4
> [   24.720352]  phylink_fwnode_phy_connect+0xc8/0x14c
> [   24.725140]  phylink_of_phy_connect+0x1c/0x34
> 
> Therefore, phydev->devlink needs to be cleared when the device link is
> deleted.
> 
> Fixes: bc66fa87d4fd ("net: phy: Add link between phy dev and mac dev")
> Signed-off-by: Wei Fang <wei.fang@....com>

Reviewed-by: Florian Fainelli <florian.fainelli@...adcom.com>
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ