| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250626103731.3986545-1-o.rempel@pengutronix.de> Date: Thu, 26 Jun 2025 12:37:31 +0200 From: Oleksij Rempel <o.rempel@...gutronix.de> To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Woojung Huh <woojung.huh@...rochip.com>, Andrew Lunn <andrew+netdev@...n.ch>, Russell King <rmk+kernel@...linux.org.uk>, Thangaraj Samynathan <Thangaraj.S@...rochip.com>, Rengarajan Sundararajan <Rengarajan.S@...rochip.com> Cc: Oleksij Rempel <o.rempel@...gutronix.de>, Dan Carpenter <dan.carpenter@...aro.org>, kernel@...gutronix.de, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, UNGLinuxDriver@...rochip.com, Phil Elwell <phil@...pberrypi.org>, Maxime Chevallier <maxime.chevallier@...tlin.com>, Simon Horman <horms@...nel.org> Subject: [PATCH net-next v1 1/1] net: usb: lan78xx: fix possible NULL pointer dereference in lan78xx_phy_init() If no PHY device is found (e.g., for LAN7801 in fixed-link mode), lan78xx_phy_init() may proceed to dereference a NULL phydev pointer, leading to a crash. Update the logic to perform MAC configuration first, then check for the presence of a PHY. For the fixed-link case, set up the fixed link and return early, bypassing any code that assumes a valid phydev pointer. It is safe to move lan78xx_mac_prepare_for_phy() earlier because this function only uses information from dev->interface, which is configured by lan78xx_get_phy() beforehand. The function does not access phydev or any data set up by later steps. Reported-by: Dan Carpenter <dan.carpenter@...aro.org> Signed-off-by: Oleksij Rempel <o.rempel@...gutronix.de> --- drivers/net/usb/lan78xx.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index ae37cd235526..6e9dc30b50f9 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -2831,6 +2831,10 @@ static int lan78xx_phy_init(struct lan78xx_net *dev) if (ret < 0) return ret; + ret = lan78xx_mac_prepare_for_phy(dev); + if (ret < 0) + goto phylink_uninit; + /* If no PHY is found, set up a fixed link. It is very specific to * the LAN7801 and is used in special cases like EVB-KSZ9897-1 where * LAN7801 acts as a USB-to-Ethernet interface to a switch without @@ -2840,11 +2844,12 @@ static int lan78xx_phy_init(struct lan78xx_net *dev) ret = lan78xx_set_fixed_link(dev); if (ret < 0) goto phylink_uninit; - } - ret = lan78xx_mac_prepare_for_phy(dev); - if (ret < 0) - goto phylink_uninit; + /* No PHY found, so set up a fixed link and return early. + * No need to configure PHY IRQ or attach to phylink. + */ + return 0; + } /* if phyirq is not set, use polling mode in phylib */ if (dev->domain_data.phyirq > 0) -- 2.39.5
Powered by blists - more mailing lists