lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <72ce7599-1b5b-464a-a5de-228ff9724701@kernel.org>
Date: Wed, 24 Sep 2025 09:53:42 +0100
From: Matthieu Baerts <matttbe@...nel.org>
To: Marc Kleine-Budde <mkl@...gutronix.de>, netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, linux-can@...r.kernel.org,
 kernel@...gutronix.de, Chen Yufeng <chenyufeng@....ac.cn>,
 Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH net 1/7] can: hi311x: fix null pointer dereference when
 resuming from sleep before interface was enabled: manual merge

Hello,

On 23/09/2025 08:32, Marc Kleine-Budde wrote:
> From: Chen Yufeng <chenyufeng@....ac.cn>
> 
> This issue is similar to the vulnerability in the `mcp251x` driver,
> which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from
> sleep before interface was brought up").
> 
> In the `hi311x` driver, when the device resumes from sleep, the driver
> schedules `priv->restart_work`. However, if the network interface was
> not previously enabled, the `priv->wq` (workqueue) is not allocated and
> initialized, leading to a null pointer dereference.
> 
> To fix this, we move the allocation and initialization of the workqueue
> from the `hi3110_open` function to the `hi3110_can_probe` function.
> This ensures that the workqueue is properly initialized before it is
> used during device resume. And added logic to destroy the workqueue
> in the error handling paths of `hi3110_can_probe` and in the
> `hi3110_can_remove` function to prevent resource leaks.

FYI, we got a small conflict when merging 'net' in 'net-next' in the
MPTCP tree due to this patch applied in 'net':

  6b6968084721 ("can: hi311x: fix null pointer dereference when resuming
from sleep before interface was enabled")

and this one from 'net-next':

  27ce71e1ce81 ("net: WQ_PERCPU added to alloc_workqueue users")

----- Generic Message -----
The best is to avoid conflicts between 'net' and 'net-next' trees but if
they cannot be avoided when preparing patches, a note about how to fix
them is much appreciated.
The conflict has been resolved on our side[1] and the resolution we
suggest is attached to this email. Please report any issues linked to
this conflict resolution as it might be used by others. If you worked on
the mentioned patches, don't hesitate to ACK this conflict resolution.
---------------------------

Regarding this conflict, I simply added "WQ_PERCPU" flag to
alloc_workqueue() in hi3110_can_probe() -- the new location after the
modification in 'net' -- instead of in hi3110_open().

Rerere cache is available in [2].

Cheers,
Matt

1: https://github.com/multipath-tcp/mptcp_net-next/commit/4ef39a01f1f0
2: https://github.com/multipath-tcp/mptcp-upstream-rr-cache/commit/1a8b8
-- 
Sponsored by the NGI0 Core fund.

View attachment "4ef39a01f1f0d195d0d4daae6312d1ae71d59188.patch" of type "text/x-patch" (682 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ