lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250924-meteoric-spectral-wasp-e09db7-mkl@pengutronix.de>
Date: Wed, 24 Sep 2025 11:03:55 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Matthieu Baerts <matttbe@...nel.org>
Cc: netdev@...r.kernel.org, davem@...emloft.net, kuba@...nel.org, 
	linux-can@...r.kernel.org, kernel@...gutronix.de, Chen Yufeng <chenyufeng@....ac.cn>, 
	Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH net 1/7] can: hi311x: fix null pointer dereference when
 resuming from sleep before interface was enabled: manual merge

On 24.09.2025 09:53:42, Matthieu Baerts wrote:
> Hello,
> 
> On 23/09/2025 08:32, Marc Kleine-Budde wrote:
> > From: Chen Yufeng <chenyufeng@....ac.cn>
> > 
> > This issue is similar to the vulnerability in the `mcp251x` driver,
> > which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from
> > sleep before interface was brought up").
> > 
> > In the `hi311x` driver, when the device resumes from sleep, the driver
> > schedules `priv->restart_work`. However, if the network interface was
> > not previously enabled, the `priv->wq` (workqueue) is not allocated and
> > initialized, leading to a null pointer dereference.
> > 
> > To fix this, we move the allocation and initialization of the workqueue
> > from the `hi3110_open` function to the `hi3110_can_probe` function.
> > This ensures that the workqueue is properly initialized before it is
> > used during device resume. And added logic to destroy the workqueue
> > in the error handling paths of `hi3110_can_probe` and in the
> > `hi3110_can_remove` function to prevent resource leaks.
> 
> FYI, we got a small conflict when merging 'net' in 'net-next' in the
> MPTCP tree due to this patch applied in 'net':

Thanks for the heads up!

>   6b6968084721 ("can: hi311x: fix null pointer dereference when resuming
> from sleep before interface was enabled")
> 
> and this one from 'net-next':
> 
>   27ce71e1ce81 ("net: WQ_PERCPU added to alloc_workqueue users")
> 
> ----- Generic Message -----
> The best is to avoid conflicts between 'net' and 'net-next' trees but if
> they cannot be avoided when preparing patches, a note about how to fix
> them is much appreciated.
> The conflict has been resolved on our side[1] and the resolution we
> suggest is attached to this email. Please report any issues linked to
> this conflict resolution as it might be used by others. If you worked on
> the mentioned patches, don't hesitate to ACK this conflict resolution.
> ---------------------------
> 
> Regarding this conflict, I simply added "WQ_PERCPU" flag to
> alloc_workqueue() in hi3110_can_probe() -- the new location after the
> modification in 'net' -- instead of in hi3110_open().
> 
> Rerere cache is available in [2].

Looks good to me!

Thanks,
Marc

-- 
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung Nürnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ