| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251220195607.wz4rykcbczjjeh76@skbuf>
Date: Sat, 20 Dec 2025 21:56:07 +0200
From: Vladimir Oltean <vladimir.oltean@....com>
To: Jerry Wu <w.7erry@...mail.com>
Cc: claudiu.manoil@....com, alexandre.belloni@...tlin.com,
UNGLinuxDriver@...rochip.com, andrew+netdev@...n.ch,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v2] net: mscc: ocelot: Fix crash when adding
interface under a lag
Hi Jerry,
On Sat, Dec 20, 2025 at 07:01:23PM +0000, Jerry Wu wrote:
> Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag")
> fixed a similar issue in the lan966x driver caused by a NULL pointer dereference.
> The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic
> and is susceptible to the same crash.
>
> This issue specifically affects the ocelot_vsc7514.c frontend, which leaves
> unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as
> it uses the DSA framework which registers all ports.
>
> Fix this by checking if the port pointer is valid before accessing it.
>
> Fixes: 528d3f190c98 ("net: mscc: ocelot: drop the use of the "lags" array")
> Signed-off-by: Jerry Wu <w.7erry@...mail.com>
> ---
The 4th item in maintainer-netdev.rst is "don't repost your patches
within one 24h period". This would have given me more than 4 minutes
between your v2 and... v2 (?!) to leave extra comments.
The area below "---" in the patch is discarded when applying the patch.
It is recommended that you use it for patch change information between
versions. You copied a bunch of new people in v2 which have no reference
to v1. Find your patches on https://lore.kernel.org/netdev/ and
https://lore.kernel.org/lkml/ and reference them, and explain the
changes you've made.
> drivers/net/ethernet/mscc/ocelot.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c
> index 08bee56aea35..6f917fd7af4d 100644
> --- a/drivers/net/ethernet/mscc/ocelot.c
> +++ b/drivers/net/ethernet/mscc/ocelot.c
> @@ -2307,14 +2307,16 @@ static void ocelot_set_aggr_pgids(struct ocelot *ocelot)
>
> /* Now, set PGIDs for each active LAG */
> for (lag = 0; lag < ocelot->num_phys_ports; lag++) {
> - struct net_device *bond = ocelot->ports[lag]->bond;
> + struct ocelot_port *ocelot_port = ocelot->ports[lag];
> int num_active_ports = 0;
> + struct net_device *bond;
> unsigned long bond_mask;
> u8 aggr_idx[16];
>
> - if (!bond || (visited & BIT(lag)))
> + if (!ocelot_port || !ocelot_port->bond || (visited & BIT(lag)))
> continue;
>
> + bond = ocelot_port->bond;
> bond_mask = ocelot_get_bond_mask(ocelot, bond);
Because the "bond" variable is used only once, I had a review comment in
v1 to delete it, and leave the code with just this:
bond_mask = ocelot_get_bond_mask(ocelot, ocelot_port->bond);
You didn't leave any reason for disregarding this element of the feedback.
>
> for_each_set_bit(port, &bond_mask, ocelot->num_phys_ports) {
> --
> 2.52.0
>
Powered by blists - more mailing lists