[net] net: phy: Fix possible NULL pointer dereference issues caused by phy_attached_info_irq
| Message ID | 20240112095724.154197-1-chentao@kylinos.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:693c:2614:b0:101:6a76:bbe3 with SMTP id mm20csp67913dyc;
Fri, 12 Jan 2024 01:58:02 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEopLipOOPCG4TqWQvzFy2Oj22cMXZKITfTI3AHumgdOfmWxUU+fQ7/H4O1Z3rNKzoOfjgq
X-Received: by 2002:a17:906:880f:b0:a26:96e8:c027 with SMTP id
zh15-20020a170906880f00b00a2696e8c027mr1147117ejb.28.1705053481841;
Fri, 12 Jan 2024 01:58:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705053481; cv=none;
d=google.com; s=arc-20160816;
b=tAueRoT6APYkczuBx+TMZyTlbF/hR3fyZBGMNiL5Jkm+21f3uVs+s4NKM8Jkm184Ck
+64C8Ifg9fFsvIIPvsztTrVu1LE7oX4M63ZecWEYTAISxnGgIKzHU0cUFPGvmN1mCYzK
iaziGJbt/ZSHM/Yw0OrRVafzRIjcPrYHMV4I5xhWBBMz3OgQZmSr7+q+tDmRKcmbAg0h
NbHHuKG0kuhPJSimYML+CX6sQTRzOcW1aSHyrPq7SOZvcwft6uzQF/3pPXQFr7rDFCT3
+LF+LxJJ8iLtHzpynNXDKHKyXSnFsDX7YOHNcglVBwU5vCdCxQ/iSvjPpgE6xTr80qNU
XQLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:message-id:date:subject:cc:to
:from;
bh=mknO7JfLrBlzKZy+fRLLQOSfnH/5FDz1LGNJI/ZzTWo=;
fh=BZljT0sN/dfRPvrwjY3r9egTMcC8HIBtRCvppxAEVHY=;
b=lu4cP5xdNBWeP7fk9++bJXDfLbUmNqq10VQxVVA0IpkJDcjbmPM0ac8LZmlEYDAnPW
ftMUUkiflT1tm+9dZMkHrcZyT2ue6UbkDI6dmbe9IJRW1D2BGJ96bubUEIBEi2mwQrtX
f7G5kIqsd4onEBjfBDRGrXGQpu30FbVXP3OSv8sGhxwy6XAlGDQLbso4hqm/rcR6BAkx
Klozta0iZrVPxF3nS7HSacOPIrfiBX3rvg0FYijvblN87tZQA/DFPSOgptkj3tNXRK4T
b+BAUJclwlqKufPklRix0ZXSnc8WgdKvmkwKUphcilYaYOLpHng2W+eSzknEh+ZEGTQG
teqw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of
linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org"
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
by mx.google.com with ESMTPS id
rn15-20020a170906d92f00b00a2ab7977963si1227087ejb.995.2024.01.12.01.58.01
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 12 Jan 2024 01:58:01 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.80.249 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-24533-ouuuleilei=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by am.mirrors.kernel.org (Postfix) with ESMTPS id 72B8F1F2256B
for <ouuuleilei@gmail.com>; Fri, 12 Jan 2024 09:58:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id B219C5C8F9;
Fri, 12 Jan 2024 09:57:40 +0000 (UTC)
Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B7EA55769;
Fri, 12 Jan 2024 09:57:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dmarc=none (p=none dis=none) header.from=kylinos.cn
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=kylinos.cn
X-UUID: 466271ff02ce42efb222d7f9b175a673-20240112
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.35,REQID:8a9438d2-85ff-414d-96af-d16c5e2421db,IP:10,
URL:0,TC:0,Content:0,EDM:25,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACT
ION:release,TS:20
X-CID-INFO: VERSION:1.1.35,REQID:8a9438d2-85ff-414d-96af-d16c5e2421db,IP:10,UR
L:0,TC:0,Content:0,EDM:25,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTIO
N:release,TS:20
X-CID-META: VersionHash:5d391d7,CLOUDID:b8fc182f-1ab8-4133-9780-81938111c800,B
ulkID:240112175728QEUER3N2,BulkQuantity:0,Recheck:0,SF:38|24|17|19|44|66|1
02,TC:nil,Content:0,EDM:5,IP:-2,URL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,
COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0
X-CID-BVR: 0
X-CID-BAS: 0,_,0,_
X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_FAS,TF_CID_SPAM_FSD,TF_CID_SPAM_FSI,
TF_CID_SPAM_ULN
X-UUID: 466271ff02ce42efb222d7f9b175a673-20240112
X-User: chentao@kylinos.cn
Received: from kernel.. [(116.128.244.171)] by mailgw
(envelope-from <chentao@kylinos.cn>)
(Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256)
with ESMTP id 484211676; Fri, 12 Jan 2024 17:57:27 +0800
From: Kunwu Chan <chentao@kylinos.cn>
To: andrew@lunn.ch,
hkallweit1@gmail.com,
linux@armlinux.org.uk,
davem@davemloft.net,
edumazet@google.com,
kuba@kernel.org,
pabeni@redhat.com
Cc: f.fainelli@gmail.com,
netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
Kunwu Chan <chentao@kylinos.cn>
Subject: [PATCH net] net: phy: Fix possible NULL pointer dereference issues
caused by phy_attached_info_irq
Date: Fri, 12 Jan 2024 17:57:24 +0800
Message-Id: <20240112095724.154197-1-chentao@kylinos.cn>
X-Mailer: git-send-email 2.39.2
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1787878159707585398
X-GMAIL-MSGID: 1787878159707585398
|
| Series |
[net] net: phy: Fix possible NULL pointer dereference issues caused by phy_attached_info_irq
|
|
Commit Message
Kunwu Chan
Jan. 12, 2024, 9:57 a.m. UTC
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
Fixes: e27f178793de ("net: phy: Added IRQ print to phylink_bringup_phy()")
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
---
drivers/net/phy/phy_device.c | 3 +++
drivers/net/phy/phylink.c | 2 ++
2 files changed, 5 insertions(+)
Comments
On Fri, Jan 12, 2024 at 05:57:24PM +0800, Kunwu Chan wrote: > kasprintf() returns a pointer to dynamically allocated memory > which can be NULL upon failure. Ensure the allocation was successful > by checking the pointer validity. > > Fixes: e27f178793de ("net: phy: Added IRQ print to phylink_bringup_phy()") > Signed-off-by: Kunwu Chan <chentao@kylinos.cn> > --- > drivers/net/phy/phy_device.c | 3 +++ > drivers/net/phy/phylink.c | 2 ++ > 2 files changed, 5 insertions(+) > > diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c > index 3611ea64875e..10fa99d957c0 100644 > --- a/drivers/net/phy/phy_device.c > +++ b/drivers/net/phy/phy_device.c > @@ -1299,6 +1299,9 @@ void phy_attached_print(struct phy_device *phydev, const char *fmt, ...) > const char *unbound = phydev->drv ? "" : "[unbound] "; > char *irq_str = phy_attached_info_irq(phydev); > > + if (!irq_str) > + return; > + > if (!fmt) { > phydev_info(phydev, ATTACHED_FMT "\n", unbound, > phydev_name(phydev), irq_str); This part looks O.K. > diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c > index ed0b4ccaa6a6..db0a545c9468 100644 > --- a/drivers/net/phy/phylink.c > +++ b/drivers/net/phy/phylink.c > @@ -1884,6 +1884,8 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, > phy->phy_link_change = phylink_phy_change; > > irq_str = phy_attached_info_irq(phy); > + if (!irq_str) > + return -ENOMEM; Here, i would just skip the print and continue with the reset of the function. The print is just useful information, its not a big problem if its not printed. However, if this function does not complete, the network interface is likely to be dead. Andrew
Thanks for your reply. On 2024/1/12 23:32, Andrew Lunn wrote: > On Fri, Jan 12, 2024 at 05:57:24PM +0800, Kunwu Chan wrote: >> kasprintf() returns a pointer to dynamically allocated memory >> which can be NULL upon failure. Ensure the allocation was successful >> by checking the pointer validity. >> >> Fixes: e27f178793de ("net: phy: Added IRQ print to phylink_bringup_phy()") >> Signed-off-by: Kunwu Chan <chentao@kylinos.cn> >> --- >> drivers/net/phy/phy_device.c | 3 +++ >> drivers/net/phy/phylink.c | 2 ++ >> 2 files changed, 5 insertions(+) >> >> diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c >> index 3611ea64875e..10fa99d957c0 100644 >> --- a/drivers/net/phy/phy_device.c >> +++ b/drivers/net/phy/phy_device.c >> @@ -1299,6 +1299,9 @@ void phy_attached_print(struct phy_device *phydev, const char *fmt, ...) >> const char *unbound = phydev->drv ? "" : "[unbound] "; >> char *irq_str = phy_attached_info_irq(phydev); >> >> + if (!irq_str) >> + return; >> + >> if (!fmt) { >> phydev_info(phydev, ATTACHED_FMT "\n", unbound, >> phydev_name(phydev), irq_str); > > This part looks O.K. > >> diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c >> index ed0b4ccaa6a6..db0a545c9468 100644 >> --- a/drivers/net/phy/phylink.c >> +++ b/drivers/net/phy/phylink.c >> @@ -1884,6 +1884,8 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, >> phy->phy_link_change = phylink_phy_change; >> >> irq_str = phy_attached_info_irq(phy); >> + if (!irq_str) >> + return -ENOMEM; > > Here, i would just skip the print and continue with the reset of the > function. The print is just useful information, its not a big problem > if its not printed. However, if this function does not complete, the > network interface is likely to be dead. Thanks for the reminder. The second part doesn't look so perfect, can we just print an empty string when the irq_str is empty? --- a/drivers/net/phy/phylink.c +++ b/drivers/net/phy/phylink.c @@ -1886,7 +1886,7 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, irq_str = phy_attached_info_irq(phy); phylink_info(pl, "PHY [%s] driver [%s] (irq=%s)\n", - dev_name(&phy->mdio.dev), phy->drv->name, irq_str); + dev_name(&phy->mdio.dev), phy->drv->name, irq_str ? irq_str : ""); kfree(irq_str); > > Andrew
> > Here, i would just skip the print and continue with the reset of the > > function. The print is just useful information, its not a big problem > > if its not printed. However, if this function does not complete, the > > network interface is likely to be dead. > Thanks for the reminder. > The second part doesn't look so perfect, can we just print an empty string > when the irq_str is empty? > > --- a/drivers/net/phy/phylink.c > +++ b/drivers/net/phy/phylink.c > @@ -1886,7 +1886,7 @@ static int phylink_bringup_phy(struct phylink *pl, > struct phy_device *phy, > irq_str = phy_attached_info_irq(phy); > phylink_info(pl, > "PHY [%s] driver [%s] (irq=%s)\n", > - dev_name(&phy->mdio.dev), phy->drv->name, irq_str); > + dev_name(&phy->mdio.dev), phy->drv->name, irq_str ? > irq_str : ""); > kfree(irq_str); That is O.K, or skip the whole phylink_info(). Andrew
On 2024/1/15 11:45, Andrew Lunn wrote: >>> Here, i would just skip the print and continue with the reset of the >>> function. The print is just useful information, its not a big problem >>> if its not printed. However, if this function does not complete, the >>> network interface is likely to be dead. >> Thanks for the reminder. >> The second part doesn't look so perfect, can we just print an empty string >> when the irq_str is empty? >> >> --- a/drivers/net/phy/phylink.c >> +++ b/drivers/net/phy/phylink.c >> @@ -1886,7 +1886,7 @@ static int phylink_bringup_phy(struct phylink *pl, >> struct phy_device *phy, >> irq_str = phy_attached_info_irq(phy); >> phylink_info(pl, >> "PHY [%s] driver [%s] (irq=%s)\n", >> - dev_name(&phy->mdio.dev), phy->drv->name, irq_str); >> + dev_name(&phy->mdio.dev), phy->drv->name, irq_str ? >> irq_str : ""); >> kfree(irq_str); > > That is O.K, or skip the whole phylink_info(). > > Andrew Thanks, I will update it in v2 patch. Personal view, print a msg is good for debug.
diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c index 3611ea64875e..10fa99d957c0 100644 --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c @@ -1299,6 +1299,9 @@ void phy_attached_print(struct phy_device *phydev, const char *fmt, ...) const char *unbound = phydev->drv ? "" : "[unbound] "; char *irq_str = phy_attached_info_irq(phydev); + if (!irq_str) + return; + if (!fmt) { phydev_info(phydev, ATTACHED_FMT "\n", unbound, phydev_name(phydev), irq_str); diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c index ed0b4ccaa6a6..db0a545c9468 100644 --- a/drivers/net/phy/phylink.c +++ b/drivers/net/phy/phylink.c @@ -1884,6 +1884,8 @@ static int phylink_bringup_phy(struct phylink *pl, struct phy_device *phy, phy->phy_link_change = phylink_phy_change; irq_str = phy_attached_info_irq(phy); + if (!irq_str) + return -ENOMEM; phylink_info(pl, "PHY [%s] driver [%s] (irq=%s)\n", dev_name(&phy->mdio.dev), phy->drv->name, irq_str);