net: ethtool: phy: Check the req_info.pdn field for GET commands

[PATCH net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands

Posted by Maxime Chevallier 2 months, 2 weeks ago

When processing the netlink GET requests to get PHY info, the req_info.pdn
pointer is NULL when no PHY matches the requested parameters, such as when
the phy_index is invalid, or there's simply no PHY attached to the
interface.

Therefore, check the req_info.pdn pointer for NULL instead of
dereferencing it.

Suggested-by: Eric Dumazet <edumazet@google.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285
Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
Hi,

I'm targetting net-next as the commit this patch fixes is still in
net-next.

 net/ethtool/phy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ethtool/phy.c b/net/ethtool/phy.c
index 560dd039c662..4ef7c6e32d10 100644
--- a/net/ethtool/phy.c
+++ b/net/ethtool/phy.c
@@ -164,7 +164,7 @@ int ethnl_phy_doit(struct sk_buff *skb, struct genl_info *info)
 		goto err_unlock_rtnl;
 
 	/* No PHY, return early */
-	if (!req_info.pdn->phy)
+	if (!req_info.pdn)
 		goto err_unlock_rtnl;
 
 	ret = ethnl_phy_reply_size(&req_info.base, info->extack);
-- 
2.46.0

Re: [PATCH net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands

Posted by Eric Dumazet 2 months, 2 weeks ago

On Tue, Sep 10, 2024 at 7:46 PM Maxime Chevallier
<maxime.chevallier@bootlin.com> wrote:
>
> When processing the netlink GET requests to get PHY info, the req_info.pdn
> pointer is NULL when no PHY matches the requested parameters, such as when
> the phy_index is invalid, or there's simply no PHY attached to the
> interface.
>
> Therefore, check the req_info.pdn pointer for NULL instead of
> dereferencing it.
>
> Suggested-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Eric Dumazet <edumazet@google.com>
> Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285
> Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface")
> Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
> ---

Thanks, there is another issue found by syzbot BTW (one imbalanced netdev_put())

Reviewed-by: Eric Dumazet <edumazet@google.com>

Re: [PATCH net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands

Posted by Maxime Chevallier 2 months, 2 weeks ago

Hi Eric,

On Wed, 11 Sep 2024 09:26:23 +0200
Eric Dumazet <edumazet@google.com> wrote:

> On Tue, Sep 10, 2024 at 7:46 PM Maxime Chevallier
> <maxime.chevallier@bootlin.com> wrote:
> >
> > When processing the netlink GET requests to get PHY info, the req_info.pdn
> > pointer is NULL when no PHY matches the requested parameters, such as when
> > the phy_index is invalid, or there's simply no PHY attached to the
> > interface.
> >
> > Therefore, check the req_info.pdn pointer for NULL instead of
> > dereferencing it.
> >
> > Suggested-by: Eric Dumazet <edumazet@google.com>
> > Reported-by: Eric Dumazet <edumazet@google.com>
> > Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285
> > Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface")
> > Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
> > ---  
> 
> Thanks, there is another issue found by syzbot BTW (one imbalanced netdev_put())

Sorry for asking that, but I missed the report from this current patch,
as well as the one you're referring to. I've looked-up the netdev
archive and the syzbot web interface [1] and found no reports for both
issues. I am clearly not looking at the right place, and/or I probably
need to open my eyes a bit more.

Can you point me to the report in question ?

[1] : https://syzkaller.appspot.com/upstream/s/net

> 
> Reviewed-by: Eric Dumazet <edumazet@google.com>

Thanks for the review,

Maxime

Re: [PATCH net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands

Posted by Maxime Chevallier 2 months, 2 weeks ago

Hi,

On Wed, 11 Sep 2024 10:33:22 +0200
Maxime Chevallier <maxime.chevallier@bootlin.com> wrote:


> Sorry for asking that, but I missed the report from this current patch,
> as well as the one you're referring to. I've looked-up the netdev
> archive and the syzbot web interface [1] and found no reports for both
> issues. I am clearly not looking at the right place, and/or I probably
> need to open my eyes a bit more.

Heh my bad, I just received the report in question. Looks like you are
getting these before I do :)

Thanks,

Maxime

Re: [PATCH net-next] net: ethtool: phy: Check the req_info.pdn field for GET commands

Posted by Eric Dumazet 2 months, 2 weeks ago

On Wed, Sep 11, 2024 at 10:37 AM Maxime Chevallier
<maxime.chevallier@bootlin.com> wrote:
>
> Hi,
>
> On Wed, 11 Sep 2024 10:33:22 +0200
> Maxime Chevallier <maxime.chevallier@bootlin.com> wrote:
>
>
> > Sorry for asking that, but I missed the report from this current patch,
> > as well as the one you're referring to. I've looked-up the netdev
> > archive and the syzbot web interface [1] and found no reports for both
> > issues. I am clearly not looking at the right place, and/or I probably
> > need to open my eyes a bit more.
>
> Heh my bad, I just received the report in question. Looks like you are
> getting these before I do :)

I triage the reports, to avoid flooding mailing list with duplicates,
and possibly catch very serious security bugs.

I usually wait for some consistent signal like a repro, so that a
single email is sent to the list.