* [PATCH v2] net: phy: fix phy_get_internal_delay accessing an empty array
@ 2024-03-07 11:19 Kévin L'hôpital
2024-03-08 10:20 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Kévin L'hôpital @ 2024-03-07 11:19 UTC (permalink / raw)
To: Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Dan Murphy
Cc: netdev, linux-kernel, Kévin L'hôpital,
Enguerrand de Ribaucourt, Russell King
The phy_get_internal_delay function could try to access to an empty
array in the case that the driver is calling phy_get_internal_delay
without defining delay_values and rx-internal-delay-ps or
tx-internal-delay-ps is defined to 0 in the device-tree.
This will lead to "unable to handle kernel NULL pointer dereference at
virtual address 0". To avoid this kernel oops, the test should be delay
>= 0. As there is already delay < 0 test just before, the test could
only be size == 0.
Fixes: 92252eec913b ("net: phy: Add a helper to return the index for of the internal delay")
Co-developed-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Signed-off-by: Kévin L'hôpital <kevin.lhopital@savoirfairelinux.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
---
V1 -> V2: Fixed Signed-off-by tags
drivers/net/phy/phy_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
index 3611ea64875e..3ad9bbf65cbe 100644
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -2959,7 +2959,7 @@ s32 phy_get_internal_delay(struct phy_device *phydev, struct device *dev,
if (delay < 0)
return delay;
- if (delay && size == 0)
+ if (size == 0)
return delay;
if (delay < delay_values[0] || delay > delay_values[size - 1]) {
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] net: phy: fix phy_get_internal_delay accessing an empty array
2024-03-07 11:19 [PATCH v2] net: phy: fix phy_get_internal_delay accessing an empty array Kévin L'hôpital
@ 2024-03-08 10:20 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-03-08 10:20 UTC (permalink / raw)
To: =?utf-8?q?K=C3=A9vin_L=27h=C3=B4pital_=3Ckevin=2Elhopital=40savoirfairelinux?=,
=?utf-8?q?=2Ecom=3E?=
Cc: andrew, hkallweit1, linux, davem, edumazet, kuba, pabeni,
dmurphy, netdev, linux-kernel, enguerrand.de-ribaucourt,
rmk+kernel
Hello:
This patch was applied to netdev/net.git (main)
by David S. Miller <davem@davemloft.net>:
On Thu, 7 Mar 2024 12:19:06 +0100 you wrote:
> The phy_get_internal_delay function could try to access to an empty
> array in the case that the driver is calling phy_get_internal_delay
> without defining delay_values and rx-internal-delay-ps or
> tx-internal-delay-ps is defined to 0 in the device-tree.
> This will lead to "unable to handle kernel NULL pointer dereference at
> virtual address 0". To avoid this kernel oops, the test should be delay
> >= 0. As there is already delay < 0 test just before, the test could
> only be size == 0.
>
> [...]
Here is the summary with links:
- [v2] net: phy: fix phy_get_internal_delay accessing an empty array
https://git.kernel.org/netdev/net/c/4469c0c5b14a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-08 10:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-07 11:19 [PATCH v2] net: phy: fix phy_get_internal_delay accessing an empty array Kévin L'hôpital
2024-03-08 10:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).