kernel_samsung_a53x/net
Jamie Bainbridge 2ab6e95beb ethtool: check device is present when getting link settings
[ Upstream commit a699781c79ecf6cfe67fb00a0331b4088c7c8466 ]

A sysfs reader can race with a device reset or removal, attempting to
read device state when the device is not actually present. eg:

     [exception RIP: qed_get_current_link+17]
  #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]
  #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3
 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4
 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300
 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c
 #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b
 #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3
 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1
 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f
 #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb

 crash> struct net_device.state ffff9a9d21336000
    state = 5,

state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).
The device is not present, note lack of __LINK_STATE_PRESENT (0b10).

This is the same sort of panic as observed in commit 4224cfd7fb65
("net-sysfs: add check for netdevice being present to speed_show").

There are many other callers of __ethtool_get_link_ksettings() which
don't have a device presence check.

Move this check into ethtool to protect all callers.

Fixes: d519e17e2d01 ("net: export device speed and duplex via sysfs")
Fixes: 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show")
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Link: https://patch.msgid.link/8bae218864beaa44ed01628140475b9bf641c5b0.1724393671.git.jamie.bainbridge@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-19 14:58:23 +01:00
..
6lowpan
9p 9p/xen: fix release of IRQ 2024-12-17 13:24:22 +01:00
802
8021q gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers 2025-01-19 00:10:01 +01:00
appletalk
atm
ax25 Revert "Make more sysctl constants read-only" 2024-12-03 19:56:17 +01:00
batman-adv batman-adv: Do not let TT changes list grows indefinitely 2025-01-02 17:00:49 +01:00
bluetooth Bluetooth: MGMT: Ignore keys being loaded with invalid type 2025-01-19 14:50:17 +01:00
bpf
bpfilter
bridge net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN 2025-01-19 00:10:01 +01:00
caif
can can: bcm: Remove proc entry when dev is unregistered. 2025-01-19 00:10:01 +01:00
ceph libceph: fix race between delayed_work() and ceph_monc_stop() 2024-11-19 14:19:45 +01:00
core ethtool: check device is present when getting link settings 2025-01-19 14:58:23 +01:00
dcb
dccp dccp: Fix memory leak in dccp_feat_change_recv 2024-12-17 13:24:26 +01:00
decnet
dns_resolver
dsa
ethernet gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers 2025-01-19 00:10:01 +01:00
ethtool ethtool: check device is present when getting link settings 2025-01-19 14:58:23 +01:00
hsr net: hsr: avoid potential out-of-bound access in fill_frame_info() 2024-12-17 13:24:26 +01:00
ieee802154 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() 2024-12-17 13:24:30 +01:00
ife
ipv4 net: set SOCK_RCU_FREE before inserting socket into hashtable 2025-01-19 14:52:20 +01:00
ipv6 gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers 2025-01-19 00:10:01 +01:00
iucv Revert "net/iucv: fix use after free in iucv_sock_close()" 2024-11-24 00:23:55 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-11-23 23:20:48 +01:00
key
l2tp genetlink: hold RCU in genlmsg_mcast() 2024-11-23 23:21:59 +01:00
l3mdev net: Add l3mdev index to flow struct and avoid oif reset for port devices 2024-11-23 23:21:52 +01:00
lapb
llc net: llc: reset skb->transport_header 2025-01-15 16:29:53 +01:00
mac80211 wifi: mac80211: wake the queues in case of failure in resume 2025-01-15 16:29:54 +01:00
mac802154 Revert "net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()" 2024-11-19 14:52:14 +01:00
mpls
mptcp ANDROID: Fix gki allmodconfig build errors in mptcp 2025-01-19 14:56:39 +01:00
ncm
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-11-19 14:19:00 +01:00
netfilter netfilter: ipset: Fix for recursive locking warning 2025-01-15 16:29:41 +01:00
netlabel
netlink netlink: terminate outstanding dump on socket close 2024-12-17 13:20:50 +01:00
netrom netrom: check buffer length before accessing it 2025-01-15 16:29:53 +01:00
nfc nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() 2024-11-19 12:27:10 +01:00
nsh
openvswitch openvswitch: Set the skbuff pkt_type for proper pmtud support. 2024-11-19 12:27:09 +01:00
packet af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK 2025-01-15 16:29:54 +01:00
phonet Revert "Make more sysctl constants read-only" 2024-12-03 19:56:17 +01:00
psample
qrtr Revert "net: qrtr: Update packets cloning when broadcasting" 2024-11-24 00:23:18 +01:00
rds Revert "net:rds: Fix possible deadlock in rds_message_put" 2024-11-24 00:23:49 +01:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-17 13:24:07 +01:00
rose Revert "Make more sysctl constants read-only" 2024-12-03 19:56:17 +01:00
rxrpc
sched sch/netem: fix use after free in netem_dequeue 2025-01-19 14:51:17 +01:00
sctp net/sctp: Prevent autoclose integer overflow in sctp_association_init() 2025-01-15 16:29:56 +01:00
skb_tracer
smc net/smc: check return value of sock_recvmsg when draining clc data 2025-01-15 16:29:41 +01:00
strparser
sunrpc sunrpc: don't change ->sv_stats if it doesn't exist 2025-01-19 14:48:42 +01:00
switchdev
tipc tipc: fix NULL deref in cleanup_bearer() 2025-01-02 17:00:49 +01:00
tls tls: fix missing memory barrier in tls_init 2024-11-19 12:27:09 +01:00
unix Revert "af_unix: Remove put_pid()/put_cred() in copy_peercred()." 2024-11-24 00:23:43 +01:00
vmw_vsock virtio/vsock: Fix accept_queue memory leak 2025-01-02 17:00:49 +01:00
wimax
wireless Revert "wifi: nl80211: don't give key data to userspace" 2024-11-24 00:23:55 +01:00
x25 Revert "Make more sysctl constants read-only" 2024-12-03 19:56:17 +01:00
xdp
xfrm xfrm: store and rely on direction to construct offload flags 2024-12-17 13:24:04 +01:00
compat.c
devres.c
Kconfig
Makefile
socket.c
sysctl_net.c
TEST_MAPPING