Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.1-rc5 2026-05-13T00:45:12+00:00 2026-05-13T00:45:12+00:00 David Carlier devnexen@gmail.com 2026-05-09T21:50:46+00:00 urn:sha1:e3adf69f8eb121a9128c2b0029efd050d3649153 phydev->drv can become NULL while the phy_device is still attached to its net_device, namely after the PHY driver is unbound via sysfs: echo <mdio_id> > /sys/bus/mdio_bus/drivers/<phy_drv>/unbind phy_remove() clears phydev->drv but doesn't call phy_detach(), so the phy_device stays in the link topology xarray and ethnl_req_get_phydev() still hands it back. ETHTOOL_MSG_PHY_GET then oopses on: rep_data->drvname = kstrdup(phydev->drv->name, GFP_KERNEL); drvname is already treated as optional by phy_reply_size(), phy_fill_reply() and phy_cleanup_data(), so just skip the allocation when there is no driver bound. Fixes: 9dd2ad5e92b9 ("net: ethtool: phy: Convert the PHY_GET command to generic phy dump") Cc: stable@vger.kernel.org # 6.13.x Signed-off-by: David Carlier <devnexen@gmail.com> Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260509215046.107157-1-devnexen@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2026-05-08T22:30:10+00:00 Quan Sun 2022090917019@std.uestc.edu.cn 2026-05-07T13:17:38+00:00 urn:sha1:4908f1395fb1b832ceec11584af649874a2732ea In phy_prepare_data(), several strings such as 'name', 'drvname', 'upstream_sfp_name', and 'downstream_sfp_name' are allocated using kstrdup(). However, these allocations were not checked for failure. If kstrdup() fails for 'name', it returns NULL while the function continues. This leads to a kernel NULL pointer dereference and panic later in phy_reply_size() when it unconditionally calls strlen() on the NULL pointer. While other strings like 'upstream_sfp_name' might be checked before access in certain code paths, failing to handle these allocations consistently can lead to incomplete data reporting or hidden bugs. Fix this by adding proper NULL checks for all kstrdup() calls in phy_prepare_data() and implement a centralized error handling path using goto labels to ensure all previously allocated resources are freed on failure. Fixes: 9dd2ad5e92b9 ("net: ethtool: phy: Convert the PHY_GET command to generic phy dump") Signed-off-by: Quan Sun <2022090917019@std.uestc.edu.cn> Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260507131738.1173835-1-2022090917019@std.uestc.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2026-03-21T02:10:18+00:00 Maxime Chevallier maxime.chevallier@bootlin.com 2026-03-19T18:05:54+00:00 urn:sha1:82a5852595f5afb36aebddcc3ebc2654ee4d3879 Most local #include in the ethtool command handling is out of order, with either : #include "netlink.h" #include "common.h" or even : #include "netlink.h" #include "common.h" #include "bitset.h" One of the reasons is because bitset.h s lacking definitions for nlattr, netlink_ext_ack, ETH_GSTRING_LEN, and types such as u32, bool, etc. Make bitset.h standalone by including <linux/ethtool.h> for ETH_GSTRING_LEN, and <linux/netlink.h> for nlattr, netlink_ext_ack and the rest. While at it, take a pass on ethnl sources to re-order the local includes : - put them after the global includes - add a newline between global and local includes - alpha-sort the local includes One notable exception is the cmis.h include, that needs definitions from module_fw.h. Keep them in this order for now. Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260319180555.1531386-1-maxime.chevallier@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-05-06T00:17:40+00:00 Maxime Chevallier maxime.chevallier@bootlin.com 2025-05-02T08:52:40+00:00 urn:sha1:9dd2ad5e92b962d1349a7541d167e8e214e49f95 Now that we have an infrastructure in ethnl for perphy DUMPs, we can get rid of the custom ->doit and ->dumpit to deal with PHY listing commands. As most of the code was custom, this basically means re-writing how we deal with PHY listing. Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20250502085242.248645-3-maxime.chevallier@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-03-08T17:06:50+00:00 Jakub Kicinski kuba@kernel.org 2025-03-07T18:30:06+00:00 urn:sha1:8ef890df4031121a94407c84659125cbccd3fdbe Move the more esoteric helpers for netdev instance lock to a dedicated header. This avoids growing netdevice.h to infinity and makes rebuilding the kernel much faster (after touching the header with the helpers). The main netdev_lock() / netdev_unlock() functions are used in static inlines in netdevice.h and will probably be used most commonly, so keep them in netdevice.h. Acked-by: Stanislav Fomichev <sdf@fomichev.me> Link: https://patch.msgid.link/20250307183006.2312761-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-03-06T21:03:35+00:00 Jakub Kicinski kuba@kernel.org 2025-03-06T21:01:27+00:00 urn:sha1:2525e16a2bae322641fd745412f3524d4455d8df Cross-merge networking fixes after downstream PR (net-6.14-rc6). Conflicts: net/ethtool/cabletest.c 2bcf4772e45a ("net: ethtool: try to protect all callback with netdev instance lock") 637399bf7e77 ("net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device") No Adjacent changes. Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-03-06T20:59:44+00:00 Jakub Kicinski kuba@kernel.org 2025-03-05T16:37:28+00:00 urn:sha1:2bcf4772e45adb00649a4e9cbff14b08a144f9e3 Protect all ethtool callbacks and PHY related state with the netdev instance lock, for drivers which want / need to have their ops instance-locked. Basically take the lock everywhere we take rtnl_lock. It was tempting to take the lock in ethnl_ops_begin(), but turns out we actually nest those calls (when generating notifications). Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Cc: Saeed Mahameed <saeed@kernel.org> Signed-off-by: Stanislav Fomichev <sdf@fomichev.me> Link: https://patch.msgid.link/20250305163732.2766420-11-sdf@fomichev.me Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-03-05T01:12:01+00:00 Maxime Chevallier maxime.chevallier@bootlin.com 2025-03-01T14:11:13+00:00 urn:sha1:637399bf7e77797811adf340090b561a8f9d1213 ethnl_req_get_phydev() is used to lookup a phy_device, in the case an ethtool netlink command targets a specific phydev within a netdev's topology. It takes as a parameter a const struct nlattr *header that's used for error handling : if (!phydev) { NL_SET_ERR_MSG_ATTR(extack, header, "no phy matching phyindex"); return ERR_PTR(-ENODEV); } In the notify path after a ->set operation however, there's no request attributes available. The typical callsite for the above function looks like: phydev = ethnl_req_get_phydev(req_base, tb[ETHTOOL_A_XXX_HEADER], info->extack); So, when tb is NULL (such as in the ethnl notify path), we have a nice crash. It turns out that there's only the PLCA command that is in that case, as the other phydev-specific commands don't have a notification. This commit fixes the crash by passing the cmd index and the nlattr array separately, allowing NULL-checking it directly inside the helper. Fixes: c15e065b46dc ("net: ethtool: Allow passing a phy index for some commands") Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Reviewed-by: Kory Maincent <kory.maincent@bootlin.com> Reported-by: Parthiban Veerasooran <parthiban.veerasooran@microchip.com> Link: https://patch.msgid.link/20250301141114.97204-1-maxime.chevallier@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-09-14T04:40:12+00:00 Maxime Chevallier maxime.chevallier@bootlin.com 2024-09-13T10:05:14+00:00 urn:sha1:1ad84a151af7f4b3933983677bc75074f957bdf5 The context info allows continuing DUMP requests, shall they fill the netlink buffer. In the case of filtered DUMP requests, a reference on the netdev is grabbed in the .start() callback and release in .done(). Unfiltered DUMP request don't need the dev pointer to be set in the context info, doing so will trigger an unwanted netdev_put() in .done(). Reported-by: syzbot+e9ed4e4368d450c8f9db@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/000000000000d3bf150621d361a7@google.com/ Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface") Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev> Link: https://patch.msgid.link/20240913100515.167341-1-maxime.chevallier@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-09-11T23:38:10+00:00 Maxime Chevallier maxime.chevallier@bootlin.com 2024-09-10T17:46:35+00:00 urn:sha1:fce1e9f86af13cbd6696ef0c8775990559108f45 When processing the netlink GET requests to get PHY info, the req_info.pdn pointer is NULL when no PHY matches the requested parameters, such as when the phy_index is invalid, or there's simply no PHY attached to the interface. Therefore, check the req_info.pdn pointer for NULL instead of dereferencing it. Suggested-by: Eric Dumazet <edumazet@google.com> Reported-by: Eric Dumazet <edumazet@google.com> Closes: https://lore.kernel.org/netdev/CANn89iKRW0WpGAh1tKqY345D8WkYCPm3Y9ym--Si42JZrQAu1g@mail.gmail.com/T/#mfced87d607d18ea32b3b4934dfa18d7b36669285 Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface") Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20240910174636.857352-1-maxime.chevallier@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>