iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/net/ethernet
History
Taehee Yoo 93b5cbfa96 net: rmnet: fix NULL pointer dereference in rmnet_newlink() 
rmnet registers IFLA_LINK interface as a lower interface.
But, IFLA_LINK could be NULL.
In the current code, rmnet doesn't check IFLA_LINK.
So, panic would occur.

Test commands:
    modprobe rmnet
    ip link add rmnet0 type rmnet mux_id 1

Splat looks like:
[   36.826109][ T1115] general protection fault, probably for non-canonical address 0xdffffc0000000000I
[   36.838817][ T1115] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   36.839908][ T1115] CPU: 1 PID: 1115 Comm: ip Not tainted 5.6.0-rc1+ #447
[   36.840569][ T1115] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   36.841408][ T1115] RIP: 0010:rmnet_newlink+0x54/0x510 [rmnet]
[   36.841986][ T1115] Code: 83 ec 18 48 c1 e9 03 80 3c 01 00 0f 85 d4 03 00 00 48 8b 6a 28 48 b8 00 00 00 00 00 c
[   36.843923][ T1115] RSP: 0018:ffff8880b7e0f1c0 EFLAGS: 00010247
[   36.844756][ T1115] RAX: dffffc0000000000 RBX: ffff8880d14cca00 RCX: 1ffff11016fc1e99
[   36.845859][ T1115] RDX: 0000000000000000 RSI: ffff8880c3d04000 RDI: 0000000000000004
[   36.846961][ T1115] RBP: 0000000000000000 R08: ffff8880b7e0f8b0 R09: ffff8880b6ac2d90
[   36.848020][ T1115] R10: ffffffffc0589a40 R11: ffffed1016d585b7 R12: ffffffff88ceaf80
[   36.848788][ T1115] R13: ffff8880c3d04000 R14: ffff8880b7e0f8b0 R15: ffff8880c3d04000
[   36.849546][ T1115] FS:  00007f50ab3360c0(0000) GS:ffff8880da000000(0000) knlGS:0000000000000000
[   36.851784][ T1115] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.852422][ T1115] CR2: 000055871afe5ab0 CR3: 00000000ae246001 CR4: 00000000000606e0
[   36.853181][ T1115] Call Trace:
[   36.853514][ T1115]  __rtnl_newlink+0xbdb/0x1270
[   36.853967][ T1115]  ? lock_downgrade+0x6e0/0x6e0
[   36.854420][ T1115]  ? rtnl_link_unregister+0x220/0x220
[   36.854936][ T1115]  ? lock_acquire+0x164/0x3b0
[   36.855376][ T1115]  ? is_bpf_image_address+0xff/0x1d0
[   36.855884][ T1115]  ? rtnl_newlink+0x4c/0x90
[   36.856304][ T1115]  ? kernel_text_address+0x111/0x140
[   36.856857][ T1115]  ? __kernel_text_address+0xe/0x30
[   36.857440][ T1115]  ? unwind_get_return_address+0x5f/0xa0
[   36.858063][ T1115]  ? create_prof_cpu_mask+0x20/0x20
[   36.858644][ T1115]  ? arch_stack_walk+0x83/0xb0
[   36.859171][ T1115]  ? stack_trace_save+0x82/0xb0
[   36.859710][ T1115]  ? stack_trace_consume_entry+0x160/0x160
[   36.860357][ T1115]  ? deactivate_slab.isra.78+0x2c5/0x800
[   36.860928][ T1115]  ? kasan_unpoison_shadow+0x30/0x40
[   36.861520][ T1115]  ? kmem_cache_alloc_trace+0x135/0x350
[   36.862125][ T1115]  ? rtnl_newlink+0x4c/0x90
[   36.864073][ T1115]  rtnl_newlink+0x65/0x90
[ ... ]

Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-27 11:45:07 -08:00
..
3com
net: 3com: 3c59x: remove set but not used variable 'mii_reg1'
2020-01-08 12:40:03 -08:00
8390
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
adaptec
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
aeroflex
agere
net: convert suitable network drivers to use phy_do_ioctl
2020-01-21 10:50:41 +01:00
alacritech
remove ioremap_nocache and devm_ioremap_nocache
2020-01-06 09:45:59 +01:00
allwinner
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
alteon
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
altera
remove ioremap_nocache and devm_ioremap_nocache
2020-01-06 09:45:59 +01:00
amazon
net: ena: ena-com.c: prevent NULL pointer dereference
2020-02-11 17:08:31 -08:00
amd
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
apm
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
2020-01-27 11:23:13 +01:00
apple
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
aquantia
net: atlantic: fix out of range usage of active_vlans array
2020-02-16 19:03:40 -08:00
arc
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
atheros
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
aurora
net: convert additional drivers to use phy_do_ioctl
2020-01-22 21:16:32 +01:00
broadcom
net: bcmgenet: Clear ID_MODE_DIS in EXT_RGMII_OOB_CTRL when not needed
2020-02-26 17:12:30 -08:00
brocade
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
cadence
net: macb: Properly handle phylink on at91rm9200
2020-02-20 15:00:31 -08:00
calxeda
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
cavium
net: thunderx: workaround BGX TX Underflow issue
2020-02-20 15:49:20 -08:00
chelsio
cxgb4: Added tls stats prints.
2020-02-06 11:26:49 +01:00
cirrus
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
cisco
enic: prevent waking up stopped tx queues over watchdog reset
2020-02-12 09:43:26 -08:00
cortina
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-12-22 15:15:05 -08:00
davicom
net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt()
2020-02-16 20:01:43 -08:00
dec
net: ethernet: dec: tulip: Fix length mask in receive length calculation
2020-02-05 14:21:31 +01:00
dlink
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
emulex
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-12-22 15:15:05 -08:00
ezchip
ezchip: nps_enet: use devm_platform_ioremap_resource() to simplify code
2019-08-21 13:42:13 -07:00
faraday
net: convert suitable network drivers to use phy_do_ioctl
2020-01-21 10:50:41 +01:00
freescale
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-02-08 17:15:08 -08:00
fujitsu
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
google
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-01-09 12:13:43 -08:00
hisilicon
net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples()
2020-02-14 07:05:17 -08:00
huawei
hinic: fix a bug of rss configuration
2020-02-27 11:08:01 -08:00
i825xx
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
ibm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-12-22 15:15:05 -08:00
intel
ice: Wait for VF to be reset/ready before configuration
2020-02-19 11:50:41 -08:00
marvell
net: mvneta: move rx_dropped and rx_errors in per-cpu stats
2020-02-06 11:29:38 +01:00
mediatek
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
mellanox
mlx5: register lag notifier for init network namespace only
2020-02-27 11:16:14 -08:00
micrel
net: ks8851-ml: Fix IRQ handling and locking
2020-02-23 20:53:42 -08:00
microchip
net: Introduce peer to peer one step PTP time stamping.
2019-12-25 19:51:34 -08:00
moxa
mscc
net: mscc: fix in frame extraction
2020-02-17 14:02:29 -08:00
myricom
net: myri10ge: use skb_list_walk_safe helper for gso segments
2020-01-08 15:19:55 -08:00
natsemi
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
neterion
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
netronome
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
ni
net: of_get_phy_mode: Change API to solve int/unit warnings
2019-11-04 11:21:25 -08:00
nvidia
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
nxp
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
oki-semi
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2019-12-22 15:15:05 -08:00
packetengines
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
pasemi
pensando
ionic: fix fw_status read
2020-02-20 15:48:04 -08:00
qlogic
qede: Fix race between rdma destroy workqueue and link change event
2020-02-18 12:05:53 -08:00
qualcomm
net: rmnet: fix NULL pointer dereference in rmnet_newlink()
2020-02-27 11:45:07 -08:00
rdc
net: convert suitable network drivers to use phy_do_ioctl
2020-01-21 10:50:41 +01:00
realtek
r8169: fix performance regression related to PCIe max read request size
2020-02-06 14:17:44 +01:00
renesas
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
rocker
ipv4: Remove old route notifications and convert listeners
2019-12-16 16:14:43 -08:00
samsung
net: convert additional drivers to use phy_do_ioctl
2020-01-22 21:16:32 +01:00
seeq
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
sfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
sgi
net: sgi: ioc3-eth: Remove leftover free_irq()
2020-02-05 13:53:54 +01:00
silan
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
sis
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
smsc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
socionext
net: ethernet: ave: Add capability of rgmii-id mode
2020-02-12 09:55:04 -08:00
stmicro
net: stmmac: fix notifier registration
2020-02-26 20:55:14 -08:00
sun
sunvnet: use icmp_ndo_send helper
2020-02-13 14:19:00 -08:00
synopsys
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
tehuti
ti
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
toshiba
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
tundra
via
via-velocity: allow nesting of ethtool_ops begin() and complete()
2020-01-06 13:54:55 -08:00
wiznet
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
xilinx
net: ll_temac: Handle DMA halt condition caused by buffer underrun
2020-02-24 10:58:48 -08:00
xircom
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
xscale
net: ethernet: ixp4xx: Use parent dev for DMA pool
2020-01-12 12:59:53 -08:00
dnet.c
net: convert suitable drivers to use phy_do_ioctl_running
2020-01-23 10:49:30 +01:00
dnet.h
ec_bhf.c
ethoc.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
fealnx.c
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
jme.c
netdev: pass the stuck queue to the timeout handler
2019-12-12 21:38:57 -08:00
jme.h
Kconfig
hp100: Move 100BaseVG AnyLAN driver to staging
2019-10-31 14:49:52 -07:00
korina.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
lantiq_etop.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-01-28 16:02:33 -08:00
lantiq_xrx200.c
Makefile
hp100: Move 100BaseVG AnyLAN driver to staging
2019-10-31 14:49:52 -07:00