diff mbox series

[net-next] net: ethtool: phy: Clear the netdev context pointer for DUMP requests

Message ID 20240911134623.1739633-1-maxime.chevallier@bootlin.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: ethtool: phy: Clear the netdev context pointer for DUMP requests | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 16 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 16 this patch: 16
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 11 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-09-12--00-00 (tests: 764)

Commit Message

Maxime Chevallier Sept. 11, 2024, 1:46 p.m. UTC 
The context info allows continuing DUMP requests, shall they fill the
netlink buffer. When performing unfiltered dump request, clear the dev
pointer in the context at the end of the dump, avoiding the release of
the netdevice. In the case of a filtered DUMP, the refcount for the
netdev was held when parsing the header, and is released in the .done()
callback.

Reported-by: syzbot+e9ed4e4368d450c8f9db@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/000000000000d3bf150621d361a7@google.com/
Fixes: 17194be4c8e1 ("net: ethtool: Introduce a command to list PHYs on an interface")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 net/ethtool/phy.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Jakub Kicinski Sept. 13, 2024, 3:44 a.m. UTC | #1 
On Wed, 11 Sep 2024 15:46:21 +0200 Maxime Chevallier wrote:
> +		/* Clear the context netdev pointer so avoid a netdev_put from
> +		 * the .done() callback
> +		 */
> +		ctx->phy_req_info->base.dev = NULL;

Why do we assign to req_base.dev in the first place?
req is for the parsed request in my mind, and I don't
see anything in the PHY dump handlers actually using dev?
Maxime Chevallier Sept. 13, 2024, 7:14 a.m. UTC | #2 
Hello Jakub,

On Thu, 12 Sep 2024 20:44:38 -0700
Jakub Kicinski <kuba@kernel.org> wrote:

> On Wed, 11 Sep 2024 15:46:21 +0200 Maxime Chevallier wrote:
> > +		/* Clear the context netdev pointer so avoid a netdev_put from
> > +		 * the .done() callback
> > +		 */
> > +		ctx->phy_req_info->base.dev = NULL;  
> 
> Why do we assign to req_base.dev in the first place?
> req is for the parsed request in my mind, and I don't
> see anything in the PHY dump handlers actually using dev?

After reading the code back, that's true. It's just a leftover from
when I hadn't considered that dumps could be interrupted/resumed.

Let me clean that up then.

Thanks for the review Jakub,

Maxime
diff mbox series

Patch

diff --git a/net/ethtool/phy.c b/net/ethtool/phy.c
index 560dd039c662..99d2a8b6144c 100644
--- a/net/ethtool/phy.c
+++ b/net/ethtool/phy.c
@@ -301,6 +301,11 @@  int ethnl_phy_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 
 			ctx->phy_index = 0;
 		}
+
+		/* Clear the context netdev pointer so avoid a netdev_put from
+		 * the .done() callback
+		 */
+		ctx->phy_req_info->base.dev = NULL;
 	}
 	rtnl_unlock();