Re: [syzbot] [net?] KASAN: slab-use-after-free Read in __ethtool_get_link_ksettings

From: Hillf Danton
Date: Sun Sep 29 2024 - 06:39:30 EST

Next message: Markus Elfring: "Re: [PATCH] reset: Further simplify locking with guard()"
Previous message: Jonathan Cameron: "Re: [PATCH v3 01/10] iio: backend: adi-axi-dac: fix wrong register bitfield"
In reply to: Hillf Danton: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in __ethtool_get_link_ksettings"
Next in thread: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in __ethtool_get_link_ksettings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: d505d3593b52 net: wwan: qcom_bam_dmux: Fix missing pm_runt..
> git tree: net
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150d959f980000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 61387b8dcf1d

--- l/drivers/infiniband/core/verbs.c
+++ v/drivers/infiniband/core/verbs.c
@@ -1979,6 +1979,7 @@ int ib_get_eth_speed(struct ib_device *d
netdev = ib_device_get_netdev(dev, port_num);
if (!netdev)
return -ENODEV;
+ dev_hold(netdev);

rtnl_lock();
rc = __ethtool_get_link_ksettings(netdev, &lksettings);
@@ -1995,6 +1996,7 @@ int ib_get_eth_speed(struct ib_device *d
netdev->name, netdev_speed);
}

+ dev_put(netdev);
ib_get_width_and_speed(netdev_speed, lksettings.lanes,
speed, width);

--

Next message: Markus Elfring: "Re: [PATCH] reset: Further simplify locking with guard()"
Previous message: Jonathan Cameron: "Re: [PATCH v3 01/10] iio: backend: adi-axi-dac: fix wrong register bitfield"
In reply to: Hillf Danton: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in __ethtool_get_link_ksettings"
Next in thread: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in __ethtool_get_link_ksettings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]