ethtool: Remove link_mode param and derive link params from driver

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Some drivers clear the 'ethtool_link_ksettings' struct in their
get_link_ksettings() callback, before populating it with actual values.
Such drivers will set the new 'link_mode' field to zero, resulting in
user space receiving wrong link mode information given that zero is a
valid value for the field.

Another problem is that some drivers (notably tun) can report random
values in the 'link_mode' field. This can result in a general protection
fault when the field is used as an index to the 'link_mode_params' array
[1].

This happens because such drivers implement their set_link_ksettings()
callback by simply overwriting their private copy of
'ethtool_link_ksettings' struct with the one they get from the stack,
which is not always properly initialized.

Fix these problems by removing 'link_mode' from 'ethtool_link_ksettings'
and instead have drivers call ethtool_params_from_link_mode() with the
current link mode. The function will derive the link parameters (e.g.,
speed) from the link mode and fill them in the 'ethtool_link_ksettings'
struct.

v3:
* Remove link_mode parameter and derive the link parameters in
the driver instead of passing link_mode parameter to ethtool
and derive it there.

v2:
* Introduce 'cap_link_mode_supported' instead of adding a
validity field to 'ethtool_link_ksettings' struct.

[1]
general protection fault, probably for non-canonical address 0xdffffc00f14cc32c: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x000000078a661960-0x000000078a661967]
CPU: 0 PID: 8452 Comm: syz-executor360 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__ethtool_get_link_ksettings+0x1a3/0x3a0 net/ethtool/ioctl.c:446
Code: b7 3e fa 83 fd ff 0f 84 30 01 00 00 e8 16 b0 3e fa 48 8d 3c ed 60 d5 69 8a 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03
+38 d0 7c 08 84 d2 0f 85 b9
RSP: 0018:ffffc900019df7a0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888026136008 RCX: 0000000000000000
RDX: 00000000f14cc32c RSI: ffffffff873439ca RDI: 000000078a661960
RBP: 00000000ffff8880 R08: 00000000ffffffff R09: ffff88802613606f
R10: ffffffff873439bc R11: 0000000000000000 R12: 0000000000000000
R13: ffff88802613606c R14: ffff888011d0c210 R15: ffff888011d0c210
FS: 0000000000749300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b60f0 CR3: 00000000185c2000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
linkinfo_prepare_data+0xfd/0x280 net/ethtool/linkinfo.c:37
ethnl_default_notify+0x1dc/0x630 net/ethtool/netlink.c:586
ethtool_notify+0xbd/0x1f0 net/ethtool/netlink.c:656
ethtool_set_link_ksettings+0x277/0x330 net/ethtool/ioctl.c:620
dev_ethtool+0x2b35/0x45d0 net/ethtool/ioctl.c:2842
dev_ioctl+0x463/0xb70 net/core/dev_ioctl.c:440
sock_do_ioctl+0x148/0x2d0 net/socket.c:1060
sock_ioctl+0x477/0x6a0 net/socket.c:1177
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: c8907043c6ac9 ("ethtool: Get link mode in use instead of speed and duplex parameters")
Signed-off-by: Danielle Ratson <danieller@nvidia.com>
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Danielle Ratson and committed by

David S. Miller 5 years ago a975d7d8 bb58023b

+39 -23

4 changed files

expand all

drivers

net

ethernet

mellanox

mlxsw

spectrum_ethtool.c

include

linux

ethtool.h

net

ethtool

common.c

ioctl.c

+14 -5

drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c

··· 1230 1230 u32 ptys_eth_proto, 1231 1231 struct ethtool_link_ksettings *cmd) 1232 1232 { 1233 + struct mlxsw_sp1_port_link_mode link; 1233 1234 int i; 1234 1235 1235 - cmd->link_mode = -1; 1236 + cmd->base.speed = SPEED_UNKNOWN; 1237 + cmd->base.duplex = DUPLEX_UNKNOWN; 1238 + cmd->lanes = 0; 1236 1239 1237 1240 if (!carrier_ok) 1238 1241 return; 1239 1242 1240 1243 for (i = 0; i < MLXSW_SP1_PORT_LINK_MODE_LEN; i++) { 1241 - if (ptys_eth_proto & mlxsw_sp1_port_link_mode[i].mask) 1242 - cmd->link_mode = mlxsw_sp1_port_link_mode[i].mask_ethtool; 1244 + if (ptys_eth_proto & mlxsw_sp1_port_link_mode[i].mask) { 1245 + link = mlxsw_sp1_port_link_mode[i]; 1246 + ethtool_params_from_link_mode(cmd, 1247 + link.mask_ethtool); 1248 + } 1243 1249 } 1244 1250 } 1245 1251 ··· 1678 1672 struct mlxsw_sp2_port_link_mode link; 1679 1673 int i; 1680 1674 1681 - cmd->link_mode = -1; 1675 + cmd->base.speed = SPEED_UNKNOWN; 1676 + cmd->base.duplex = DUPLEX_UNKNOWN; 1677 + cmd->lanes = 0; 1682 1678 1683 1679 if (!carrier_ok) 1684 1680 return; ··· 1688 1680 for (i = 0; i < MLXSW_SP2_PORT_LINK_MODE_LEN; i++) { 1689 1681 if (ptys_eth_proto & mlxsw_sp2_port_link_mode[i].mask) { 1690 1682 link = mlxsw_sp2_port_link_mode[i]; 1691 - cmd->link_mode = link.mask_ethtool[1]; 1683 + ethtool_params_from_link_mode(cmd, 1684 + link.mask_ethtool[1]); 1692 1685 } 1693 1686 } 1694 1687 }

+8 -1

include/linux/ethtool.h

··· 127 127 __ETHTOOL_DECLARE_LINK_MODE_MASK(lp_advertising); 128 128 } link_modes; 129 129 u32 lanes; 130 - enum ethtool_link_mode_bit_indices link_mode; 131 130 }; 132 131 133 132 /** ··· 573 574 */ 574 575 void ethtool_set_ethtool_phy_ops(const struct ethtool_phy_ops *ops); 575 576 577 + /* 578 + * ethtool_params_from_link_mode - Derive link parameters from a given link mode 579 + * @link_ksettings: Link parameters to be derived from the link mode 580 + * @link_mode: Link mode 581 + */ 582 + void 583 + ethtool_params_from_link_mode(struct ethtool_link_ksettings *link_ksettings, 584 + enum ethtool_link_mode_bit_indices link_mode); 576 585 #endif /* _LINUX_ETHTOOL_H */

+16

net/ethtool/common.c

··· 562 562 rtnl_unlock(); 563 563 } 564 564 EXPORT_SYMBOL_GPL(ethtool_set_ethtool_phy_ops); 565 + 566 + void 567 + ethtool_params_from_link_mode(struct ethtool_link_ksettings *link_ksettings, 568 + enum ethtool_link_mode_bit_indices link_mode) 569 + { 570 + const struct link_mode_info *link_info; 571 + 572 + if (WARN_ON_ONCE(link_mode >= __ETHTOOL_LINK_MODE_MASK_NBITS)) 573 + return; 574 + 575 + link_info = &link_mode_params[link_mode]; 576 + link_ksettings->base.speed = link_info->speed; 577 + link_ksettings->lanes = link_info->lanes; 578 + link_ksettings->base.duplex = link_info->duplex; 579 + } 580 + EXPORT_SYMBOL_GPL(ethtool_params_from_link_mode);

+1 -17

net/ethtool/ioctl.c

··· 426 426 int __ethtool_get_link_ksettings(struct net_device *dev, 427 427 struct ethtool_link_ksettings *link_ksettings) 428 428 { 429 - const struct link_mode_info *link_info; 430 - int err; 431 - 432 429 ASSERT_RTNL(); 433 430 434 431 if (!dev->ethtool_ops->get_link_ksettings) 435 432 return -EOPNOTSUPP; 436 433 437 434 memset(link_ksettings, 0, sizeof(*link_ksettings)); 438 - 439 - link_ksettings->link_mode = -1; 440 - err = dev->ethtool_ops->get_link_ksettings(dev, link_ksettings); 441 - if (err) 442 - return err; 443 - 444 - if (link_ksettings->link_mode != -1) { 445 - link_info = &link_mode_params[link_ksettings->link_mode]; 446 - link_ksettings->base.speed = link_info->speed; 447 - link_ksettings->lanes = link_info->lanes; 448 - link_ksettings->base.duplex = link_info->duplex; 449 - } 450 - 451 - return 0; 435 + return dev->ethtool_ops->get_link_ksettings(dev, link_ksettings); 452 436 } 453 437 EXPORT_SYMBOL(__ethtool_get_link_ksettings); 454 438