From acf53d46bb9b95b29228dab0875d043b6ea7b2ad Mon Sep 17 00:00:00 2001 From: Ingo van Lil Date: Thu, 2 Jan 2025 21:13:46 +0800 Subject: [PATCH] net: phy: dp83869: fix memory corruption when enabling fiber stable inclusion from stable-v5.10.227 commit 21b5af7f0c99b3bf1fd02016e6708b613acbcaf4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2YUE CVE: CVE-2024-50188 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=21b5af7f0c99b3bf1fd02016e6708b613acbcaf4 -------------------------------- [ Upstream commit a842e443ca8184f2dc82ab307b43a8b38defd6a5 ] When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure. Since the advertising flags are updated from supported at the end of the function the incorrect line isn't needed at all and can be removed. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Signed-off-by: Ingo van Lil Reviewed-by: Alexander Sverdlin Reviewed-by: Andrew Lunn Link: https://patch.msgid.link/20241002161807.440378-1-inguin@gmx.de Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Signed-off-by: Zhang Changzhong --- drivers/net/phy/dp83869.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index a9daff88006b..88d14d08c151 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -612,7 +612,6 @@ static int dp83869_configure_fiber(struct phy_device *phydev, phydev->supported); linkmode_set_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported); - linkmode_set_bit(ADVERTISED_FIBRE, phydev->advertising); if (dp83869->mode == DP83869_RGMII_1000_BASE) { linkmode_set_bit(ETHTOOL_LINK_MODE_1000baseX_Full_BIT, -- Gitee