> -----Original Message----- > From: Intel-wired-lan <[email protected]> On Behalf Of Jacob > Keller > Sent: 07 August 2025 23:05 > To: Kitszel, Przemyslaw <[email protected]>; Intel Wired LAN > <[email protected]>; [email protected] > Cc: Keller, Jacob E <[email protected]> > Subject: [Intel-wired-lan] [PATCH iwl-net 2/2] ice: fix NULL access of > tx->in_use in ice_ll_ts_intr > > Recent versions of the E810 firmware have support for an extra interrupt to > handle report of the "low latency" Tx timestamps coming from the specialized > low latency firmware interface. Instead of polling the registers, software > can wait until the low latency interrupt is fired. > > This logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as > it uses the same "ready" bitmap to track which Tx timestamps. > > Unfortunately, the ice_ll_ts_intr() function does not check if the tracker is > initialized before its first access. This results in NULL dereference or > use-after-free bugs similar to the issues fixed in the > ice_ptp_ts_irq() function. > > Fix this by only checking the in_use bitmap (and other fields) if the tracker > is marked as initialized. The reset flow will clear the init field under lock > before it tears the tracker down, thus preventing any use-after-free or NULL > access. > > Fixes: 82e71b226e0e ("ice: Enable SW interrupt from FW for LL TS") > Signed-off-by: Jacob Keller <[email protected]> > --- > drivers/net/ethernet/intel/ice/ice_main.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) >
Tested-by: Rinitha S <[email protected]> (A Contingent worker at Intel)
