Public bug reported:
[ Impact ]
genphy_config_eee_advert() was removed in "net: phy: remove
genphy_config_eee_advert"[1] before the phydev->eee_broken_modes was
converted from a u32 to bitmap (underlyingly an array of unsigned long)
in "net: phy: switch eee_broken_modes to linkmode bitmap and add
accessor"[2]. The later one was backported to the OEM 6.11 kernel, but
the former one wasn't.
In the remaining genphy_config_eee_advert() in the OEM kernel, it will
pass phy_device->eee_broken_modes to phy_modify_mmd_changed(), which
assumes that eee_broken_modes is still an integer, leading to a bug that
converts a pointer to an integer.
gcc 13.3 will emit warning, while clang 18.1.3 and gcc 14 catch this
error:
drivers/net/phy/phy_device.c:2196:15: warning: address of array
'phydev->eee_broken_modes' will always evaluate to 'true'
[-Wpointer-bool-conversion]
2196 | if (!phydev->eee_broken_modes)
| ~~~~~~~~~^~~~~~~~~~~~~~~~
drivers/net/phy/phy_device.c:2200:10: error: incompatible pointer to integer
conversion passing 'unsigned long[2]' to parameter of type 'u16' (aka 'unsigned
short') [-Wint-conversion]
2200 | phydev->eee_broken_modes, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/phy.h:1438:11: note: passing argument to parameter 'mask' here
1438 | u16 mask, u16 set);
| ^
1 warning and 1 error generated.
This can be resolved by backporting [1] that fully replaces the
genphy_config_eee_advert() in the 6.11 oem kernel.
[ Test plan ]
Compile the relevant part by the said compilers. For example on Noble:
$ make LLVM=1 drivers/net/phy/
The above error/warning message shouldn’t appear.
This was introduced only in the 6.11 OEM kernel, which is intended for
PCs under Noble certification. According to records from the
certification team website, currently there’s no PC with Broadcom
ethernet devices under certification, so in theory there’s no actual
user for the relevant code.
[ Where the problems could occur ]
This access pattern to the phydev->eee_broken_modes happens only in
genphy_config_eee_advert() in drivers/net/phy/bcm-phy-lib.c, which is
also its only user. There’s only one place in the code where this
function is used, and from the record on the certification website there
hasn’t been any PC with Broadcom components undergoing Noble
certification. So the impact should be limited.
[1]
https://lore.kernel.org/all/[email protected]/#r
[2]
https://lore.kernel.org/all/[email protected]/#r
** Affects: linux-oem-6.11 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oem-6.11 (Ubuntu Noble)
Importance: Undecided
Assignee: Leo Lin (0xff07)
Status: In Progress
** Also affects: linux-oem-6.11 (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: linux-oem-6.11 (Ubuntu Noble)
Assignee: (unassigned) => Leo Lin (0xff07)
** Changed in: linux-oem-6.11 (Ubuntu Noble)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2098171
Title:
Remove genphy_config_eee_advert() that accesses eee_broken_modes in
buggy manners
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.11/+bug/2098171/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
