CVE-2024-26881

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hns3: fix kernel crash when 1588 is received on HIP08 devices<br /> <br /> The HIP08 devices does not register the ptp devices, so the<br /> hdev-&gt;ptp is NULL, but the hardware can receive 1588 messages,<br /> and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the<br /> access of hdev-&gt;ptp-&gt;flags will cause a kernel crash:<br /> <br /> [ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018<br /> [ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018<br /> ...<br /> [ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]<br /> [ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge]<br /> [ 5889.279101] sp : ffff800012c3bc50<br /> [ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040<br /> [ 5889.289927] x27: ffff800009116484 x26: 0000000080007500<br /> [ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000<br /> [ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000<br /> [ 5889.309134] x21: 0000000000000000 x20: ffff204004220080<br /> [ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000<br /> [ 5889.321897] x17: 0000000000000000 x16: 0000000000000000<br /> [ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000<br /> [ 5889.334617] x13: 0000000000000000 x12: 00000000010011df<br /> [ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000<br /> [ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d<br /> [ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480<br /> [ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000<br /> [ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000<br /> [ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080<br /> [ 5889.378857] Call trace:<br /> [ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]<br /> [ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3]<br /> [ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3]<br /> [ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3]<br /> [ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3]<br /> [ 5889.411084] napi_poll+0xcc/0x264<br /> [ 5889.415329] net_rx_action+0xd4/0x21c<br /> [ 5889.419911] __do_softirq+0x130/0x358<br /> [ 5889.424484] irq_exit+0x134/0x154<br /> [ 5889.428700] __handle_domain_irq+0x88/0xf0<br /> [ 5889.433684] gic_handle_irq+0x78/0x2c0<br /> [ 5889.438319] el1_irq+0xb8/0x140<br /> [ 5889.442354] arch_cpu_idle+0x18/0x40<br /> [ 5889.446816] default_idle_call+0x5c/0x1c0<br /> [ 5889.451714] cpuidle_idle_call+0x174/0x1b0<br /> [ 5889.456692] do_idle+0xc8/0x160<br /> [ 5889.460717] cpu_startup_entry+0x30/0xfc<br /> [ 5889.465523] secondary_start_kernel+0x158/0x1ec<br /> [ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)<br /> [ 5889.477950] SMP: stopping secondary CPUs<br /> [ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95<br /> [ 5890.522951] Starting crashdump kernel...