From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Kyungwook Boo <bookyungwook@gmail.com>,
Edward Cree <ecree.xilinx@gmail.com>,
Michal Swiatkowski <michal.swiatkowski@linux.intel.com>,
Jakub Kicinski <kuba@kernel.org>, Amelia Crate <acrate@waldn.net>
Subject: [PATCH 6.12 40/40] sfc: fix NULL dereferences in ef100_process_design_param()
Date: Fri, 31 Oct 2025 15:01:33 +0100 [thread overview]
Message-ID: <20251031140044.991280569@linuxfoundation.org> (raw)
In-Reply-To: <20251031140043.939381518@linuxfoundation.org>
6.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Cree <ecree.xilinx@gmail.com>
[ Upstream commit 8241ecec1cdc6699ae197d52d58e76bddd995fa5 ]
Since cited commit, ef100_probe_main() and hence also
ef100_check_design_params() run before efx->net_dev is created;
consequently, we cannot netif_set_tso_max_size() or _segs() at this
point.
Move those netif calls to ef100_probe_netdev(), and also replace
netif_err within the design params code with pci_err.
Reported-by: Kyungwook Boo <bookyungwook@gmail.com>
Fixes: 98ff4c7c8ac7 ("sfc: Separate netdev probe/remove from PCI probe/remove")
Signed-off-by: Edward Cree <ecree.xilinx@gmail.com>
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Link: https://patch.msgid.link/20250401225439.2401047-1-edward.cree@amd.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Amelia Crate <acrate@waldn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/sfc/ef100_netdev.c | 6 ++--
drivers/net/ethernet/sfc/ef100_nic.c | 47 ++++++++++++++------------------
2 files changed, 24 insertions(+), 29 deletions(-)
--- a/drivers/net/ethernet/sfc/ef100_netdev.c
+++ b/drivers/net/ethernet/sfc/ef100_netdev.c
@@ -450,8 +450,9 @@ int ef100_probe_netdev(struct efx_probe_
net_dev->hw_enc_features |= efx->type->offload_features;
net_dev->vlan_features |= NETIF_F_HW_CSUM | NETIF_F_SG |
NETIF_F_HIGHDMA | NETIF_F_ALL_TSO;
- netif_set_tso_max_segs(net_dev,
- ESE_EF100_DP_GZ_TSO_MAX_HDR_NUM_SEGS_DEFAULT);
+ nic_data = efx->nic_data;
+ netif_set_tso_max_size(efx->net_dev, nic_data->tso_max_payload_len);
+ netif_set_tso_max_segs(efx->net_dev, nic_data->tso_max_payload_num_segs);
efx->mdio.dev = net_dev;
rc = efx_ef100_init_datapath_caps(efx);
@@ -478,7 +479,6 @@ int ef100_probe_netdev(struct efx_probe_
/* Don't fail init if RSS setup doesn't work. */
efx_mcdi_push_default_indir_table(efx, efx->n_rx_channels);
- nic_data = efx->nic_data;
rc = ef100_get_mac_address(efx, net_dev->perm_addr, CLIENT_HANDLE_SELF,
efx->type->is_vf);
if (rc)
--- a/drivers/net/ethernet/sfc/ef100_nic.c
+++ b/drivers/net/ethernet/sfc/ef100_nic.c
@@ -887,8 +887,7 @@ static int ef100_process_design_param(st
case ESE_EF100_DP_GZ_TSO_MAX_HDR_NUM_SEGS:
/* We always put HDR_NUM_SEGS=1 in our TSO descriptors */
if (!reader->value) {
- netif_err(efx, probe, efx->net_dev,
- "TSO_MAX_HDR_NUM_SEGS < 1\n");
+ pci_err(efx->pci_dev, "TSO_MAX_HDR_NUM_SEGS < 1\n");
return -EOPNOTSUPP;
}
return 0;
@@ -901,32 +900,28 @@ static int ef100_process_design_param(st
*/
if (!reader->value || reader->value > EFX_MIN_DMAQ_SIZE ||
EFX_MIN_DMAQ_SIZE % (u32)reader->value) {
- netif_err(efx, probe, efx->net_dev,
- "%s size granularity is %llu, can't guarantee safety\n",
- reader->type == ESE_EF100_DP_GZ_RXQ_SIZE_GRANULARITY ? "RXQ" : "TXQ",
- reader->value);
+ pci_err(efx->pci_dev,
+ "%s size granularity is %llu, can't guarantee safety\n",
+ reader->type == ESE_EF100_DP_GZ_RXQ_SIZE_GRANULARITY ? "RXQ" : "TXQ",
+ reader->value);
return -EOPNOTSUPP;
}
return 0;
case ESE_EF100_DP_GZ_TSO_MAX_PAYLOAD_LEN:
nic_data->tso_max_payload_len = min_t(u64, reader->value,
GSO_LEGACY_MAX_SIZE);
- netif_set_tso_max_size(efx->net_dev,
- nic_data->tso_max_payload_len);
return 0;
case ESE_EF100_DP_GZ_TSO_MAX_PAYLOAD_NUM_SEGS:
nic_data->tso_max_payload_num_segs = min_t(u64, reader->value, 0xffff);
- netif_set_tso_max_segs(efx->net_dev,
- nic_data->tso_max_payload_num_segs);
return 0;
case ESE_EF100_DP_GZ_TSO_MAX_NUM_FRAMES:
nic_data->tso_max_frames = min_t(u64, reader->value, 0xffff);
return 0;
case ESE_EF100_DP_GZ_COMPAT:
if (reader->value) {
- netif_err(efx, probe, efx->net_dev,
- "DP_COMPAT has unknown bits %#llx, driver not compatible with this hw\n",
- reader->value);
+ pci_err(efx->pci_dev,
+ "DP_COMPAT has unknown bits %#llx, driver not compatible with this hw\n",
+ reader->value);
return -EOPNOTSUPP;
}
return 0;
@@ -946,10 +941,10 @@ static int ef100_process_design_param(st
* So the value of this shouldn't matter.
*/
if (reader->value != ESE_EF100_DP_GZ_VI_STRIDES_DEFAULT)
- netif_dbg(efx, probe, efx->net_dev,
- "NIC has other than default VI_STRIDES (mask "
- "%#llx), early probing might use wrong one\n",
- reader->value);
+ pci_dbg(efx->pci_dev,
+ "NIC has other than default VI_STRIDES (mask "
+ "%#llx), early probing might use wrong one\n",
+ reader->value);
return 0;
case ESE_EF100_DP_GZ_RX_MAX_RUNT:
/* Driver doesn't look at L2_STATUS:LEN_ERR bit, so we don't
@@ -961,9 +956,9 @@ static int ef100_process_design_param(st
/* Host interface says "Drivers should ignore design parameters
* that they do not recognise."
*/
- netif_dbg(efx, probe, efx->net_dev,
- "Ignoring unrecognised design parameter %u\n",
- reader->type);
+ pci_dbg(efx->pci_dev,
+ "Ignoring unrecognised design parameter %u\n",
+ reader->type);
return 0;
}
}
@@ -999,13 +994,13 @@ static int ef100_check_design_params(str
*/
if (reader.state != EF100_TLV_TYPE) {
if (reader.state == EF100_TLV_TYPE_CONT)
- netif_err(efx, probe, efx->net_dev,
- "truncated design parameter (incomplete type %u)\n",
- reader.type);
+ pci_err(efx->pci_dev,
+ "truncated design parameter (incomplete type %u)\n",
+ reader.type);
else
- netif_err(efx, probe, efx->net_dev,
- "truncated design parameter %u\n",
- reader.type);
+ pci_err(efx->pci_dev,
+ "truncated design parameter %u\n",
+ reader.type);
rc = -EIO;
}
out:
next prev parent reply other threads:[~2025-10-31 14:05 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 14:00 [PATCH 6.12 00/40] 6.12.57-rc1 review Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 01/40] net/sched: sch_qfq: Fix null-deref in agg_dequeue Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 02/40] audit: record fanotify event regardless of presence of rules Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 03/40] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 04/40] perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 05/40] perf: Have get_perf_callchain() return NULL if crosstask and user are set Greg Kroah-Hartman
2025-10-31 14:00 ` [PATCH 6.12 06/40] perf: Skip user unwind if the task is a kernel thread Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 07/40] seccomp: passthrough uprobe systemcall without filtering Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 08/40] x86/bugs: Report correct retbleed mitigation status Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 09/40] x86/bugs: Fix reporting of LFENCE retpoline Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 10/40] EDAC/mc_sysfs: Increase legacy channel support to 16 Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 11/40] cpuset: Use new excpus for nocpu error check when enabling root partition Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 12/40] btrfs: abort transaction on specific error places when walking log tree Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 13/40] btrfs: abort transaction in the process_one_buffer() log tree walk callback Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 14/40] btrfs: zoned: return error from btrfs_zone_finish_endio() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 15/40] btrfs: zoned: refine extent allocator hint selection Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 16/40] btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 17/40] btrfs: always drop log root tree reference in btrfs_replay_log() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 18/40] btrfs: use level argument in log tree walk callback replay_one_buffer() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 19/40] btrfs: abort transaction if we fail to update inode in log replay dir fixup Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 20/40] btrfs: tree-checker: add inode extref checks Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 21/40] btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 22/40] sched_ext: Make qmap dump operation non-destructive Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 23/40] arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 24/40] docs: kdoc: handle the obsolescensce of docutils.ErrorString() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 25/40] selftests: mptcp: disable add_addr retrans in endpoint_tests Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 26/40] selftests: mptcp: join: mark delete re-add signal as skipped if not supported Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 27/40] mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 28/40] f2fs: fix to avoid panic once fallocation fails for pinfile Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 29/40] wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 30/40] bonding: return detailed error when loading native XDP fails Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 31/40] bonding: check xdp prog when set bond mode Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 32/40] bits: add comments and newlines to #if, #else and #endif directives Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 33/40] bits: introduce fixed-type GENMASK_U*() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 34/40] gpio: regmap: Allow to allocate regmap-irq device Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 35/40] gpio: regmap: add the .fixed_direction_output configuration parameter Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 36/40] gpio: idio-16: Define fixed direction of the GPIO lines Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 37/40] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 38/40] wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() Greg Kroah-Hartman
2025-10-31 14:01 ` [PATCH 6.12 39/40] udmabuf: fix a buf size overflow issue during udmabuf creation Greg Kroah-Hartman
2025-10-31 14:01 ` Greg Kroah-Hartman [this message]
2025-10-31 15:57 ` [PATCH 6.12 00/40] 6.12.57-rc1 review Peter Schneider
2025-11-01 5:10 ` Dileep malepu
2025-10-31 19:11 ` Brett Mastbergen
2025-10-31 19:34 ` Jon Hunter
2025-10-31 20:39 ` Pavel Machek
2025-10-31 22:35 ` Shuah Khan
2025-11-01 9:51 ` Naresh Kamboju
2025-11-01 11:44 ` Ron Economos
2025-11-01 19:31 ` Brett A C Sheffield
2025-11-01 21:09 ` Miguel Ojeda
2025-11-03 16:50 ` Florian Fainelli
2025-11-13 3:02 ` Guenter Roeck
2025-11-13 20:32 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031140044.991280569@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=acrate@waldn.net \
--cc=bookyungwook@gmail.com \
--cc=ecree.xilinx@gmail.com \
--cc=kuba@kernel.org \
--cc=michal.swiatkowski@linux.intel.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).