* [PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state()
@ 2024-10-08 9:18 dillon.minfei
2024-10-08 9:24 ` Wei Fang
0 siblings, 1 reply; 3+ messages in thread
From: dillon.minfei @ 2024-10-08 9:18 UTC (permalink / raw)
To: wei.fang, shenwei.wang, xiaoning.wang, davem, edumazet, kuba,
pabeni, u.kleine-koenig, csokas.bence
Cc: imx, netdev, linux-kernel, Dillon Min
From: Dillon Min <dillon.minfei@gmail.com>
fec_ptp_init() called at probe stage when 'bufdesc_ex' is true.
so, need add 'bufdesc_ex' check before call fec_ptp_save_state(),
else 'tmreg_lock' will not be init by spin_lock_init().
run into kernel panic:
[ 5.735628] Hardware name: Freescale MXS (Device Tree)
[ 5.740816] Call trace:
[ 5.740853] unwind_backtrace from show_stack+0x10/0x14
[ 5.748788] show_stack from dump_stack_lvl+0x44/0x60
[ 5.753970] dump_stack_lvl from register_lock_class+0x80c/0x888
[ 5.760098] register_lock_class from __lock_acquire+0x94/0x2b84
[ 5.766213] __lock_acquire from lock_acquire+0xe0/0x2e0
[ 5.771630] lock_acquire from _raw_spin_lock_irqsave+0x5c/0x78
[ 5.777666] _raw_spin_lock_irqsave from fec_ptp_save_state+0x14/0x68
[ 5.784226] fec_ptp_save_state from fec_restart+0x2c/0x778
[ 5.789910] fec_restart from fec_probe+0xc68/0x15e0
[ 5.794977] fec_probe from platform_probe+0x58/0xb0
[ 5.800059] platform_probe from really_probe+0xc4/0x2cc
[ 5.805473] really_probe from __driver_probe_device+0x84/0x19c
[ 5.811482] __driver_probe_device from driver_probe_device+0x30/0x110
[ 5.818103] driver_probe_device from __driver_attach+0x94/0x18c
[ 5.824200] __driver_attach from bus_for_each_dev+0x70/0xc4
[ 5.829979] bus_for_each_dev from bus_add_driver+0xc4/0x1ec
[ 5.835762] bus_add_driver from driver_register+0x7c/0x114
[ 5.841444] driver_register from do_one_initcall+0x4c/0x224
[ 5.847205] do_one_initcall from kernel_init_freeable+0x198/0x224
[ 5.853502] kernel_init_freeable from kernel_init+0x10/0x108
[ 5.859370] kernel_init from ret_from_fork+0x14/0x38
[ 5.864524] Exception stack(0xc4819fb0 to 0xc4819ff8)
[ 5.869650] 9fa0: 00000000 00000000 00000000 00000000
[ 5.877901] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 5.886148] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 5.892838] 8<--- cut here ---
[ 5.895948] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
Fixes: a1477dc87dc4 ("net: fec: Restart PPS after link state change")
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
---
drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index 60fb54231ead..1b55047c0237 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -1077,7 +1077,8 @@ fec_restart(struct net_device *ndev)
u32 rcntl = OPT_FRAME_SIZE | 0x04;
u32 ecntl = FEC_ECR_ETHEREN;
- fec_ptp_save_state(fep);
+ if (fep->bufdesc_ex)
+ fec_ptp_save_state(fep);
/* Whack a reset. We should wait for this.
* For i.MX6SX SOC, enet use AXI bus, we use disable MAC
@@ -1340,7 +1341,8 @@ fec_stop(struct net_device *ndev)
netdev_err(ndev, "Graceful transmit stop did not complete!\n");
}
- fec_ptp_save_state(fep);
+ if (fep->bufdesc_ex)
+ fec_ptp_save_state(fep);
/* Whack a reset. We should wait for this.
* For i.MX6SX SOC, enet use AXI bus, we use disable MAC
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state()
2024-10-08 9:18 [PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state() dillon.minfei
@ 2024-10-08 9:24 ` Wei Fang
2024-10-08 9:28 ` Dillon Min
0 siblings, 1 reply; 3+ messages in thread
From: Wei Fang @ 2024-10-08 9:24 UTC (permalink / raw)
To: dillon.minfei@gmail.com
Cc: imx@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, Shenwei Wang, Clark Wang,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, u.kleine-koenig@baylibre.com,
csokas.bence@prolan.hu
> -----Original Message-----
> From: dillon.minfei@gmail.com <dillon.minfei@gmail.com>
> Sent: 2024年10月8日 17:18
> To: Wei Fang <wei.fang@nxp.com>; Shenwei Wang <shenwei.wang@nxp.com>;
> Clark Wang <xiaoning.wang@nxp.com>; davem@davemloft.net;
> edumazet@google.com; kuba@kernel.org; pabeni@redhat.com;
> u.kleine-koenig@baylibre.com; csokas.bence@prolan.hu
> Cc: imx@lists.linux.dev; netdev@vger.kernel.org; linux-kernel@vger.kernel.org;
> Dillon Min <dillon.minfei@gmail.com>
> Subject: [PATCH v1] net: ethernet: fix NULL pointer dereference at
> fec_ptp_save_state()
>
> From: Dillon Min <dillon.minfei@gmail.com>
>
> fec_ptp_init() called at probe stage when 'bufdesc_ex' is true.
> so, need add 'bufdesc_ex' check before call fec_ptp_save_state(), else
> 'tmreg_lock' will not be init by spin_lock_init().
>
> run into kernel panic:
> [ 5.735628] Hardware name: Freescale MXS (Device Tree)
> [ 5.740816] Call trace:
> [ 5.740853] unwind_backtrace from show_stack+0x10/0x14
> [ 5.748788] show_stack from dump_stack_lvl+0x44/0x60
> [ 5.753970] dump_stack_lvl from register_lock_class+0x80c/0x888
> [ 5.760098] register_lock_class from __lock_acquire+0x94/0x2b84
> [ 5.766213] __lock_acquire from lock_acquire+0xe0/0x2e0
> [ 5.771630] lock_acquire from _raw_spin_lock_irqsave+0x5c/0x78
> [ 5.777666] _raw_spin_lock_irqsave from fec_ptp_save_state+0x14/0x68
> [ 5.784226] fec_ptp_save_state from fec_restart+0x2c/0x778
> [ 5.789910] fec_restart from fec_probe+0xc68/0x15e0
> [ 5.794977] fec_probe from platform_probe+0x58/0xb0
> [ 5.800059] platform_probe from really_probe+0xc4/0x2cc
> [ 5.805473] really_probe from __driver_probe_device+0x84/0x19c
> [ 5.811482] __driver_probe_device from
> driver_probe_device+0x30/0x110
> [ 5.818103] driver_probe_device from __driver_attach+0x94/0x18c
> [ 5.824200] __driver_attach from bus_for_each_dev+0x70/0xc4
> [ 5.829979] bus_for_each_dev from bus_add_driver+0xc4/0x1ec
> [ 5.835762] bus_add_driver from driver_register+0x7c/0x114
> [ 5.841444] driver_register from do_one_initcall+0x4c/0x224
> [ 5.847205] do_one_initcall from kernel_init_freeable+0x198/0x224
> [ 5.853502] kernel_init_freeable from kernel_init+0x10/0x108
> [ 5.859370] kernel_init from ret_from_fork+0x14/0x38
> [ 5.864524] Exception stack(0xc4819fb0 to 0xc4819ff8)
> [ 5.869650] 9fa0: 00000000
> 00000000 00000000 00000000
> [ 5.877901] 9fc0: 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000 00000000
> [ 5.886148] 9fe0: 00000000 00000000 00000000 00000000 00000013
> 00000000
> [ 5.892838] 8<--- cut here ---
> [ 5.895948] Unable to handle kernel NULL pointer dereference at virtual
> address 00000000 when read
>
> Fixes: a1477dc87dc4 ("net: fec: Restart PPS after link state change")
> Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
> ---
> drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/freescale/fec_main.c
> b/drivers/net/ethernet/freescale/fec_main.c
> index 60fb54231ead..1b55047c0237 100644
> --- a/drivers/net/ethernet/freescale/fec_main.c
> +++ b/drivers/net/ethernet/freescale/fec_main.c
> @@ -1077,7 +1077,8 @@ fec_restart(struct net_device *ndev)
> u32 rcntl = OPT_FRAME_SIZE | 0x04;
> u32 ecntl = FEC_ECR_ETHEREN;
>
> - fec_ptp_save_state(fep);
> + if (fep->bufdesc_ex)
> + fec_ptp_save_state(fep);
>
> /* Whack a reset. We should wait for this.
> * For i.MX6SX SOC, enet use AXI bus, we use disable MAC @@ -1340,7
> +1341,8 @@ fec_stop(struct net_device *ndev)
> netdev_err(ndev, "Graceful transmit stop did not complete!\n");
> }
>
> - fec_ptp_save_state(fep);
> + if (fep->bufdesc_ex)
> + fec_ptp_save_state(fep);
>
> /* Whack a reset. We should wait for this.
> * For i.MX6SX SOC, enet use AXI bus, we use disable MAC
> --
> 2.25.1
Hi Dillon,
I have sent the same patch this morning.
https://lore.kernel.org/lkml/20241008061153.1977930-1-wei.fang@nxp.com/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state()
2024-10-08 9:24 ` Wei Fang
@ 2024-10-08 9:28 ` Dillon Min
0 siblings, 0 replies; 3+ messages in thread
From: Dillon Min @ 2024-10-08 9:28 UTC (permalink / raw)
To: Wei Fang
Cc: imx@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, Shenwei Wang, Clark Wang,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, u.kleine-koenig@baylibre.com,
csokas.bence@prolan.hu
Hi Wei
Ok, Thanks, just ignore this patch.
Br.
On Tue, 8 Oct 2024 at 17:24, Wei Fang <wei.fang@nxp.com> wrote:
>
> > -----Original Message-----
> > From: dillon.minfei@gmail.com <dillon.minfei@gmail.com>
> > Sent: 2024年10月8日 17:18
> > To: Wei Fang <wei.fang@nxp.com>; Shenwei Wang <shenwei.wang@nxp.com>;
> > Clark Wang <xiaoning.wang@nxp.com>; davem@davemloft.net;
> > edumazet@google.com; kuba@kernel.org; pabeni@redhat.com;
> > u.kleine-koenig@baylibre.com; csokas.bence@prolan.hu
> > Cc: imx@lists.linux.dev; netdev@vger.kernel.org; linux-kernel@vger.kernel.org;
> > Dillon Min <dillon.minfei@gmail.com>
> > Subject: [PATCH v1] net: ethernet: fix NULL pointer dereference at
> > fec_ptp_save_state()
> >
> > From: Dillon Min <dillon.minfei@gmail.com>
> >
> > fec_ptp_init() called at probe stage when 'bufdesc_ex' is true.
> > so, need add 'bufdesc_ex' check before call fec_ptp_save_state(), else
> > 'tmreg_lock' will not be init by spin_lock_init().
> >
> > run into kernel panic:
> > [ 5.735628] Hardware name: Freescale MXS (Device Tree)
> > [ 5.740816] Call trace:
> > [ 5.740853] unwind_backtrace from show_stack+0x10/0x14
> > [ 5.748788] show_stack from dump_stack_lvl+0x44/0x60
> > [ 5.753970] dump_stack_lvl from register_lock_class+0x80c/0x888
> > [ 5.760098] register_lock_class from __lock_acquire+0x94/0x2b84
> > [ 5.766213] __lock_acquire from lock_acquire+0xe0/0x2e0
> > [ 5.771630] lock_acquire from _raw_spin_lock_irqsave+0x5c/0x78
> > [ 5.777666] _raw_spin_lock_irqsave from fec_ptp_save_state+0x14/0x68
> > [ 5.784226] fec_ptp_save_state from fec_restart+0x2c/0x778
> > [ 5.789910] fec_restart from fec_probe+0xc68/0x15e0
> > [ 5.794977] fec_probe from platform_probe+0x58/0xb0
> > [ 5.800059] platform_probe from really_probe+0xc4/0x2cc
> > [ 5.805473] really_probe from __driver_probe_device+0x84/0x19c
> > [ 5.811482] __driver_probe_device from
> > driver_probe_device+0x30/0x110
> > [ 5.818103] driver_probe_device from __driver_attach+0x94/0x18c
> > [ 5.824200] __driver_attach from bus_for_each_dev+0x70/0xc4
> > [ 5.829979] bus_for_each_dev from bus_add_driver+0xc4/0x1ec
> > [ 5.835762] bus_add_driver from driver_register+0x7c/0x114
> > [ 5.841444] driver_register from do_one_initcall+0x4c/0x224
> > [ 5.847205] do_one_initcall from kernel_init_freeable+0x198/0x224
> > [ 5.853502] kernel_init_freeable from kernel_init+0x10/0x108
> > [ 5.859370] kernel_init from ret_from_fork+0x14/0x38
> > [ 5.864524] Exception stack(0xc4819fb0 to 0xc4819ff8)
> > [ 5.869650] 9fa0: 00000000
> > 00000000 00000000 00000000
> > [ 5.877901] 9fc0: 00000000 00000000 00000000 00000000 00000000
> > 00000000 00000000 00000000
> > [ 5.886148] 9fe0: 00000000 00000000 00000000 00000000 00000013
> > 00000000
> > [ 5.892838] 8<--- cut here ---
> > [ 5.895948] Unable to handle kernel NULL pointer dereference at virtual
> > address 00000000 when read
> >
> > Fixes: a1477dc87dc4 ("net: fec: Restart PPS after link state change")
> > Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
> > ---
> > drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/freescale/fec_main.c
> > b/drivers/net/ethernet/freescale/fec_main.c
> > index 60fb54231ead..1b55047c0237 100644
> > --- a/drivers/net/ethernet/freescale/fec_main.c
> > +++ b/drivers/net/ethernet/freescale/fec_main.c
> > @@ -1077,7 +1077,8 @@ fec_restart(struct net_device *ndev)
> > u32 rcntl = OPT_FRAME_SIZE | 0x04;
> > u32 ecntl = FEC_ECR_ETHEREN;
> >
> > - fec_ptp_save_state(fep);
> > + if (fep->bufdesc_ex)
> > + fec_ptp_save_state(fep);
> >
> > /* Whack a reset. We should wait for this.
> > * For i.MX6SX SOC, enet use AXI bus, we use disable MAC @@ -1340,7
> > +1341,8 @@ fec_stop(struct net_device *ndev)
> > netdev_err(ndev, "Graceful transmit stop did not complete!\n");
> > }
> >
> > - fec_ptp_save_state(fep);
> > + if (fep->bufdesc_ex)
> > + fec_ptp_save_state(fep);
> >
> > /* Whack a reset. We should wait for this.
> > * For i.MX6SX SOC, enet use AXI bus, we use disable MAC
> > --
> > 2.25.1
>
> Hi Dillon,
>
> I have sent the same patch this morning.
> https://lore.kernel.org/lkml/20241008061153.1977930-1-wei.fang@nxp.com/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-10-08 9:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-08 9:18 [PATCH v1] net: ethernet: fix NULL pointer dereference at fec_ptp_save_state() dillon.minfei
2024-10-08 9:24 ` Wei Fang
2024-10-08 9:28 ` Dillon Min
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).