| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<PAXPR04MB85106420DA87BA00EF755A85887E2@PAXPR04MB8510.eurprd04.prod.outlook.com>
Date: Tue, 8 Oct 2024 09:24:37 +0000
From: Wei Fang <wei.fang@....com>
To: "dillon.minfei@...il.com" <dillon.minfei@...il.com>
CC: "imx@...ts.linux.dev" <imx@...ts.linux.dev>, "netdev@...r.kernel.org"
<netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, Shenwei Wang <shenwei.wang@....com>, Clark
Wang <xiaoning.wang@....com>, "davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>, "kuba@...nel.org"
<kuba@...nel.org>, "pabeni@...hat.com" <pabeni@...hat.com>,
"u.kleine-koenig@...libre.com" <u.kleine-koenig@...libre.com>,
"csokas.bence@...lan.hu" <csokas.bence@...lan.hu>
Subject: RE: [PATCH v1] net: ethernet: fix NULL pointer dereference at
fec_ptp_save_state()
> -----Original Message-----
> From: dillon.minfei@...il.com <dillon.minfei@...il.com>
> Sent: 2024年10月8日 17:18
> To: Wei Fang <wei.fang@....com>; Shenwei Wang <shenwei.wang@....com>;
> Clark Wang <xiaoning.wang@....com>; davem@...emloft.net;
> edumazet@...gle.com; kuba@...nel.org; pabeni@...hat.com;
> u.kleine-koenig@...libre.com; csokas.bence@...lan.hu
> Cc: imx@...ts.linux.dev; netdev@...r.kernel.org; linux-kernel@...r.kernel.org;
> Dillon Min <dillon.minfei@...il.com>
> Subject: [PATCH v1] net: ethernet: fix NULL pointer dereference at
> fec_ptp_save_state()
>
> From: Dillon Min <dillon.minfei@...il.com>
>
> fec_ptp_init() called at probe stage when 'bufdesc_ex' is true.
> so, need add 'bufdesc_ex' check before call fec_ptp_save_state(), else
> 'tmreg_lock' will not be init by spin_lock_init().
>
> run into kernel panic:
> [ 5.735628] Hardware name: Freescale MXS (Device Tree)
> [ 5.740816] Call trace:
> [ 5.740853] unwind_backtrace from show_stack+0x10/0x14
> [ 5.748788] show_stack from dump_stack_lvl+0x44/0x60
> [ 5.753970] dump_stack_lvl from register_lock_class+0x80c/0x888
> [ 5.760098] register_lock_class from __lock_acquire+0x94/0x2b84
> [ 5.766213] __lock_acquire from lock_acquire+0xe0/0x2e0
> [ 5.771630] lock_acquire from _raw_spin_lock_irqsave+0x5c/0x78
> [ 5.777666] _raw_spin_lock_irqsave from fec_ptp_save_state+0x14/0x68
> [ 5.784226] fec_ptp_save_state from fec_restart+0x2c/0x778
> [ 5.789910] fec_restart from fec_probe+0xc68/0x15e0
> [ 5.794977] fec_probe from platform_probe+0x58/0xb0
> [ 5.800059] platform_probe from really_probe+0xc4/0x2cc
> [ 5.805473] really_probe from __driver_probe_device+0x84/0x19c
> [ 5.811482] __driver_probe_device from
> driver_probe_device+0x30/0x110
> [ 5.818103] driver_probe_device from __driver_attach+0x94/0x18c
> [ 5.824200] __driver_attach from bus_for_each_dev+0x70/0xc4
> [ 5.829979] bus_for_each_dev from bus_add_driver+0xc4/0x1ec
> [ 5.835762] bus_add_driver from driver_register+0x7c/0x114
> [ 5.841444] driver_register from do_one_initcall+0x4c/0x224
> [ 5.847205] do_one_initcall from kernel_init_freeable+0x198/0x224
> [ 5.853502] kernel_init_freeable from kernel_init+0x10/0x108
> [ 5.859370] kernel_init from ret_from_fork+0x14/0x38
> [ 5.864524] Exception stack(0xc4819fb0 to 0xc4819ff8)
> [ 5.869650] 9fa0: 00000000
> 00000000 00000000 00000000
> [ 5.877901] 9fc0: 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000 00000000
> [ 5.886148] 9fe0: 00000000 00000000 00000000 00000000 00000013
> 00000000
> [ 5.892838] 8<--- cut here ---
> [ 5.895948] Unable to handle kernel NULL pointer dereference at virtual
> address 00000000 when read
>
> Fixes: a1477dc87dc4 ("net: fec: Restart PPS after link state change")
> Signed-off-by: Dillon Min <dillon.minfei@...il.com>
> ---
> drivers/net/ethernet/freescale/fec_main.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/freescale/fec_main.c
> b/drivers/net/ethernet/freescale/fec_main.c
> index 60fb54231ead..1b55047c0237 100644
> --- a/drivers/net/ethernet/freescale/fec_main.c
> +++ b/drivers/net/ethernet/freescale/fec_main.c
> @@ -1077,7 +1077,8 @@ fec_restart(struct net_device *ndev)
> u32 rcntl = OPT_FRAME_SIZE | 0x04;
> u32 ecntl = FEC_ECR_ETHEREN;
>
> - fec_ptp_save_state(fep);
> + if (fep->bufdesc_ex)
> + fec_ptp_save_state(fep);
>
> /* Whack a reset. We should wait for this.
> * For i.MX6SX SOC, enet use AXI bus, we use disable MAC @@ -1340,7
> +1341,8 @@ fec_stop(struct net_device *ndev)
> netdev_err(ndev, "Graceful transmit stop did not complete!\n");
> }
>
> - fec_ptp_save_state(fep);
> + if (fep->bufdesc_ex)
> + fec_ptp_save_state(fep);
>
> /* Whack a reset. We should wait for this.
> * For i.MX6SX SOC, enet use AXI bus, we use disable MAC
> --
> 2.25.1
Hi Dillon,
I have sent the same patch this morning.
https://lore.kernel.org/lkml/20241008061153.1977930-1-wei.fang@nxp.com/
Powered by blists - more mailing lists