lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210602121238.12693-3-qiangqing.zhang@nxp.com>
Date:   Wed,  2 Jun 2021 20:12:37 +0800
From:   Joakim Zhang <qiangqing.zhang@....com>
To:     davem@...emloft.net, kuba@...nel.org, peppe.cavallaro@...com,
        alexandre.torgue@...s.st.com, joabreu@...opsys.com,
        mcoquelin.stm32@...il.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com,
        linux-arm-kernel@...ts.infradead.org, linux-imx@....com
Subject: [PATCH net 2/3] net: stmmac: avoid kernel panic in tc_setup_taprio()

Use linux tc command to setup the taprio with hardware offload enabled,
in some circumstances when taprio parameter error causing the taprio_init
failure in qdisc_create(), then cause taprio_destroy() which call
tc_setup_taprio() in the stmmac_tc.c and panic on the un-allocated
est structure as below.

[ 15.417444] 003: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 15.417455] 003: Mem abort info:
[ 15.417457] 003: ESR = 0x96000044
[ 15.417460] 003: EC = 0x25: DABT (current EL), IL = 32 bits
[ 15.417464] 003: SET = 0, FnV = 0
[ 15.417467] 003: EA = 0, S1PTW = 0
[ 15.417469] 003: Data abort info:
[ 15.417471] 003: ISV = 0, ISS = 0x00000044
[ 15.417474] 003: CM = 0, WnR = 1
[ 15.417487] 003: Internal
[ 15.417476] 003: user pgtable: 4k pages, 48-bit VAs, pgdp=00000001b71c4000 error: Oops: 96000044 [#1] PREEMPT SMP
[ 15.417482] 003: [0000000000000000] pgd=0000000000000000
[ 15.417487] 003: Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 15.417492] 003: Modules linked in:
[ 15.417494] 003: CPU: 3 PID: 836 Comm: tc Not tainted 5.4.24-rt15-00033-gdb22403-dirty #3
[ 15.417499] 003: Hardware name: NXP i.MX8MPlus EVK board (DT)
[ 15.417501] 003: pstate: 80000005 (Nzcv daif -PAN -UAO)
[ 15.417504] 003: pc : tc_setup_taprio+0x1b8/0x390
[ 15.417514] 003: lr : stmmac_setup_tc+0xa0/0x3b4
[ 15.417519] 003: sp : ffff8000126c3760
[ 15.417521] 003: x29: ffff8000126c3760 x28: ffff000177712400
[ 15.417526] 003: x27: ffff000176e4b000 x26: ffff8000126c392c
[ 15.417530] 003: x25: 00000000ffffffff x24: ffff800011f903b0
[ 15.417534] 003: x23: ffff8000126c3a80 x22: 0000000000000018
[ 15.417537] 003: x21: ffff000177040080 x20: 0000000000000000
[ 15.417541] 003: x19: ffff000177044840 x18: 0000000000000000
[ 15.417544] 003: x17: 0000000000000000 x16: 0000000000000000
[ 15.417547] 003: x15: 0000000000000000 x14: 000186a000040008
[ 15.417551] 003: x13: ffff8000114db3d8 x12: 0000000000000020
[ 15.417554] 003: x11: 0000000000000030 x10: 0000000000000000
[ 15.417558] 003: x9 : 0000000000000000 x8 : ffff00017088ee00
[ 15.417563] 003: x7 : 0000000000000000 x6 : 000000000000003f
[ 15.417566] 003: x5 : 0000000000000040 x4 : 0000000000000000
[ 15.417570] 003: x3 : ffff800010b94d74 x2 : 0000000000000001
[ 15.417573] 003: x1 : 0000000000000000 x0 : 0000000000000000
[ 15.417576] 003: Call trace:
[ 15.417578] 003: tc_setup_taprio+0x1b8/0x390
[ 15.417581] 003: stmmac_setup_tc+0xa0/0x3b4
[ 15.417585] 003: taprio_disable_offload.isra.30+0x78/0xe8
[ 15.417590] 003: taprio_destroy+0x80/0x11c
[ 15.417592] 003: qdisc_create+0x408/0x4c8
[ 15.417597] 003: tc_modify_qdisc+0x1e0/0x688
[ 15.417600] 003: rtnetlink_rcv_msg+0x120/0x330
[ 15.417603] 003: netlink_rcv_skb+0xec/0x12c
[ 15.417607] 003: rtnetlink_rcv+0x28/0x34
[ 15.417609] 003: netlink_unicast+0x18c/0x21c
[ 15.417612] 003: netlink_sendmsg+0x27c/0x360
[ 15.417616] 003: ____sys_sendmsg+0x284/0x2b4
[ 15.417620] 003: ___sys_sendmsg+0x90/0xd0
[ 15.417623] 003: __sys_sendmsg+0x78/0xd0
[ 15.417626] 003: __arm64_sys_sendmsg+0x2c/0x38
[ 15.417629] 003: el0_svc_common.constprop.2+0xd8/0x178
[ 15.417633] 003: el0_svc_handler+0x34/0x9c
[ 15.417635] 003: el0_svc+0x8/0xc

Fixes: b60189e0392f ("net: stmmac: Integrate EST with TAPRIO scheduler API")
Signed-off-by: Joakim Zhang <qiangqing.zhang@....com>
---
 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
index 4e70efc45458..dbd1320c2597 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c
@@ -862,9 +862,11 @@ static int tc_setup_taprio(struct stmmac_priv *priv,
 	return 0;
 
 disable:
-	priv->plat->est->enable = false;
-	stmmac_est_configure(priv, priv->ioaddr, priv->plat->est,
-			     priv->plat->clk_ptp_rate);
+	if (priv->plat->est) {
+		priv->plat->est->enable = false;
+		stmmac_est_configure(priv, priv->ioaddr, priv->plat->est,
+				     priv->plat->clk_ptp_rate);
+	}
 
 	priv->plat->fpe_cfg->enable = false;
 	stmmac_fpe_configure(priv, priv->ioaddr,
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ